From 1a8bc26e52745909d6fc9ca7d04098d0dd247cfa Mon Sep 17 00:00:00 2001 From: Moon Man Date: Wed, 5 Sep 2018 00:21:44 -0400 Subject: [PATCH 01/18] auth against sha512-crypt password hashes, upgrade to pbkdf2 --- lib/pleroma/plugs/authentication_plug.ex | 23 ++++++++++++++++++++++- mix.exs | 3 ++- test/plugs/authentication_plug_test.exs | 28 ++++++++++++++++++++++++++++ 3 files changed, 52 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index 86a514541..616d31df4 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -14,7 +14,17 @@ defmodule Pleroma.Plugs.AuthenticationPlug do {:ok, user} <- opts[:fetcher].(username), false <- !!user.info["deactivated"], saved_user_id <- get_session(conn, :user_id), + legacy_password <- String.starts_with?(user.password_hash, "$6$"), + update_legacy_password <- + !(Map.has_key?(opts, :update_legacy_password) && opts[:update_legacy_password] == false), {:ok, verified_user} <- verify(user, password, saved_user_id) do + if legacy_password and update_legacy_password do + User.reset_password(verified_user, %{ + :password => password, + :password_confirmation => password + }) + end + conn |> assign(:user, verified_user) |> put_session(:user_id, verified_user.id) @@ -34,7 +44,18 @@ defmodule Pleroma.Plugs.AuthenticationPlug do end defp verify(user, password, _user_id) do - if Pbkdf2.checkpw(password, user.password_hash) do + is_legacy = String.starts_with?(user.password_hash, "$6$") + + valid = + cond do + is_legacy -> + :crypt.crypt(password, user.password_hash) == user.password_hash + + true -> + Pbkdf2.checkpw(password, user.password_hash) + end + + if valid do {:ok, user} else :error diff --git a/mix.exs b/mix.exs index 6b95eeec3..cccb6938f 100644 --- a/mix.exs +++ b/mix.exs @@ -50,7 +50,8 @@ defmodule Pleroma.Mixfile do {:ex_aws_s3, "~> 2.0"}, {:ex_machina, "~> 2.2", only: :test}, {:credo, "~> 0.9.3", only: [:dev, :test]}, - {:mock, "~> 0.3.1", only: :test} + {:mock, "~> 0.3.1", only: :test}, + {:crypt, git: "https://github.com/msantos/crypt"} ] end diff --git a/test/plugs/authentication_plug_test.exs b/test/plugs/authentication_plug_test.exs index 729ac8ae5..fd58d6ab4 100644 --- a/test/plugs/authentication_plug_test.exs +++ b/test/plugs/authentication_plug_test.exs @@ -21,6 +21,13 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do info: %{"deactivated" => true} } + @legacy %User{ + id: 1, + name: "dude", + password_hash: + "$6$9psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1" + } + @session_opts [ store: :cookie, key: "_test", @@ -139,6 +146,27 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do assert get_session(conn, :user_id) == @user.id assert conn.halted == false end + + test "it assigns legacy user", %{conn: conn} do + opts = %{ + optional: true, + fetcher: fn _ -> {:ok, @legacy} end, + update_legacy_password: false + } + + header = basic_auth_enc("dude", "password") + + conn = + conn + |> Plug.Session.call(Plug.Session.init(@session_opts)) + |> fetch_session + |> put_req_header("authorization", header) + |> AuthenticationPlug.call(opts) + + assert %{user: @legacy} == conn.assigns + assert get_session(conn, :user_id) == @legacy.id + assert conn.halted == false + end end describe "with a correct authorization header for an deactiviated user" do From 8b020e03a699beb24d054108cf027b3fbbab2267 Mon Sep 17 00:00:00 2001 From: Moon Man Date: Wed, 5 Sep 2018 01:37:48 -0400 Subject: [PATCH 02/18] change cond to if else --- lib/pleroma/plugs/authentication_plug.ex | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index 616d31df4..ffecb403d 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -44,15 +44,11 @@ defmodule Pleroma.Plugs.AuthenticationPlug do end defp verify(user, password, _user_id) do - is_legacy = String.starts_with?(user.password_hash, "$6$") - valid = - cond do - is_legacy -> - :crypt.crypt(password, user.password_hash) == user.password_hash - - true -> - Pbkdf2.checkpw(password, user.password_hash) + if String.starts_with?(user.password_hash, "$6$") do + :crypt.crypt(password, user.password_hash) == user.password_hash + else + Pbkdf2.checkpw(password, user.password_hash) end if valid do From 75bc68dbc1f1064fe7f6e160f878487ed07b2023 Mon Sep 17 00:00:00 2001 From: Moon Man Date: Wed, 5 Sep 2018 02:29:19 -0400 Subject: [PATCH 03/18] pinned crypt dependency to specific commit --- mix.exs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mix.exs b/mix.exs index cccb6938f..24c7108a0 100644 --- a/mix.exs +++ b/mix.exs @@ -51,7 +51,8 @@ defmodule Pleroma.Mixfile do {:ex_machina, "~> 2.2", only: :test}, {:credo, "~> 0.9.3", only: [:dev, :test]}, {:mock, "~> 0.3.1", only: :test}, - {:crypt, git: "https://github.com/msantos/crypt"} + {:crypt, + git: "https://github.com/msantos/crypt", ref: "1f2b58927ab57e72910191a7ebaeff984382a1d3"} ] end From 42bd985e6654a4af55df622753c3f0664e5c6bae Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 17:30:05 +0200 Subject: [PATCH 04/18] Add BasicAuthDecoderPlug --- lib/pleroma/plugs/basic_auth_decoder_plug.ex | 21 +++++++++++++++++++ test/plugs/basic_auth_decoder_plug_test.exs | 31 ++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 lib/pleroma/plugs/basic_auth_decoder_plug.ex create mode 100644 test/plugs/basic_auth_decoder_plug_test.exs diff --git a/lib/pleroma/plugs/basic_auth_decoder_plug.ex b/lib/pleroma/plugs/basic_auth_decoder_plug.ex new file mode 100644 index 000000000..fc8fcee98 --- /dev/null +++ b/lib/pleroma/plugs/basic_auth_decoder_plug.ex @@ -0,0 +1,21 @@ +defmodule Pleroma.Plugs.BasicAuthDecoderPlug do + import Plug.Conn + + def init(options) do + options + end + + def call(conn, opts) do + with ["Basic " <> header] <- get_req_header(conn, "authorization"), + {:ok, userinfo} <- Base.decode64(header), + [username, password] <- String.split(userinfo, ":", parts: 2) do + conn + |> assign(:auth_credentials, %{ + username: username, + password: password + }) + else + _ -> conn + end + end +end diff --git a/test/plugs/basic_auth_decoder_plug_test.exs b/test/plugs/basic_auth_decoder_plug_test.exs new file mode 100644 index 000000000..317f7d167 --- /dev/null +++ b/test/plugs/basic_auth_decoder_plug_test.exs @@ -0,0 +1,31 @@ +defmodule Pleroma.Plugs.AuthenticationPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.BasicAuthDecoderPlug + + defp basic_auth_enc(username, password) do + "Basic " <> Base.encode64("#{username}:#{password}") + end + + test "it puts the decoded credentials into the assigns", %{conn: conn} do + header = basic_auth_enc("moonman", "iloverobek") + + conn = + conn + |> put_req_header("authorization", header) + |> BasicAuthDecoderPlug.call(%{}) + + assert conn.assigns[:auth_credentials] == %{ + username: "moonman", + password: "iloverobek" + } + end + + test "without a authorization header it doesn't do anything", %{conn: conn} do + ret_conn = + conn + |> BasicAuthDecoderPlug.call(%{}) + + assert conn == ret_conn + end +end From faf53477488edfc6ba4268529f9945a494f30aee Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 17:44:38 +0200 Subject: [PATCH 05/18] Add UserFetcherPlug. --- lib/pleroma/plugs/user_fetcher_plug.ex | 34 +++++++++++++++++++++++++++++++ test/plugs/user_fetcher_plug_test.exs | 37 ++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 lib/pleroma/plugs/user_fetcher_plug.ex create mode 100644 test/plugs/user_fetcher_plug_test.exs diff --git a/lib/pleroma/plugs/user_fetcher_plug.ex b/lib/pleroma/plugs/user_fetcher_plug.ex new file mode 100644 index 000000000..9cbaaf40a --- /dev/null +++ b/lib/pleroma/plugs/user_fetcher_plug.ex @@ -0,0 +1,34 @@ +defmodule Pleroma.Plugs.UserFetcherPlug do + import Plug.Conn + alias Pleroma.Repo + alias Pleroma.User + + def init(options) do + options + end + + def call(conn, options) do + with %{auth_credentials: %{username: username}} <- conn.assigns, + {:ok, %User{} = user} <- user_fetcher(username) do + conn + |> assign(:auth_user, user) + else + _ -> conn + end + end + + defp user_fetcher(username_or_email) do + { + :ok, + cond do + # First, try logging in as if it was a name + user = Repo.get_by(User, %{nickname: username_or_email}) -> + user + + # If we get nil, we try using it as an email + user = Repo.get_by(User, %{email: username_or_email}) -> + user + end + } + end +end diff --git a/test/plugs/user_fetcher_plug_test.exs b/test/plugs/user_fetcher_plug_test.exs new file mode 100644 index 000000000..5195a0c4a --- /dev/null +++ b/test/plugs/user_fetcher_plug_test.exs @@ -0,0 +1,37 @@ +defmodule Pleroma.Plugs.UserFetcherPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.UserFetcherPlug + import Pleroma.Factory + + setup do + user = insert(:user) + %{user: user} + end + + test "if an auth_credentials assign is present, it tries to fetch the user and assigns it", %{ + conn: conn, + user: user + } do + conn = + conn + |> assign(:auth_credentials, %{ + username: user.nickname, + password: nil + }) + + conn = + conn + |> UserFetcherPlug.call(%{}) + + assert conn.assigns[:auth_user] == user + end + + test "without a credential assign it doesn't do anything", %{conn: conn} do + ret_conn = + conn + |> UserFetcherPlug.call(%{}) + + assert conn == ret_conn + end +end From 3cf17dc402ceab7f823edc263ad09af7013d0646 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 17:59:19 +0200 Subject: [PATCH 06/18] Add EnsureAuthenticatedPlug --- lib/pleroma/plugs/ensure_authenticated_plug.ex | 19 ++++++++++++++++++ test/plugs/ensure_authenticated_plug_test.exs | 27 ++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 lib/pleroma/plugs/ensure_authenticated_plug.ex create mode 100644 test/plugs/ensure_authenticated_plug_test.exs diff --git a/lib/pleroma/plugs/ensure_authenticated_plug.ex b/lib/pleroma/plugs/ensure_authenticated_plug.ex new file mode 100644 index 000000000..bca44eb2c --- /dev/null +++ b/lib/pleroma/plugs/ensure_authenticated_plug.ex @@ -0,0 +1,19 @@ +defmodule Pleroma.Plugs.EnsureAuthenticatedPlug do + import Plug.Conn + alias Pleroma.User + + def init(options) do + options + end + + def call(%{assigns: %{user: %User{}}} = conn, _) do + conn + end + + def call(conn, _) do + conn + |> put_resp_content_type("application/json") + |> send_resp(403, Jason.encode!(%{error: "Invalid credentials."})) + |> halt + end +end diff --git a/test/plugs/ensure_authenticated_plug_test.exs b/test/plugs/ensure_authenticated_plug_test.exs new file mode 100644 index 000000000..b32817fef --- /dev/null +++ b/test/plugs/ensure_authenticated_plug_test.exs @@ -0,0 +1,27 @@ +defmodule Pleroma.Plugs.EnsureAuthenticatedPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.EnsureAuthenticatedPlug + alias Pleroma.User + + test "it halts if no user is assigned", %{conn: conn} do + conn = + conn + |> EnsureAuthenticatedPlug.call(%{}) + + assert conn.status == 403 + assert conn.halted == true + end + + test "it continues if a user is assigned", %{conn: conn} do + conn = + conn + |> assign(:user, %User{}) + + ret_conn = + conn + |> EnsureAuthenticatedPlug.call(%{}) + + assert ret_conn == conn + end +end From a3f54fca4d67fd7938ae00752c2cd409b6cf15ae Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 18:17:33 +0200 Subject: [PATCH 07/18] Add LegacyAuthenticationPlug --- lib/pleroma/plugs/legacy_authentication_plug.ex | 31 +++++++++++ test/plugs/legacy_authentication_plug_test.exs | 72 +++++++++++++++++++++++++ 2 files changed, 103 insertions(+) create mode 100644 lib/pleroma/plugs/legacy_authentication_plug.ex create mode 100644 test/plugs/legacy_authentication_plug_test.exs diff --git a/lib/pleroma/plugs/legacy_authentication_plug.ex b/lib/pleroma/plugs/legacy_authentication_plug.ex new file mode 100644 index 000000000..48c0aba88 --- /dev/null +++ b/lib/pleroma/plugs/legacy_authentication_plug.ex @@ -0,0 +1,31 @@ +defmodule Pleroma.Plugs.LegacyAuthenticationPlug do + import Plug.Conn + alias Pleroma.User + + def init(options) do + options + end + + def call(%{assigns: %{user: %User{}}} = conn, _), do: conn + + def call( + %{ + assigns: %{ + auth_user: %{password_hash: "$6$" <> _ = password_hash} = auth_user, + auth_credentials: %{password: password} + } + } = conn, + _ + ) do + if :crypt.crypt(password, password_hash) == password_hash do + conn + |> assign(:user, auth_user) + else + conn + end + end + + def call(conn, _) do + conn + end +end diff --git a/test/plugs/legacy_authentication_plug_test.exs b/test/plugs/legacy_authentication_plug_test.exs new file mode 100644 index 000000000..90783f628 --- /dev/null +++ b/test/plugs/legacy_authentication_plug_test.exs @@ -0,0 +1,72 @@ +defmodule Pleroma.Plugs.LegacyAuthenticationPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.LegacyAuthenticationPlug + alias Pleroma.User + + setup do + # password is "password" + user = %User{ + id: 1, + name: "dude", + password_hash: + "$6$9psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1" + } + + %{user: user} + end + + test "it does nothing if a user is assigned", %{conn: conn, user: user} do + conn = + conn + |> assign(:auth_credentials, %{username: "dude", password: "password"}) + |> assign(:auth_user, user) + |> assign(:user, %User{}) + + ret_conn = + conn + |> LegacyAuthenticationPlug.call(%{}) + + assert ret_conn == conn + end + + test "it authenticates the auth_user if present and password is correct", %{ + conn: conn, + user: user + } do + conn = + conn + |> assign(:auth_credentials, %{username: "dude", password: "password"}) + |> assign(:auth_user, user) + + conn = + conn + |> LegacyAuthenticationPlug.call(%{}) + + assert conn.assigns.user == user + end + + test "it does nothing if the password is wrong", %{ + conn: conn, + user: user + } do + conn = + conn + |> assign(:auth_credentials, %{username: "dude", password: "wrong_password"}) + |> assign(:auth_user, user) + + ret_conn = + conn + |> LegacyAuthenticationPlug.call(%{}) + + assert conn == ret_conn + end + + test "with no credentials or user it does nothing", %{conn: conn} do + ret_conn = + conn + |> LegacyAuthenticationPlug.call(%{}) + + assert ret_conn == conn + end +end From 9a96c93be71a1347a0b4f709c89589e6bac8d4de Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 18:37:02 +0200 Subject: [PATCH 08/18] Add SessionAuthenticationPlug. --- lib/pleroma/plugs/session_authentication_plug.ex | 18 ++++++++ test/plugs/session_authentication_plug_test.exs | 59 ++++++++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 lib/pleroma/plugs/session_authentication_plug.ex create mode 100644 test/plugs/session_authentication_plug_test.exs diff --git a/lib/pleroma/plugs/session_authentication_plug.ex b/lib/pleroma/plugs/session_authentication_plug.ex new file mode 100644 index 000000000..904a27952 --- /dev/null +++ b/lib/pleroma/plugs/session_authentication_plug.ex @@ -0,0 +1,18 @@ +defmodule Pleroma.Plugs.SessionAuthenticationPlug do + import Plug.Conn + alias Pleroma.User + + def init(options) do + options + end + + def call(conn, _) do + with saved_user_id <- get_session(conn, :user_id), + %{auth_user: %{id: ^saved_user_id}} <- conn.assigns do + conn + |> assign(:user, conn.assigns.auth_user) + else + _ -> conn + end + end +end diff --git a/test/plugs/session_authentication_plug_test.exs b/test/plugs/session_authentication_plug_test.exs new file mode 100644 index 000000000..bb51bc0db --- /dev/null +++ b/test/plugs/session_authentication_plug_test.exs @@ -0,0 +1,59 @@ +defmodule Pleroma.Plugs.SessionAuthenticationPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.SessionAuthenticationPlug + alias Pleroma.User + + setup %{conn: conn} do + session_opts = [ + store: :cookie, + key: "_test", + signing_salt: "cooldude" + ] + + conn = + conn + |> Plug.Session.call(Plug.Session.init(session_opts)) + |> fetch_session + |> assign(:auth_user, %User{id: 1}) + + %{conn: conn} + end + + test "it does nothing if a user is assigned", %{conn: conn} do + conn = + conn + |> assign(:user, %User{}) + + ret_conn = + conn + |> SessionAuthenticationPlug.call(%{}) + + assert ret_conn == conn + end + + test "if the auth_user has the same id as the user_id in the session, it assigns the user", %{ + conn: conn + } do + conn = + conn + |> put_session(:user_id, conn.assigns.auth_user.id) + |> SessionAuthenticationPlug.call(%{}) + + assert conn.assigns.user == conn.assigns.auth_user + end + + test "if the auth_user has a different id as the user_id in the session, it does nothing", %{ + conn: conn + } do + conn = + conn + |> put_session(:user_id, -1) + + ret_conn = + conn + |> SessionAuthenticationPlug.call(%{}) + + assert ret_conn == conn + end +end From 32465b9939718f7bc6604594e0404340c3e02cc9 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 18:53:38 +0200 Subject: [PATCH 09/18] Simplify AuthenticationPlug --- lib/pleroma/plugs/authentication_plug.ex | 79 +++------- test/plugs/authentication_plug_test.exs | 244 +++++-------------------------- 2 files changed, 55 insertions(+), 268 deletions(-) diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index ffecb403d..8706b32cd 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -9,71 +9,32 @@ defmodule Pleroma.Plugs.AuthenticationPlug do def call(%{assigns: %{user: %User{}}} = conn, _), do: conn - def call(conn, opts) do - with {:ok, username, password} <- decode_header(conn), - {:ok, user} <- opts[:fetcher].(username), - false <- !!user.info["deactivated"], - saved_user_id <- get_session(conn, :user_id), - legacy_password <- String.starts_with?(user.password_hash, "$6$"), - update_legacy_password <- - !(Map.has_key?(opts, :update_legacy_password) && opts[:update_legacy_password] == false), - {:ok, verified_user} <- verify(user, password, saved_user_id) do - if legacy_password and update_legacy_password do - User.reset_password(verified_user, %{ - :password => password, - :password_confirmation => password - }) - end - + def call( + %{ + assigns: %{ + auth_user: %{password_hash: password_hash} = auth_user, + auth_credentials: %{password: password} + } + } = conn, + _ + ) do + if Pbkdf2.checkpw(password, password_hash) do conn - |> assign(:user, verified_user) - |> put_session(:user_id, verified_user.id) + |> assign(:user, auth_user) else - _ -> conn |> halt_or_continue(opts) + conn end end - # Short-circuit if we have a cookie with the id for the given user. - defp verify(%{id: id} = user, _password, id) do - {:ok, user} - end - - defp verify(nil, _password, _user_id) do + def call( + %{ + assigns: %{ + auth_credentials: %{password: password} + } + } = conn, + _ + ) do Pbkdf2.dummy_checkpw() - :error - end - - defp verify(user, password, _user_id) do - valid = - if String.starts_with?(user.password_hash, "$6$") do - :crypt.crypt(password, user.password_hash) == user.password_hash - else - Pbkdf2.checkpw(password, user.password_hash) - end - - if valid do - {:ok, user} - else - :error - end - end - - defp decode_header(conn) do - with ["Basic " <> header] <- get_req_header(conn, "authorization"), - {:ok, userinfo} <- Base.decode64(header), - [username, password] <- String.split(userinfo, ":", parts: 2) do - {:ok, username, password} - end - end - - defp halt_or_continue(conn, %{optional: true}) do - conn |> assign(:user, nil) - end - - defp halt_or_continue(conn, _) do conn - |> put_resp_content_type("application/json") - |> send_resp(403, Jason.encode!(%{error: "Invalid credentials."})) - |> halt end end diff --git a/test/plugs/authentication_plug_test.exs b/test/plugs/authentication_plug_test.exs index fd58d6ab4..061fa0cac 100644 --- a/test/plugs/authentication_plug_test.exs +++ b/test/plugs/authentication_plug_test.exs @@ -4,224 +4,50 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do alias Pleroma.Plugs.AuthenticationPlug alias Pleroma.User - defp fetch_nil(_name) do - {:ok, nil} + setup %{conn: conn} do + user = %User{ + id: 1, + name: "dude", + password_hash: Comeonin.Pbkdf2.hashpwsalt("guy") + } + + conn = + conn + |> assign(:auth_user, user) + + %{user: user, conn: conn} end - @user %User{ - id: 1, - name: "dude", - password_hash: Comeonin.Pbkdf2.hashpwsalt("guy") - } + test "it does nothing if a user is assigned", %{conn: conn} do + conn = + conn + |> assign(:user, %User{}) - @deactivated %User{ - id: 1, - name: "dude", - password_hash: Comeonin.Pbkdf2.hashpwsalt("guy"), - info: %{"deactivated" => true} - } + ret_conn = + conn + |> AuthenticationPlug.call(%{}) - @legacy %User{ - id: 1, - name: "dude", - password_hash: - "$6$9psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1" - } - - @session_opts [ - store: :cookie, - key: "_test", - signing_salt: "cooldude" - ] - - defp fetch_user(_name) do - {:ok, @user} + assert ret_conn == conn end - defp basic_auth_enc(username, password) do - "Basic " <> Base.encode64("#{username}:#{password}") + test "with a correct password in the credentials, it assigns the auth_user", %{conn: conn} do + conn = + conn + |> assign(:auth_credentials, %{password: "guy"}) + |> AuthenticationPlug.call(%{}) + + assert conn.assigns.user == conn.assigns.auth_user end - describe "without an authorization header" do - test "it halts the application" do - conn = - build_conn() - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> AuthenticationPlug.call(%{}) + test "with a wrong password in the credentials, it does nothing", %{conn: conn} do + conn = + conn + |> assign(:auth_credentials, %{password: "wrong"}) - assert conn.status == 403 - assert conn.halted == true - end + ret_conn = + conn + |> AuthenticationPlug.call(%{}) - test "it assigns a nil user if the 'optional' option is used" do - conn = - build_conn() - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> AuthenticationPlug.call(%{optional: true}) - - assert %{user: nil} == conn.assigns - end - end - - describe "with an authorization header for a nonexisting user" do - test "it halts the application" do - conn = - build_conn() - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> AuthenticationPlug.call(%{fetcher: &fetch_nil/1}) - - assert conn.status == 403 - assert conn.halted == true - end - - test "it assigns a nil user if the 'optional' option is used" do - conn = - build_conn() - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> AuthenticationPlug.call(%{optional: true, fetcher: &fetch_nil/1}) - - assert %{user: nil} == conn.assigns - end - end - - describe "with an incorrect authorization header for a enxisting user" do - test "it halts the application" do - opts = %{ - fetcher: &fetch_user/1 - } - - header = basic_auth_enc("dude", "man") - - conn = - build_conn() - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> put_req_header("authorization", header) - |> AuthenticationPlug.call(opts) - - assert conn.status == 403 - assert conn.halted == true - end - - test "it assigns a nil user if the 'optional' option is used" do - opts = %{ - optional: true, - fetcher: &fetch_user/1 - } - - header = basic_auth_enc("dude", "man") - - conn = - build_conn() - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> put_req_header("authorization", header) - |> AuthenticationPlug.call(opts) - - assert %{user: nil} == conn.assigns - end - end - - describe "with a correct authorization header for an existing user" do - test "it assigns the user", %{conn: conn} do - opts = %{ - optional: true, - fetcher: &fetch_user/1 - } - - header = basic_auth_enc("dude", "guy") - - conn = - conn - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> put_req_header("authorization", header) - |> AuthenticationPlug.call(opts) - - assert %{user: @user} == conn.assigns - assert get_session(conn, :user_id) == @user.id - assert conn.halted == false - end - - test "it assigns legacy user", %{conn: conn} do - opts = %{ - optional: true, - fetcher: fn _ -> {:ok, @legacy} end, - update_legacy_password: false - } - - header = basic_auth_enc("dude", "password") - - conn = - conn - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> put_req_header("authorization", header) - |> AuthenticationPlug.call(opts) - - assert %{user: @legacy} == conn.assigns - assert get_session(conn, :user_id) == @legacy.id - assert conn.halted == false - end - end - - describe "with a correct authorization header for an deactiviated user" do - test "it halts the appication", %{conn: conn} do - opts = %{ - optional: false, - fetcher: fn _ -> @deactivated end - } - - header = basic_auth_enc("dude", "guy") - - conn = - conn - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> put_req_header("authorization", header) - |> AuthenticationPlug.call(opts) - - assert conn.status == 403 - assert conn.halted == true - end - end - - describe "with a user_id in the session for an existing user" do - test "it assigns the user", %{conn: conn} do - opts = %{ - optional: true, - fetcher: &fetch_user/1 - } - - header = basic_auth_enc("dude", "THIS IS WRONG") - - conn = - conn - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> put_session(:user_id, @user.id) - |> put_req_header("authorization", header) - |> AuthenticationPlug.call(opts) - - assert %{user: @user} == conn.assigns - assert get_session(conn, :user_id) == @user.id - assert conn.halted == false - end - end - - describe "with an assigned user" do - test "it does nothing, returning the incoming conn", %{conn: conn} do - conn = - conn - |> assign(:user, @user) - - conn_result = AuthenticationPlug.call(conn, %{}) - - assert conn == conn_result - end + assert conn == ret_conn end end From 12bc73dd2833a22cce6a22841d33c992b1eb31fc Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 19:06:28 +0200 Subject: [PATCH 10/18] Add EnsureUserKeyPlug, smaller fixes --- lib/pleroma/plugs/authentication_plug.ex | 2 ++ lib/pleroma/plugs/ensure_user_key_plug.ex | 14 ++++++++++++++ test/plugs/basic_auth_decoder_plug_test.exs | 2 +- test/plugs/ensure_user_key_plug_test.exs | 25 +++++++++++++++++++++++++ 4 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 lib/pleroma/plugs/ensure_user_key_plug.ex create mode 100644 test/plugs/ensure_user_key_plug_test.exs diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index 8706b32cd..3ac301b97 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -37,4 +37,6 @@ defmodule Pleroma.Plugs.AuthenticationPlug do Pbkdf2.dummy_checkpw() conn end + + def call(conn, _), do: conn end diff --git a/lib/pleroma/plugs/ensure_user_key_plug.ex b/lib/pleroma/plugs/ensure_user_key_plug.ex new file mode 100644 index 000000000..05a567757 --- /dev/null +++ b/lib/pleroma/plugs/ensure_user_key_plug.ex @@ -0,0 +1,14 @@ +defmodule Pleroma.Plugs.EnsureUserKeyPlug do + import Plug.Conn + + def init(opts) do + opts + end + + def call(%{assigns: %{user: _}} = conn, _), do: conn + + def call(conn, _) do + conn + |> assign(:user, nil) + end +end diff --git a/test/plugs/basic_auth_decoder_plug_test.exs b/test/plugs/basic_auth_decoder_plug_test.exs index 317f7d167..a4876fef7 100644 --- a/test/plugs/basic_auth_decoder_plug_test.exs +++ b/test/plugs/basic_auth_decoder_plug_test.exs @@ -1,4 +1,4 @@ -defmodule Pleroma.Plugs.AuthenticationPlugTest do +defmodule Pleroma.Plugs.BasicAuthDecoderPlugTest do use Pleroma.Web.ConnCase, async: true alias Pleroma.Plugs.BasicAuthDecoderPlug diff --git a/test/plugs/ensure_user_key_plug_test.exs b/test/plugs/ensure_user_key_plug_test.exs new file mode 100644 index 000000000..9beda838e --- /dev/null +++ b/test/plugs/ensure_user_key_plug_test.exs @@ -0,0 +1,25 @@ +defmodule Pleroma.Plugs.EnsureUserKeyPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.EnsureUserKeyPlug + + test "if the conn has a user key set, it does nothing", %{conn: conn} do + conn = + conn + |> assign(:user, 1) + + ret_conn = + conn + |> EnsureUserKeyPlug.call(%{}) + + assert conn == ret_conn + end + + test "if the conn has no key set, it sets it to nil", %{conn: conn} do + conn = + conn + |> EnsureUserKeyPlug.call(%{}) + + assert Map.has_key?(conn.assigns, :user) + end +end From 636ad3e155d843ab7934438a05313abf1afb2a48 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 19:13:53 +0200 Subject: [PATCH 11/18] Add new plugs to router. --- lib/pleroma/web/router.ex | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index b212a2909..7cd3c9908 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -9,47 +9,48 @@ defmodule Pleroma.Web.Router do @public Keyword.get(@instance, :public) @registrations_open Keyword.get(@instance, :registrations_open) - def user_fetcher(username_or_email) do - { - :ok, - cond do - # First, try logging in as if it was a name - user = Repo.get_by(User, %{nickname: username_or_email}) -> - user - - # If we get nil, we try using it as an email - user = Repo.get_by(User, %{email: username_or_email}) -> - user - end - } - end - pipeline :api do plug(:accepts, ["json"]) plug(:fetch_session) plug(Pleroma.Plugs.OAuthPlug) - plug(Pleroma.Plugs.AuthenticationPlug, %{fetcher: &Router.user_fetcher/1, optional: true}) + plug(Pleroma.Plugs.BasicAuthDecoderPlug) + plug(Pleroma.Plugs.UserFetcherPlug) + plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.EnsureUserKeyPlug) end pipeline :authenticated_api do plug(:accepts, ["json"]) plug(:fetch_session) plug(Pleroma.Plugs.OAuthPlug) - plug(Pleroma.Plugs.AuthenticationPlug, %{fetcher: &Router.user_fetcher/1}) + plug(Pleroma.Plugs.BasicAuthDecoderPlug) + plug(Pleroma.Plugs.UserFetcherPlug) + plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.EnsureAuthenticatedPlug) end pipeline :mastodon_html do plug(:accepts, ["html"]) plug(:fetch_session) plug(Pleroma.Plugs.OAuthPlug) - plug(Pleroma.Plugs.AuthenticationPlug, %{fetcher: &Router.user_fetcher/1, optional: true}) + plug(Pleroma.Plugs.BasicAuthDecoderPlug) + plug(Pleroma.Plugs.UserFetcherPlug) + plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.EnsureUserKeyPlug) end pipeline :pleroma_html do plug(:accepts, ["html"]) plug(:fetch_session) plug(Pleroma.Plugs.OAuthPlug) - plug(Pleroma.Plugs.AuthenticationPlug, %{fetcher: &Router.user_fetcher/1, optional: true}) + plug(Pleroma.Plugs.BasicAuthDecoderPlug) + plug(Pleroma.Plugs.UserFetcherPlug) + plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.EnsureUserKeyPlug) end pipeline :well_known do From 5ce1ebb1794205a58bedee314a7c787ceb362f37 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 21:42:42 +0200 Subject: [PATCH 12/18] Add SetUserSessionIdPlug. --- lib/pleroma/plugs/set_user_session_id_plug.ex | 15 +++++++++++ test/plugs/set_user_session_id_plug_test.exs | 39 +++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 lib/pleroma/plugs/set_user_session_id_plug.ex create mode 100644 test/plugs/set_user_session_id_plug_test.exs diff --git a/lib/pleroma/plugs/set_user_session_id_plug.ex b/lib/pleroma/plugs/set_user_session_id_plug.ex new file mode 100644 index 000000000..adc0a42b5 --- /dev/null +++ b/lib/pleroma/plugs/set_user_session_id_plug.ex @@ -0,0 +1,15 @@ +defmodule Pleroma.Plugs.SetUserSessionIdPlug do + import Plug.Conn + alias Pleroma.User + + def init(opts) do + opts + end + + def call(%{assigns: %{user: %User{id: id}}} = conn, _) do + conn + |> put_session(:user_id, id) + end + + def call(conn, _), do: conn +end diff --git a/test/plugs/set_user_session_id_plug_test.exs b/test/plugs/set_user_session_id_plug_test.exs new file mode 100644 index 000000000..5edc0dab8 --- /dev/null +++ b/test/plugs/set_user_session_id_plug_test.exs @@ -0,0 +1,39 @@ +defmodule Pleroma.Plugs.SetUserSessionIdPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.SetUserSessionIdPlug + alias Pleroma.User + + setup %{conn: conn} do + session_opts = [ + store: :cookie, + key: "_test", + signing_salt: "cooldude" + ] + + conn = + conn + |> Plug.Session.call(Plug.Session.init(session_opts)) + |> fetch_session + + %{conn: conn} + end + + test "doesn't do anything if the user isn't set", %{conn: conn} do + ret_conn = + conn + |> SetUserSessionIdPlug.call(%{}) + + assert ret_conn == conn + end + + test "sets the user_id in the session to the user id of the user assign", %{conn: conn} do + conn = + conn + |> assign(:user, %User{id: 1}) + |> SetUserSessionIdPlug.call(%{}) + + id = get_session(conn, :user_id) + assert id == 1 + end +end From e601165426154e1c04594ae1c191249d3cd36535 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 21:53:53 +0200 Subject: [PATCH 13/18] Add UserEnabledPlug. --- lib/pleroma/plugs/user_enabled_plug.ex | 17 +++++++++++++++++ test/plugs/user_enabled_plug_test.exs | 35 ++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 lib/pleroma/plugs/user_enabled_plug.ex create mode 100644 test/plugs/user_enabled_plug_test.exs diff --git a/lib/pleroma/plugs/user_enabled_plug.ex b/lib/pleroma/plugs/user_enabled_plug.ex new file mode 100644 index 000000000..9c3285896 --- /dev/null +++ b/lib/pleroma/plugs/user_enabled_plug.ex @@ -0,0 +1,17 @@ +defmodule Pleroma.Plugs.UserEnabledPlug do + import Plug.Conn + alias Pleroma.User + + def init(options) do + options + end + + def call(%{assigns: %{user: %User{info: %{"deactivated" => true}}}} = conn, _) do + conn + |> assign(:user, nil) + end + + def call(conn, _) do + conn + end +end diff --git a/test/plugs/user_enabled_plug_test.exs b/test/plugs/user_enabled_plug_test.exs new file mode 100644 index 000000000..af877db76 --- /dev/null +++ b/test/plugs/user_enabled_plug_test.exs @@ -0,0 +1,35 @@ +defmodule Pleroma.Plugs.UserEnabledPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.UserEnabledPlug + alias Pleroma.User + + test "doesn't do anything if the user isn't set", %{conn: conn} do + ret_conn = + conn + |> UserEnabledPlug.call(%{}) + + assert ret_conn == conn + end + + test "with a user that is deactivated, it removes that user", %{conn: conn} do + conn = + conn + |> assign(:user, %User{info: %{"deactivated" => true}}) + |> UserEnabledPlug.call(%{}) + + assert conn.assigns.user == nil + end + + test "with a user that is not deactivated, it does nothing", %{conn: conn} do + conn = + conn + |> assign(:user, %User{}) + + ret_conn = + conn + |> UserEnabledPlug.call(%{}) + + assert conn == ret_conn + end +end From 3aba585e7a2b4e1e7733ba6949951bd95469bdaa Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 21:57:56 +0200 Subject: [PATCH 14/18] Add Plugs to router. --- lib/pleroma/web/router.ex | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 7cd3c9908..e8a02a192 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -17,6 +17,8 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.UserEnabledPlug) + plug(Pleroma.Plugs.SetUserSessionIdPlug) plug(Pleroma.Plugs.EnsureUserKeyPlug) end @@ -28,6 +30,8 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.UserEnabledPlug) + plug(Pleroma.Plugs.SetUserSessionIdPlug) plug(Pleroma.Plugs.EnsureAuthenticatedPlug) end @@ -39,6 +43,8 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.UserEnabledPlug) + plug(Pleroma.Plugs.SetUserSessionIdPlug) plug(Pleroma.Plugs.EnsureUserKeyPlug) end From c0e067c74e46c98657cb0e403debcbcb0a362df8 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 22:00:41 +0200 Subject: [PATCH 15/18] Update Mix.lock --- mix.lock | 1 + 1 file changed, 1 insertion(+) diff --git a/mix.lock b/mix.lock index 989a97add..1da8e7b0c 100644 --- a/mix.lock +++ b/mix.lock @@ -8,6 +8,7 @@ "cowboy": {:hex, :cowboy, "1.1.2", "61ac29ea970389a88eca5a65601460162d370a70018afe6f949a29dca91f3bb0", [:rebar3], [{:cowlib, "~> 1.0.2", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.3.2", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm"}, "cowlib": {:hex, :cowlib, "1.0.2", "9d769a1d062c9c3ac753096f868ca121e2730b9a377de23dec0f7e08b1df84ee", [:make], [], "hexpm"}, "credo": {:hex, :credo, "0.9.3", "76fa3e9e497ab282e0cf64b98a624aa11da702854c52c82db1bf24e54ab7c97a", [:mix], [{:bunt, "~> 0.2.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:poison, ">= 0.0.0", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm"}, + "crypt": {:git, "https://github.com/msantos/crypt", "1f2b58927ab57e72910191a7ebaeff984382a1d3", [ref: "1f2b58927ab57e72910191a7ebaeff984382a1d3"]}, "db_connection": {:hex, :db_connection, "1.1.3", "89b30ca1ef0a3b469b1c779579590688561d586694a3ce8792985d4d7e575a61", [:mix], [{:connection, "~> 1.0.2", [hex: :connection, repo: "hexpm", optional: false]}, {:poolboy, "~> 1.5", [hex: :poolboy, repo: "hexpm", optional: true]}, {:sbroker, "~> 1.0", [hex: :sbroker, repo: "hexpm", optional: true]}], "hexpm"}, "decimal": {:hex, :decimal, "1.5.0", "b0433a36d0e2430e3d50291b1c65f53c37d56f83665b43d79963684865beab68", [:mix], [], "hexpm"}, "ecto": {:hex, :ecto, "2.2.10", "e7366dc82f48f8dd78fcbf3ab50985ceeb11cb3dc93435147c6e13f2cda0992e", [:mix], [{:db_connection, "~> 1.1", [hex: :db_connection, repo: "hexpm", optional: true]}, {:decimal, "~> 1.2", [hex: :decimal, repo: "hexpm", optional: false]}, {:mariaex, "~> 0.8.0", [hex: :mariaex, repo: "hexpm", optional: true]}, {:poison, "~> 2.2 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: true]}, {:poolboy, "~> 1.5", [hex: :poolboy, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.13.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:sbroker, "~> 1.0", [hex: :sbroker, repo: "hexpm", optional: true]}], "hexpm"}, From 44b094908c28b588438b4bf31c0a4751be47f48d Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 22:30:14 +0200 Subject: [PATCH 16/18] Update legacy passwords automatically. --- lib/pleroma/plugs/legacy_authentication_plug.ex | 10 +++++++--- test/plugs/legacy_authentication_plug_test.exs | 22 ++++++++++++++++------ 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/lib/pleroma/plugs/legacy_authentication_plug.ex b/lib/pleroma/plugs/legacy_authentication_plug.ex index 48c0aba88..d22c1a647 100644 --- a/lib/pleroma/plugs/legacy_authentication_plug.ex +++ b/lib/pleroma/plugs/legacy_authentication_plug.ex @@ -17,11 +17,15 @@ defmodule Pleroma.Plugs.LegacyAuthenticationPlug do } = conn, _ ) do - if :crypt.crypt(password, password_hash) == password_hash do + with ^password_hash <- :crypt.crypt(password, password_hash), + {:ok, user} <- + User.reset_password(auth_user, %{password: password, password_confirmation: password}) do conn - |> assign(:user, auth_user) + |> assign(:auth_user, user) + |> assign(:user, user) else - conn + _ -> + conn end end diff --git a/test/plugs/legacy_authentication_plug_test.exs b/test/plugs/legacy_authentication_plug_test.exs index 90783f628..117810722 100644 --- a/test/plugs/legacy_authentication_plug_test.exs +++ b/test/plugs/legacy_authentication_plug_test.exs @@ -4,6 +4,8 @@ defmodule Pleroma.Plugs.LegacyAuthenticationPlugTest do alias Pleroma.Plugs.LegacyAuthenticationPlug alias Pleroma.User + import Mock + setup do # password is "password" user = %User{ @@ -30,19 +32,27 @@ defmodule Pleroma.Plugs.LegacyAuthenticationPlugTest do assert ret_conn == conn end - test "it authenticates the auth_user if present and password is correct", %{ - conn: conn, - user: user - } do + test "it authenticates the auth_user if present and password is correct and resets the password", + %{ + conn: conn, + user: user + } do conn = conn |> assign(:auth_credentials, %{username: "dude", password: "password"}) |> assign(:auth_user, user) conn = - conn - |> LegacyAuthenticationPlug.call(%{}) + with_mock User, + reset_password: fn user, %{password: password, password_confirmation: password} -> + send(self, :reset_password) + {:ok, user} + end do + conn + |> LegacyAuthenticationPlug.call(%{}) + end + assert_received :reset_password assert conn.assigns.user == user end From 70163aec9b9efc455e499c72a181bc31d75b37f0 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 22:31:57 +0200 Subject: [PATCH 17/18] Add LegacyAuthenticationPlug to router. --- lib/pleroma/web/router.ex | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index e8a02a192..f3604d465 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -16,6 +16,7 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.BasicAuthDecoderPlug) plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.LegacyAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) plug(Pleroma.Plugs.UserEnabledPlug) plug(Pleroma.Plugs.SetUserSessionIdPlug) @@ -29,6 +30,7 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.BasicAuthDecoderPlug) plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.LegacyAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) plug(Pleroma.Plugs.UserEnabledPlug) plug(Pleroma.Plugs.SetUserSessionIdPlug) @@ -42,6 +44,7 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.BasicAuthDecoderPlug) plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.LegacyAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) plug(Pleroma.Plugs.UserEnabledPlug) plug(Pleroma.Plugs.SetUserSessionIdPlug) From d22af29bb48e94ca21621c30d46cea42559277b7 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 22:42:50 +0200 Subject: [PATCH 18/18] Fix warning. --- test/plugs/legacy_authentication_plug_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/plugs/legacy_authentication_plug_test.exs b/test/plugs/legacy_authentication_plug_test.exs index 117810722..383a22ff8 100644 --- a/test/plugs/legacy_authentication_plug_test.exs +++ b/test/plugs/legacy_authentication_plug_test.exs @@ -45,7 +45,7 @@ defmodule Pleroma.Plugs.LegacyAuthenticationPlugTest do conn = with_mock User, reset_password: fn user, %{password: password, password_confirmation: password} -> - send(self, :reset_password) + send(self(), :reset_password) {:ok, user} end do conn