[#1682] Fixed Basic Auth permissions issue by disabling OAuth scopes checks when password is provided. Refactored plugs skipping functionality.

2020-04-17 21:21:10 +03:00 · 2020-04-17 21:21:10 +03:00 · 66f55106bd
commit 66f55106bd
parent e0d7847bc5
9 changed files with 101 additions and 23 deletions
--- a/test/plugs/authentication_plug_test.exs
+++ b/test/plugs/authentication_plug_test.exs
@ -6,6 +6,8 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do
  use Pleroma.Web.ConnCase, async: true

  alias Pleroma.Plugs.AuthenticationPlug
+  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Plugs.PlugHelper
  alias Pleroma.User

  import ExUnit.CaptureLog
@ -36,13 +38,16 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do
    assert ret_conn == conn
  end

-  test "with a correct password in the credentials, it assigns the auth_user", %{conn: conn} do
+  test "with a correct password in the credentials, " <>
+         "it assigns the auth_user and marks OAuthScopesPlug as skipped",
+       %{conn: conn} do
    conn =
      conn
      |> assign(:auth_credentials, %{password: "guy"})
      |> AuthenticationPlug.call(%{})

    assert conn.assigns.user == conn.assigns.auth_user
+    assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
  end

  test "with a wrong password in the credentials, it does nothing", %{conn: conn} do
--- a/test/plugs/legacy_authentication_plug_test.exs
+++ b/test/plugs/legacy_authentication_plug_test.exs
@ -8,6 +8,8 @@ defmodule Pleroma.Plugs.LegacyAuthenticationPlugTest do
  import Pleroma.Factory

  alias Pleroma.Plugs.LegacyAuthenticationPlug
+  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Plugs.PlugHelper
  alias Pleroma.User

  setup do
@ -36,7 +38,8 @@ defmodule Pleroma.Plugs.LegacyAuthenticationPlugTest do
  end

  @tag :skip_on_mac
-  test "it authenticates the auth_user if present and password is correct and resets the password",
+  test "if `auth_user` is present and password is correct, " <>
+         "it authenticates the user, resets the password, marks OAuthScopesPlug as skipped",
       %{
         conn: conn,
         user: user
@ -49,6 +52,7 @@ defmodule Pleroma.Plugs.LegacyAuthenticationPlugTest do
    conn = LegacyAuthenticationPlug.call(conn, %{})

    assert conn.assigns.user.id == user.id
+    assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
  end

  @tag :skip_on_mac
--- a/test/plugs/oauth_scopes_plug_test.exs
+++ b/test/plugs/oauth_scopes_plug_test.exs
@ -7,7 +7,6 @@ defmodule Pleroma.Plugs.OAuthScopesPlugTest do

  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
  alias Pleroma.Plugs.OAuthScopesPlug
-  alias Pleroma.Plugs.PlugHelper
  alias Pleroma.Repo

  import Mock
@ -21,7 +20,7 @@ defmodule Pleroma.Plugs.OAuthScopesPlugTest do
    with_mock OAuthScopesPlug, [:passthrough], perform: &passthrough([&1, &2]) do
      conn =
        conn
-        |> PlugHelper.append_to_skipped_plugs(OAuthScopesPlug)
+        |> OAuthScopesPlug.skip_plug()
        |> OAuthScopesPlug.call(%{scopes: ["random_scope"]})

      refute called(OAuthScopesPlug.perform(:_, :_))