Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into remake-remodel-dms

2020-04-20 12:37:17 +02:00 · 2020-04-20 12:37:17 +02:00 · 139b9d1338
commit 139b9d1338
parent 970b74383b 918a8094fc
48 changed files with 340 additions and 642 deletions
--- a/test/web/activity_pub/side_effects_test.exs
+++ b/test/web/activity_pub/side_effects_test.exs
@ -18,13 +18,14 @@ defmodule Pleroma.Web.ActivityPub.SideEffectsTest do

  describe "like objects" do
    setup do
+      poster = insert(:user)
      user = insert(:user)
-      {:ok, post} = CommonAPI.post(user, %{"status" => "hey"})
+      {:ok, post} = CommonAPI.post(poster, %{"status" => "hey"})

      {:ok, like_data, _meta} = Builder.like(user, post.object)
      {:ok, like, _meta} = ActivityPub.persist(like_data, local: true)

-      %{like: like, user: user}
+      %{like: like, user: user, poster: poster}
    end

    test "add the like to the original object", %{like: like, user: user} do
@ -33,6 +34,11 @@ defmodule Pleroma.Web.ActivityPub.SideEffectsTest do
      assert object.data["like_count"] == 1
      assert user.ap_id in object.data["likes"]
    end
+
+    test "creates a notification", %{like: like, poster: poster} do
+      {:ok, like, _} = SideEffects.handle(like)
+      assert Repo.get_by(Notification, user_id: poster.id, activity_id: like.id)
+    end
  end

  describe "creation of ChatMessages" do
--- a/test/web/auth/basic_auth_test.exs
+++ b/test/web/auth/basic_auth_test.exs
@ -0,0 +1,46 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Auth.BasicAuthTest do
+  use Pleroma.Web.ConnCase
+
+  import Pleroma.Factory
+
+  test "with HTTP Basic Auth used, grants access to OAuth scope-restricted endpoints", %{
+    conn: conn
+  } do
+    user = insert(:user)
+    assert Comeonin.Pbkdf2.checkpw("test", user.password_hash)
+
+    basic_auth_contents =
+      (URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test"))
+      |> Base.encode64()
+
+    # Succeeds with HTTP Basic Auth
+    response =
+      conn
+      |> put_req_header("authorization", "Basic " <> basic_auth_contents)
+      |> get("/api/v1/accounts/verify_credentials")
+      |> json_response(200)
+
+    user_nickname = user.nickname
+    assert %{"username" => ^user_nickname} = response
+
+    # Succeeds with a properly scoped OAuth token
+    valid_token = insert(:oauth_token, scopes: ["read:accounts"])
+
+    conn
+    |> put_req_header("authorization", "Bearer #{valid_token.token}")
+    |> get("/api/v1/accounts/verify_credentials")
+    |> json_response(200)
+
+    # Fails with a wrong-scoped OAuth token (proof of restriction)
+    invalid_token = insert(:oauth_token, scopes: ["read:something"])
+
+    conn
+    |> put_req_header("authorization", "Bearer #{invalid_token.token}")
+    |> get("/api/v1/accounts/verify_credentials")
+    |> json_response(403)
+  end
+end