[#1234] Permissions-related fixes / new functionality (Masto 2.4.3 scopes).

2019-09-15 18:22:08 +03:00 · 2019-09-15 18:22:08 +03:00 · e6f43a831b
commit e6f43a831b
parent b63faf9819
14 changed files with 374 additions and 197 deletions
--- a/test/support/factory.ex
+++ b/test/support/factory.ex
@ -283,6 +283,7 @@ defmodule Pleroma.Factory do

    %Pleroma.Web.OAuth.Token{
      token: :crypto.strong_rand_bytes(32) |> Base.url_encode64(),
+      scopes: ["read"],
      refresh_token: :crypto.strong_rand_bytes(32) |> Base.url_encode64(),
      user: build(:user),
      app_id: oauth_app.id,
--- a/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs
+++ b/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs
@ -257,7 +257,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
      assert user_response["pleroma"]["background_image"]
    end

-    test "requires 'write' permission", %{conn: conn} do
+    test "requires 'write:accounts' permission", %{conn: conn} do
      token1 = insert(:oauth_token, scopes: ["read"])
      token2 = insert(:oauth_token, scopes: ["write", "follow"])

@ -268,7 +268,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
          |> patch("/api/v1/accounts/update_credentials", %{})

        if token == token1 do
-          assert %{"error" => "Insufficient permissions: write."} == json_response(conn, 403)
+          assert %{"error" => "Insufficient permissions: write:accounts."} ==
+                   json_response(conn, 403)
        else
          assert json_response(conn, 200)
        end
--- a/test/web/oauth/oauth_controller_test.exs
+++ b/test/web/oauth/oauth_controller_test.exs
@ -556,7 +556,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
            "password" => "test",
            "client_id" => app.client_id,
            "redirect_uri" => redirect_uri,
-            "scope" => "read write",
+            "scope" => "read:subscope write",
            "state" => "statepassed"
          }
        })
@ -569,7 +569,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
      assert %{"state" => "statepassed", "code" => code} = query
      auth = Repo.get_by(Authorization, token: code)
      assert auth
-      assert auth.scopes == ["read", "write"]
+      assert auth.scopes == ["read:subscope", "write"]
    end

    test "returns 401 for wrong credentials", %{conn: conn} do
@ -626,7 +626,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
      assert result =~ "This action is outside the authorized scopes"
    end

-    test "returns 401 for scopes beyond app scopes", %{conn: conn} do
+    test "returns 401 for scopes beyond app scopes hierarchy", %{conn: conn} do
      user = insert(:user)
      app = insert(:oauth_app, scopes: ["read", "write"])
      redirect_uri = OAuthController.default_redirect_uri(app)