[#3112] Ensured presence and consistency of :user and :token assigns (EnsureUserTokenAssignsPlug). Refactored auth info dropping functions.

2020-12-06 13:59:10 +03:00 · 2020-12-06 13:59:10 +03:00 · e9859b68fc
commit e9859b68fc
parent d50a3345ae
14 changed files with 178 additions and 131 deletions
--- a/test/pleroma/web/plugs/ensure_user_key_plug_test.exs
+++ b/test/pleroma/web/plugs/ensure_user_key_plug_test.exs
@ -1,29 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Web.Plugs.EnsureUserKeyPlugTest do
-  use Pleroma.Web.ConnCase, async: true
-
-  alias Pleroma.Web.Plugs.EnsureUserKeyPlug
-
-  test "if the conn has a user key set, it does nothing", %{conn: conn} do
-    conn =
-      conn
-      |> assign(:user, 1)
-
-    ret_conn =
-      conn
-      |> EnsureUserKeyPlug.call(%{})
-
-    assert conn == ret_conn
-  end
-
-  test "if the conn has no key set, it sets it to nil", %{conn: conn} do
-    conn =
-      conn
-      |> EnsureUserKeyPlug.call(%{})
-
-    assert Map.has_key?(conn.assigns, :user)
-  end
-end
--- a/test/pleroma/web/plugs/ensure_user_token_assigns_plug_test.exs
+++ b/test/pleroma/web/plugs/ensure_user_token_assigns_plug_test.exs
@ -0,0 +1,69 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Plugs.EnsureUserTokenAssignsPlugTest do
+  use Pleroma.Web.ConnCase, async: true
+
+  import Pleroma.Factory
+
+  alias Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug
+
+  test "with :user assign set to a User record " <>
+         "and :token assign set to a Token belonging to this user, " <>
+         "it does nothing" do
+    %{conn: conn} = oauth_access(["read"])
+
+    ret_conn = EnsureUserTokenAssignsPlug.call(conn, %{})
+
+    assert conn == ret_conn
+  end
+
+  test "with :user assign set to a User record " <>
+         "but :token assign not set or not a Token, " <>
+         "it assigns :token to `nil`",
+       %{conn: conn} do
+    user = insert(:user)
+    conn = assign(conn, :user, user)
+
+    ret_conn = EnsureUserTokenAssignsPlug.call(conn, %{})
+
+    assert %{token: nil} = ret_conn.assigns
+
+    ret_conn2 =
+      conn
+      |> assign(:token, 1)
+      |> EnsureUserTokenAssignsPlug.call(%{})
+
+    assert %{token: nil} = ret_conn2.assigns
+  end
+
+  # Abnormal (unexpected) scenario
+  test "with :user assign set to a User record " <>
+         "but :token assign set to a Token NOT belonging to :user, " <>
+         "it drops auth info" do
+    %{conn: conn} = oauth_access(["read"])
+    other_user = insert(:user)
+
+    conn = assign(conn, :user, other_user)
+
+    ret_conn = EnsureUserTokenAssignsPlug.call(conn, %{})
+
+    assert %{user: nil, token: nil} = ret_conn.assigns
+  end
+
+  test "if :user assign is not set to a User record, it sets :user and :token to nil", %{
+    conn: conn
+  } do
+    ret_conn = EnsureUserTokenAssignsPlug.call(conn, %{})
+
+    assert %{user: nil, token: nil} = ret_conn.assigns
+
+    ret_conn2 =
+      conn
+      |> assign(:user, 1)
+      |> EnsureUserTokenAssignsPlug.call(%{})
+
+    assert %{user: nil, token: nil} = ret_conn2.assigns
+  end
+end