Merge branch '1560-non-federating-instances-routes-restrictions' into 'develop'

[#1560] Restricted AP- & OStatus-related routes for non-federating instances Closes #1560 See merge request pleroma/pleroma!2235
2020-03-15 19:15:20 +00:00 · 2020-03-15 19:15:20 +00:00 · fa4ec17c84
commit fa4ec17c84
parent d84670b9e1 ecb7809e92
22 changed files with 644 additions and 472 deletions
--- a/test/plugs/ensure_authenticated_plug_test.exs
+++ b/test/plugs/ensure_authenticated_plug_test.exs
@ -8,24 +8,62 @@ defmodule Pleroma.Plugs.EnsureAuthenticatedPlugTest do
  alias Pleroma.Plugs.EnsureAuthenticatedPlug
  alias Pleroma.User

-  test "it halts if no user is assigned", %{conn: conn} do
-    conn =
-      conn
-      |> EnsureAuthenticatedPlug.call(%{})
+  describe "without :if_func / :unless_func options" do
+    test "it halts if user is NOT assigned", %{conn: conn} do
+      conn = EnsureAuthenticatedPlug.call(conn, %{})

-    assert conn.status == 403
-    assert conn.halted == true
+      assert conn.status == 403
+      assert conn.halted == true
+    end
+
+    test "it continues if a user is assigned", %{conn: conn} do
+      conn = assign(conn, :user, %User{})
+      ret_conn = EnsureAuthenticatedPlug.call(conn, %{})
+
+      assert ret_conn == conn
+    end
  end

-  test "it continues if a user is assigned", %{conn: conn} do
-    conn =
-      conn
-      |> assign(:user, %User{})
+  describe "with :if_func / :unless_func options" do
+    setup do
+      %{
+        true_fn: fn -> true end,
+        false_fn: fn -> false end
+      }
+    end

-    ret_conn =
-      conn
-      |> EnsureAuthenticatedPlug.call(%{})
+    test "it continues if a user is assigned", %{conn: conn, true_fn: true_fn, false_fn: false_fn} do
+      conn = assign(conn, :user, %User{})
+      assert EnsureAuthenticatedPlug.call(conn, if_func: true_fn) == conn
+      assert EnsureAuthenticatedPlug.call(conn, if_func: false_fn) == conn
+      assert EnsureAuthenticatedPlug.call(conn, unless_func: true_fn) == conn
+      assert EnsureAuthenticatedPlug.call(conn, unless_func: false_fn) == conn
+    end

-    assert ret_conn == conn
+    test "it continues if a user is NOT assigned but :if_func evaluates to `false`",
+         %{conn: conn, false_fn: false_fn} do
+      assert EnsureAuthenticatedPlug.call(conn, if_func: false_fn) == conn
+    end
+
+    test "it continues if a user is NOT assigned but :unless_func evaluates to `true`",
+         %{conn: conn, true_fn: true_fn} do
+      assert EnsureAuthenticatedPlug.call(conn, unless_func: true_fn) == conn
+    end
+
+    test "it halts if a user is NOT assigned and :if_func evaluates to `true`",
+         %{conn: conn, true_fn: true_fn} do
+      conn = EnsureAuthenticatedPlug.call(conn, if_func: true_fn)
+
+      assert conn.status == 403
+      assert conn.halted == true
+    end
+
+    test "it halts if a user is NOT assigned and :unless_func evaluates to `false`",
+         %{conn: conn, false_fn: false_fn} do
+      conn = EnsureAuthenticatedPlug.call(conn, unless_func: false_fn)
+
+      assert conn.status == 403
+      assert conn.halted == true
+    end
  end
 end
--- a/test/plugs/oauth_plug_test.exs
+++ b/test/plugs/oauth_plug_test.exs
@ -38,7 +38,7 @@ defmodule Pleroma.Plugs.OAuthPlugTest do
    assert conn.assigns[:user] == opts[:user]
  end

-  test "with valid token(downcase) in url parameters, it assings the user", opts do
+  test "with valid token(downcase) in url parameters, it assigns the user", opts do
    conn =
      :get
      |> build_conn("/?access_token=#{opts[:token]}")