Automatic checks of authentication / instance publicity. Definition of missing OAuth scopes in AdminAPIController. Refactoring.
This commit is contained in:
Ivan Tashkinov
parent
3c828016d9
commit
f685cbd309
44 changed files with 355 additions and 267 deletions
|
|
@ -20,7 +20,7 @@ defmodule Pleroma.Plugs.EnsureAuthenticatedPlugTest do
|
|||
conn = assign(conn, :user, %User{})
|
||||
ret_conn = EnsureAuthenticatedPlug.call(conn, %{})
|
||||
|
||||
assert ret_conn == conn
|
||||
refute ret_conn.halted
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -34,20 +34,22 @@ defmodule Pleroma.Plugs.EnsureAuthenticatedPlugTest do
|
|||
|
||||
test "it continues if a user is assigned", %{conn: conn, true_fn: true_fn, false_fn: false_fn} do
|
||||
conn = assign(conn, :user, %User{})
|
||||
assert EnsureAuthenticatedPlug.call(conn, if_func: true_fn) == conn
|
||||
assert EnsureAuthenticatedPlug.call(conn, if_func: false_fn) == conn
|
||||
assert EnsureAuthenticatedPlug.call(conn, unless_func: true_fn) == conn
|
||||
assert EnsureAuthenticatedPlug.call(conn, unless_func: false_fn) == conn
|
||||
refute EnsureAuthenticatedPlug.call(conn, if_func: true_fn).halted
|
||||
refute EnsureAuthenticatedPlug.call(conn, if_func: false_fn).halted
|
||||
refute EnsureAuthenticatedPlug.call(conn, unless_func: true_fn).halted
|
||||
refute EnsureAuthenticatedPlug.call(conn, unless_func: false_fn).halted
|
||||
end
|
||||
|
||||
test "it continues if a user is NOT assigned but :if_func evaluates to `false`",
|
||||
%{conn: conn, false_fn: false_fn} do
|
||||
assert EnsureAuthenticatedPlug.call(conn, if_func: false_fn) == conn
|
||||
ret_conn = EnsureAuthenticatedPlug.call(conn, if_func: false_fn)
|
||||
refute ret_conn.halted
|
||||
end
|
||||
|
||||
test "it continues if a user is NOT assigned but :unless_func evaluates to `true`",
|
||||
%{conn: conn, true_fn: true_fn} do
|
||||
assert EnsureAuthenticatedPlug.call(conn, unless_func: true_fn) == conn
|
||||
ret_conn = EnsureAuthenticatedPlug.call(conn, unless_func: true_fn)
|
||||
refute ret_conn.halted
|
||||
end
|
||||
|
||||
test "it halts if a user is NOT assigned and :if_func evaluates to `true`",
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ defmodule Pleroma.Plugs.EnsurePublicOrAuthenticatedPlugTest do
|
|||
conn
|
||||
|> EnsurePublicOrAuthenticatedPlug.call(%{})
|
||||
|
||||
assert ret_conn == conn
|
||||
refute ret_conn.halted
|
||||
end
|
||||
|
||||
test "it continues if a user is assigned, even if not public", %{conn: conn} do
|
||||
|
|
@ -43,6 +43,6 @@ defmodule Pleroma.Plugs.EnsurePublicOrAuthenticatedPlugTest do
|
|||
conn
|
||||
|> EnsurePublicOrAuthenticatedPlug.call(%{})
|
||||
|
||||
assert ret_conn == conn
|
||||
refute ret_conn.halted
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -5,17 +5,12 @@
|
|||
defmodule Pleroma.Plugs.OAuthScopesPlugTest do
|
||||
use Pleroma.Web.ConnCase, async: true
|
||||
|
||||
alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
|
||||
alias Pleroma.Plugs.OAuthScopesPlug
|
||||
alias Pleroma.Repo
|
||||
|
||||
import Mock
|
||||
import Pleroma.Factory
|
||||
|
||||
setup_with_mocks([{EnsurePublicOrAuthenticatedPlug, [], [call: fn conn, _ -> conn end]}]) do
|
||||
:ok
|
||||
end
|
||||
|
||||
test "is not performed if marked as skipped", %{conn: conn} do
|
||||
with_mock OAuthScopesPlug, [:passthrough], perform: &passthrough([&1, &2]) do
|
||||
conn =
|
||||
|
|
@ -60,7 +55,7 @@ defmodule Pleroma.Plugs.OAuthScopesPlugTest do
|
|||
|
||||
describe "with `fallback: :proceed_unauthenticated` option, " do
|
||||
test "if `token.scopes` doesn't fulfill specified conditions, " <>
|
||||
"clears :user and :token assigns and calls EnsurePublicOrAuthenticatedPlug",
|
||||
"clears :user and :token assigns",
|
||||
%{conn: conn} do
|
||||
user = insert(:user)
|
||||
token1 = insert(:oauth_token, scopes: ["read", "write"], user: user)
|
||||
|
|
@ -79,35 +74,6 @@ defmodule Pleroma.Plugs.OAuthScopesPlugTest do
|
|||
refute ret_conn.halted
|
||||
refute ret_conn.assigns[:user]
|
||||
refute ret_conn.assigns[:token]
|
||||
|
||||
assert called(EnsurePublicOrAuthenticatedPlug.call(ret_conn, :_))
|
||||
end
|
||||
end
|
||||
|
||||
test "with :skip_instance_privacy_check option, " <>
|
||||
"if `token.scopes` doesn't fulfill specified conditions, " <>
|
||||
"clears :user and :token assigns and does NOT call EnsurePublicOrAuthenticatedPlug",
|
||||
%{conn: conn} do
|
||||
user = insert(:user)
|
||||
token1 = insert(:oauth_token, scopes: ["read:statuses", "write"], user: user)
|
||||
|
||||
for token <- [token1, nil], op <- [:|, :&] do
|
||||
ret_conn =
|
||||
conn
|
||||
|> assign(:user, user)
|
||||
|> assign(:token, token)
|
||||
|> OAuthScopesPlug.call(%{
|
||||
scopes: ["read"],
|
||||
op: op,
|
||||
fallback: :proceed_unauthenticated,
|
||||
skip_instance_privacy_check: true
|
||||
})
|
||||
|
||||
refute ret_conn.halted
|
||||
refute ret_conn.assigns[:user]
|
||||
refute ret_conn.assigns[:token]
|
||||
|
||||
refute called(EnsurePublicOrAuthenticatedPlug.call(ret_conn, :_))
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -766,7 +766,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
|
|||
end
|
||||
|
||||
describe "POST /users/:nickname/outbox" do
|
||||
test "it rejects posts from other users / unauuthenticated users", %{conn: conn} do
|
||||
test "it rejects posts from other users / unauthenticated users", %{conn: conn} do
|
||||
data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
|
||||
user = insert(:user)
|
||||
other_user = insert(:user)
|
||||
|
|
|
|||
|
|
@ -38,8 +38,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
|
|||
end
|
||||
|
||||
test "listing remote packs" do
|
||||
admin = insert(:user, is_admin: true)
|
||||
%{conn: conn} = oauth_access(["admin:write"], user: admin)
|
||||
conn = build_conn()
|
||||
|
||||
resp =
|
||||
build_conn()
|
||||
|
|
@ -76,7 +75,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
|
|||
assert Enum.find(arch, fn {n, _} -> n == 'blank.png' end)
|
||||
end
|
||||
|
||||
test "downloading shared & unshared packs from another instance via download_from, deleting them" do
|
||||
test "downloading shared & unshared packs from another instance, deleting them" do
|
||||
on_exit(fn ->
|
||||
File.rm_rf!("#{@emoji_dir_path}/test_pack2")
|
||||
File.rm_rf!("#{@emoji_dir_path}/test_pack_nonshared2")
|
||||
|
|
@ -136,7 +135,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
|
|||
|> post(
|
||||
emoji_api_path(
|
||||
conn,
|
||||
:download_from
|
||||
:save_from
|
||||
),
|
||||
%{
|
||||
instance_address: "https://old-instance",
|
||||
|
|
@ -152,7 +151,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
|
|||
|> post(
|
||||
emoji_api_path(
|
||||
conn,
|
||||
:download_from
|
||||
:save_from
|
||||
),
|
||||
%{
|
||||
instance_address: "https://example.com",
|
||||
|
|
@ -179,7 +178,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
|
|||
|> post(
|
||||
emoji_api_path(
|
||||
conn,
|
||||
:download_from
|
||||
:save_from
|
||||
),
|
||||
%{
|
||||
instance_address: "https://example.com",
|
||||
|
|
|
|||
|
|
@ -19,13 +19,9 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
|
|||
end
|
||||
|
||||
test "with credentials, without any params" do
|
||||
%{user: current_user, conn: conn} =
|
||||
oauth_access(["read:notifications", "write:notifications"])
|
||||
%{conn: conn} = oauth_access(["write:notifications"])
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> assign(:user, current_user)
|
||||
|> post("/api/qvitter/statuses/notifications/read")
|
||||
conn = post(conn, "/api/qvitter/statuses/notifications/read")
|
||||
|
||||
assert json_response(conn, 400) == %{
|
||||
"error" => "You need to specify latest_id",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue