squeegily
/
pleroma
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 42 Wiki Activity
Fork of Pleroma with site-specific changes and feature branches https://git.pleroma.social/pleroma/pleroma
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6012 Commits
154 Branches
503MB
Tree: c49a09ed88
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c49a09ed88'
${ noResults }
pleroma/test/plugs/oauth_scopes_plug_test.exs

123 lines
3.6KB
Raw Blame History 

  1. # Pleroma: A lightweight social networking server

  2. # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>

  3. # SPDX-License-Identifier: AGPL-3.0-only

  4. 

  5. defmodule Pleroma.Plugs.OAuthScopesPlugTest do

  6.   use Pleroma.Web.ConnCase, async: true

  7. 

  8.   alias Pleroma.Plugs.OAuthScopesPlug

  9.   alias Pleroma.Repo

  10. 

  11.   import Pleroma.Factory

  12. 

  13.   test "proceeds with no op if `assigns[:token]` is nil", %{conn: conn} do

  14.     conn =

  15.       conn

  16.       |> assign(:user, insert(:user))

  17.       |> OAuthScopesPlug.call(%{scopes: ["read"]})

  18. 

  19.     refute conn.halted

  20.     assert conn.assigns[:user]

  21.   end

  22. 

  23.   test "proceeds with no op if `token.scopes` fulfill specified 'any of' conditions", %{

  24.     conn: conn

  25.   } do

  26.     token = insert(:oauth_token, scopes: ["read", "write"]) |> Repo.preload(:user)

  27. 

  28.     conn =

  29.       conn

  30.       |> assign(:user, token.user)

  31.       |> assign(:token, token)

  32.       |> OAuthScopesPlug.call(%{scopes: ["read"]})

  33. 

  34.     refute conn.halted

  35.     assert conn.assigns[:user]

  36.   end

  37. 

  38.   test "proceeds with no op if `token.scopes` fulfill specified 'all of' conditions", %{

  39.     conn: conn

  40.   } do

  41.     token = insert(:oauth_token, scopes: ["scope1", "scope2", "scope3"]) |> Repo.preload(:user)

  42. 

  43.     conn =

  44.       conn

  45.       |> assign(:user, token.user)

  46.       |> assign(:token, token)

  47.       |> OAuthScopesPlug.call(%{scopes: ["scope2", "scope3"], op: :&})

  48. 

  49.     refute conn.halted

  50.     assert conn.assigns[:user]

  51.   end

  52. 

  53.   test "proceeds with cleared `assigns[:user]` if `token.scopes` doesn't fulfill specified 'any of' conditions " <>

  54.          "and `fallback: :proceed_unauthenticated` option is specified",

  55.        %{conn: conn} do

  56.     token = insert(:oauth_token, scopes: ["read", "write"]) |> Repo.preload(:user)

  57. 

  58.     conn =

  59.       conn

  60.       |> assign(:user, token.user)

  61.       |> assign(:token, token)

  62.       |> OAuthScopesPlug.call(%{scopes: ["follow"], fallback: :proceed_unauthenticated})

  63. 

  64.     refute conn.halted

  65.     refute conn.assigns[:user]

  66.   end

  67. 

  68.   test "proceeds with cleared `assigns[:user]` if `token.scopes` doesn't fulfill specified 'all of' conditions " <>

  69.          "and `fallback: :proceed_unauthenticated` option is specified",

  70.        %{conn: conn} do

  71.     token = insert(:oauth_token, scopes: ["read", "write"]) |> Repo.preload(:user)

  72. 

  73.     conn =

  74.       conn

  75.       |> assign(:user, token.user)

  76.       |> assign(:token, token)

  77.       |> OAuthScopesPlug.call(%{

  78.         scopes: ["read", "follow"],

  79.         op: :&,

  80.         fallback: :proceed_unauthenticated

  81.       })

  82. 

  83.     refute conn.halted

  84.     refute conn.assigns[:user]

  85.   end

  86. 

  87.   test "returns 403 and halts in case of no :fallback option and `token.scopes` not fulfilling specified 'any of' conditions",

  88.        %{conn: conn} do

  89.     token = insert(:oauth_token, scopes: ["read", "write"])

  90.     any_of_scopes = ["follow"]

  91. 

  92.     conn =

  93.       conn

  94.       |> assign(:token, token)

  95.       |> OAuthScopesPlug.call(%{scopes: any_of_scopes})

  96. 

  97.     assert conn.halted

  98.     assert 403 == conn.status

  99. 

  100.     expected_error = "Insufficient permissions: #{Enum.join(any_of_scopes, ", ")}."

  101.     assert Jason.encode!(%{error: expected_error}) == conn.resp_body

  102.   end

  103. 

  104.   test "returns 403 and halts in case of no :fallback option and `token.scopes` not fulfilling specified 'all of' conditions",

  105.        %{conn: conn} do

  106.     token = insert(:oauth_token, scopes: ["read", "write"])

  107.     all_of_scopes = ["write", "follow"]

  108. 

  109.     conn =

  110.       conn

  111.       |> assign(:token, token)

  112.       |> OAuthScopesPlug.call(%{scopes: all_of_scopes, op: :&})

  113. 

  114.     assert conn.halted

  115.     assert 403 == conn.status

  116. 

  117.     expected_error =

  118.       "Insufficient permissions: #{Enum.join(all_of_scopes -- token.scopes, ", ")}."

  119. 

  120.     assert Jason.encode!(%{error: expected_error}) == conn.resp_body

  121.   end

  122. end