Merge branch 'fix/captcha' into 'develop'

Fix account registration when captcha is enabled but not provided Closes #1712 See merge request pleroma/pleroma!2438
2020-05-01 11:47:58 +00:00 · 2020-05-01 11:47:58 +00:00 · 2008fa9c7f
commit 2008fa9c7f
parent 0dd863f8f5 39a78998d0
11 changed files with 250 additions and 163 deletions
--- a/test/captcha_test.exs
+++ b/test/captcha_test.exs
@ -61,7 +61,7 @@ defmodule Pleroma.CaptchaTest do

      assert is_binary(answer)
      assert :ok = Native.validate(token, answer, answer)
-      assert {:error, "Invalid CAPTCHA"} == Native.validate(token, answer, answer <> "foobar")
+      assert {:error, :invalid} == Native.validate(token, answer, answer <> "foobar")
    end
  end

@ -78,6 +78,7 @@ defmodule Pleroma.CaptchaTest do

      assert is_binary(answer)
      assert :ok = Captcha.validate(token, "63615261b77f5354fb8c4e4986477555", answer)
+      Cachex.del(:used_captcha_cache, token)
    end

    test "doesn't validate invalid answer" do
@ -92,7 +93,7 @@ defmodule Pleroma.CaptchaTest do

      assert is_binary(answer)

-      assert {:error, "Invalid answer data"} =
+      assert {:error, :invalid_answer_data} =
               Captcha.validate(token, "63615261b77f5354fb8c4e4986477555", answer <> "foobar")
    end

@ -108,7 +109,7 @@ defmodule Pleroma.CaptchaTest do

      assert is_binary(answer)

-      assert {:error, "Invalid answer data"} =
+      assert {:error, :invalid_answer_data} =
               Captcha.validate(token, "63615261b77f5354fb8c4e4986477555", nil)
    end
  end
--- a/test/support/captcha_mock.ex
+++ b/test/support/captcha_mock.ex
@ -6,12 +6,16 @@ defmodule Pleroma.Captcha.Mock do
  alias Pleroma.Captcha.Service
  @behaviour Service

+  @solution "63615261b77f5354fb8c4e4986477555"
+
+  def solution, do: @solution
+
  @impl Service
  def new,
    do: %{
      type: :mock,
      token: "afa1815e14e29355e6c8f6b143a39fa2",
-      answer_data: "63615261b77f5354fb8c4e4986477555",
+      answer_data: @solution,
      url: "https://example.org/captcha.png"
    }

--- a/test/web/mastodon_api/controllers/account_controller_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller_test.exs
@ -925,7 +925,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
        |> Map.put(:remote_ip, {127, 0, 0, 5})
        |> post("/api/v1/accounts", Map.delete(valid_params, :email))

-      assert json_response_and_validate_schema(res, 400) == %{"error" => "Missing parameters"}
+      assert json_response_and_validate_schema(res, 400) ==
+               %{"error" => "Missing parameter: email"}

      res =
        conn
@ -1093,6 +1094,91 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
    end
  end

+  describe "create account with enabled captcha" do
+    setup %{conn: conn} do
+      app_token = insert(:oauth_token, user: nil)
+
+      conn =
+        conn
+        |> put_req_header("authorization", "Bearer " <> app_token.token)
+        |> put_req_header("content-type", "multipart/form-data")
+
+      [conn: conn]
+    end
+
+    setup do: clear_config([Pleroma.Captcha, :enabled], true)
+
+    test "creates an account and returns 200 if captcha is valid", %{conn: conn} do
+      %{token: token, answer_data: answer_data} = Pleroma.Captcha.new()
+
+      params = %{
+        username: "lain",
+        email: "lain@example.org",
+        password: "PlzDontHackLain",
+        agreement: true,
+        captcha_solution: Pleroma.Captcha.Mock.solution(),
+        captcha_token: token,
+        captcha_answer_data: answer_data
+      }
+
+      assert %{
+               "access_token" => access_token,
+               "created_at" => _,
+               "scope" => ["read"],
+               "token_type" => "Bearer"
+             } =
+               conn
+               |> post("/api/v1/accounts", params)
+               |> json_response_and_validate_schema(:ok)
+
+      assert Token |> Repo.get_by(token: access_token) |> Repo.preload(:user) |> Map.get(:user)
+
+      Cachex.del(:used_captcha_cache, token)
+    end
+
+    test "returns 400 if any captcha field is not provided", %{conn: conn} do
+      captcha_fields = [:captcha_solution, :captcha_token, :captcha_answer_data]
+
+      valid_params = %{
+        username: "lain",
+        email: "lain@example.org",
+        password: "PlzDontHackLain",
+        agreement: true,
+        captcha_solution: "xx",
+        captcha_token: "xx",
+        captcha_answer_data: "xx"
+      }
+
+      for field <- captcha_fields do
+        expected = %{
+          "error" => "{\"captcha\":[\"Invalid CAPTCHA (Missing parameter: #{field})\"]}"
+        }
+
+        assert expected ==
+                 conn
+                 |> post("/api/v1/accounts", Map.delete(valid_params, field))
+                 |> json_response_and_validate_schema(:bad_request)
+      end
+    end
+
+    test "returns an error if captcha is invalid", %{conn: conn} do
+      params = %{
+        username: "lain",
+        email: "lain@example.org",
+        password: "PlzDontHackLain",
+        agreement: true,
+        captcha_solution: "cofe",
+        captcha_token: "cofe",
+        captcha_answer_data: "cofe"
+      }
+
+      assert %{"error" => "{\"captcha\":[\"Invalid answer data\"]}"} ==
+               conn
+               |> post("/api/v1/accounts", params)
+               |> json_response_and_validate_schema(:bad_request)
+    end
+  end
+
  describe "GET /api/v1/accounts/:id/lists - account_lists" do
    test "returns lists to which the account belongs" do
      %{user: user, conn: conn} = oauth_access(["read:lists"])
--- a/test/web/twitter_api/twitter_api_test.exs
+++ b/test/web/twitter_api/twitter_api_test.exs
@ -18,7 +18,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do

  test "it registers a new user and returns the user." do
    data = %{
-      :nickname => "lain",
+      :username => "lain",
      :email => "lain@wired.jp",
      :fullname => "lain iwakura",
      :password => "bear",
@ -35,7 +35,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do

  test "it registers a new user with empty string in bio and returns the user." do
    data = %{
-      :nickname => "lain",
+      :username => "lain",
      :email => "lain@wired.jp",
      :fullname => "lain iwakura",
      :bio => "",
@ -60,7 +60,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
    end

    data = %{
-      :nickname => "lain",
+      :username => "lain",
      :email => "lain@wired.jp",
      :fullname => "lain iwakura",
      :bio => "",
@ -87,7 +87,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do

  test "it registers a new user and parses mentions in the bio" do
    data1 = %{
-      :nickname => "john",
+      :username => "john",
      :email => "john@gmail.com",
      :fullname => "John Doe",
      :bio => "test",
@ -98,7 +98,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
    {:ok, user1} = TwitterAPI.register_user(data1)

    data2 = %{
-      :nickname => "lain",
+      :username => "lain",
      :email => "lain@wired.jp",
      :fullname => "lain iwakura",
      :bio => "@john test",
@ -123,7 +123,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
      {:ok, invite} = UserInviteToken.create_invite()

      data = %{
-        :nickname => "vinny",
+        :username => "vinny",
        :email => "pasta@pizza.vs",
        :fullname => "Vinny Vinesauce",
        :bio => "streamer",
@ -145,7 +145,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do

    test "returns error on invalid token" do
      data = %{
-        :nickname => "GrimReaper",
+        :username => "GrimReaper",
        :email => "death@reapers.afterlife",
        :fullname => "Reaper Grim",
        :bio => "Your time has come",
@ -165,7 +165,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
      UserInviteToken.update_invite!(invite, used: true)

      data = %{
-        :nickname => "GrimReaper",
+        :username => "GrimReaper",
        :email => "death@reapers.afterlife",
        :fullname => "Reaper Grim",
        :bio => "Your time has come",
@ -186,7 +186,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do

    setup do
      data = %{
-        :nickname => "vinny",
+        :username => "vinny",
        :email => "pasta@pizza.vs",
        :fullname => "Vinny Vinesauce",
        :bio => "streamer",
@ -250,7 +250,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
      UserInviteToken.update_invite!(invite, uses: 99)

      data = %{
-        :nickname => "vinny",
+        :username => "vinny",
        :email => "pasta@pizza.vs",
        :fullname => "Vinny Vinesauce",
        :bio => "streamer",
@ -269,7 +269,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
               AccountView.render("show.json", %{user: fetched_user})

      data = %{
-        :nickname => "GrimReaper",
+        :username => "GrimReaper",
        :email => "death@reapers.afterlife",
        :fullname => "Reaper Grim",
        :bio => "Your time has come",
@ -292,7 +292,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
      {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.utc_today(), max_use: 100})

      data = %{
-        :nickname => "vinny",
+        :username => "vinny",
        :email => "pasta@pizza.vs",
        :fullname => "Vinny Vinesauce",
        :bio => "streamer",
@ -317,7 +317,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
      UserInviteToken.update_invite!(invite, uses: 99)

      data = %{
-        :nickname => "vinny",
+        :username => "vinny",
        :email => "pasta@pizza.vs",
        :fullname => "Vinny Vinesauce",
        :bio => "streamer",
@ -335,7 +335,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
               AccountView.render("show.json", %{user: fetched_user})

      data = %{
-        :nickname => "GrimReaper",
+        :username => "GrimReaper",
        :email => "death@reapers.afterlife",
        :fullname => "Reaper Grim",
        :bio => "Your time has come",
@ -355,7 +355,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
        UserInviteToken.create_invite(%{expires_at: Date.add(Date.utc_today(), -1), max_use: 100})

      data = %{
-        :nickname => "GrimReaper",
+        :username => "GrimReaper",
        :email => "death@reapers.afterlife",
        :fullname => "Reaper Grim",
        :bio => "Your time has come",
@ -377,7 +377,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
      UserInviteToken.update_invite!(invite, uses: 100)

      data = %{
-        :nickname => "GrimReaper",
+        :username => "GrimReaper",
        :email => "death@reapers.afterlife",
        :fullname => "Reaper Grim",
        :bio => "Your time has come",
@ -395,16 +395,15 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do

  test "it returns the error on registration problems" do
    data = %{
-      :nickname => "lain",
+      :username => "lain",
      :email => "lain@wired.jp",
      :fullname => "lain iwakura",
-      :bio => "close the world.",
-      :password => "bear"
+      :bio => "close the world."
    }

-    {:error, error_object} = TwitterAPI.register_user(data)
+    {:error, error} = TwitterAPI.register_user(data)

-    assert is_binary(error_object[:error])
+    assert is_binary(error)
    refute User.get_cached_by_nickname("lain")
  end