2017-09-09 06:02:59 -04:00
|
|
|
defmodule Pleroma.Web.OAuth.AuthorizationTest do
|
|
|
|
use Pleroma.DataCase
|
|
|
|
alias Pleroma.Web.OAuth.{Authorization, App}
|
|
|
|
import Pleroma.Factory
|
|
|
|
|
|
|
|
test "create an authorization token for a valid app" do
|
2018-03-30 09:01:53 -04:00
|
|
|
{:ok, app} =
|
|
|
|
Repo.insert(
|
|
|
|
App.register_changeset(%App{}, %{
|
|
|
|
client_name: "client",
|
|
|
|
scopes: "scope",
|
|
|
|
redirect_uris: "url"
|
|
|
|
})
|
|
|
|
)
|
|
|
|
|
2017-09-09 06:02:59 -04:00
|
|
|
user = insert(:user)
|
|
|
|
|
|
|
|
{:ok, auth} = Authorization.create_authorization(app, user)
|
|
|
|
|
|
|
|
assert auth.user_id == user.id
|
|
|
|
assert auth.app_id == app.id
|
|
|
|
assert String.length(auth.token) > 10
|
|
|
|
assert auth.used == false
|
|
|
|
end
|
|
|
|
|
|
|
|
test "use up a token" do
|
2018-03-30 09:01:53 -04:00
|
|
|
{:ok, app} =
|
|
|
|
Repo.insert(
|
|
|
|
App.register_changeset(%App{}, %{
|
|
|
|
client_name: "client",
|
|
|
|
scopes: "scope",
|
|
|
|
redirect_uris: "url"
|
|
|
|
})
|
|
|
|
)
|
|
|
|
|
2017-09-09 06:02:59 -04:00
|
|
|
user = insert(:user)
|
|
|
|
|
|
|
|
{:ok, auth} = Authorization.create_authorization(app, user)
|
|
|
|
|
|
|
|
{:ok, auth} = Authorization.use_token(auth)
|
|
|
|
|
|
|
|
assert auth.used == true
|
|
|
|
|
|
|
|
assert {:error, "already used"} == Authorization.use_token(auth)
|
|
|
|
|
|
|
|
expired_auth = %Authorization{
|
|
|
|
user_id: user.id,
|
|
|
|
app_id: app.id,
|
2018-03-30 09:01:53 -04:00
|
|
|
valid_until: NaiveDateTime.add(NaiveDateTime.utc_now(), -10),
|
2017-09-09 06:02:59 -04:00
|
|
|
token: "mytoken",
|
|
|
|
used: false
|
|
|
|
}
|
|
|
|
|
|
|
|
{:ok, expired_auth} = Repo.insert(expired_auth)
|
|
|
|
|
|
|
|
assert {:error, "token expired"} == Authorization.use_token(expired_auth)
|
|
|
|
end
|
2018-10-13 19:45:11 -04:00
|
|
|
|
|
|
|
test "delete authorizations" do
|
|
|
|
{:ok, app} =
|
|
|
|
Repo.insert(
|
|
|
|
App.register_changeset(%App{}, %{
|
|
|
|
client_name: "client",
|
|
|
|
scopes: "scope",
|
|
|
|
redirect_uris: "url"
|
|
|
|
})
|
|
|
|
)
|
|
|
|
|
|
|
|
user = insert(:user)
|
|
|
|
|
|
|
|
{:ok, auth} = Authorization.create_authorization(app, user)
|
|
|
|
{:ok, auth} = Authorization.use_token(auth)
|
|
|
|
|
|
|
|
{auths, _} = Authorization.delete_user_authorizations(user)
|
|
|
|
|
|
|
|
{_, invalid} = Authorization.use_token(auth)
|
|
|
|
|
|
|
|
assert auth != invalid
|
|
|
|
end
|
2017-09-09 06:02:59 -04:00
|
|
|
end
|