[#1234] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes

# Conflicts: # CHANGELOG.md # lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex # lib/pleroma/web/router.ex
2019-10-02 20:42:40 +03:00 · 2019-10-02 20:42:40 +03:00 · 64095961fe
commit 64095961fe
parent 6f67aed3ac a22a7437d8
222 changed files with 10323 additions and 6972 deletions
--- a/test/web/oauth/app_test.exs
+++ b/test/web/oauth/app_test.exs
@ -0,0 +1,33 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.OAuth.AppTest do
+  use Pleroma.DataCase
+
+  alias Pleroma.Web.OAuth.App
+  import Pleroma.Factory
+
+  describe "get_or_make/2" do
+    test "gets exist app" do
+      attrs = %{client_name: "Mastodon-Local", redirect_uris: "."}
+      app = insert(:oauth_app, Map.merge(attrs, %{scopes: ["read", "write"]}))
+      {:ok, %App{} = exist_app} = App.get_or_make(attrs, [])
+      assert exist_app == app
+    end
+
+    test "make app" do
+      attrs = %{client_name: "Mastodon-Local", redirect_uris: "."}
+      {:ok, %App{} = app} = App.get_or_make(attrs, ["write"])
+      assert app.scopes == ["write"]
+    end
+
+    test "gets exist app and updates scopes" do
+      attrs = %{client_name: "Mastodon-Local", redirect_uris: "."}
+      app = insert(:oauth_app, Map.merge(attrs, %{scopes: ["read", "write"]}))
+      {:ok, %App{} = exist_app} = App.get_or_make(attrs, ["read", "write", "follow", "push"])
+      assert exist_app.id == app.id
+      assert exist_app.scopes == ["read", "write", "follow", "push"]
+    end
+  end
+end
--- a/test/web/oauth/oauth_controller_test.exs
+++ b/test/web/oauth/oauth_controller_test.exs
@ -7,6 +7,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
  import Pleroma.Factory

  alias Pleroma.Repo
+  alias Pleroma.User
  alias Pleroma.Web.OAuth.Authorization
  alias Pleroma.Web.OAuth.OAuthController
  alias Pleroma.Web.OAuth.Token
@ -775,15 +776,11 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do

    test "rejects token exchange for valid credentials belonging to unconfirmed user and confirmation is required" do
      Pleroma.Config.put([:instance, :account_activation_required], true)
-
      password = "testpassword"
-      user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
-      info_change = Pleroma.User.Info.confirmation_changeset(user.info, need_confirmation: true)

      {:ok, user} =
-        user
-        |> Ecto.Changeset.change()
-        |> Ecto.Changeset.put_embed(:info, info_change)
+        insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+        |> User.change_info(&User.Info.confirmation_changeset(&1, need_confirmation: true))
        |> Repo.update()

      refute Pleroma.User.auth_active?(user)
@ -831,6 +828,33 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
      refute Map.has_key?(resp, "access_token")
    end

+    test "rejects token exchange for user with password_reset_pending set to true" do
+      password = "testpassword"
+
+      user =
+        insert(:user,
+          password_hash: Comeonin.Pbkdf2.hashpwsalt(password),
+          info: %{password_reset_pending: true}
+        )
+
+      app = insert(:oauth_app, scopes: ["read", "write"])
+
+      conn =
+        build_conn()
+        |> post("/oauth/token", %{
+          "grant_type" => "password",
+          "username" => user.nickname,
+          "password" => password,
+          "client_id" => app.client_id,
+          "client_secret" => app.client_secret
+        })
+
+      assert resp = json_response(conn, 403)
+
+      assert resp["error"] == "Password reset is required"
+      refute Map.has_key?(resp, "access_token")
+    end
+
    test "rejects an invalid authorization code" do
      app = insert(:oauth_app)