Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F13522470
user_is_admin_plug_test.exs
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Award Token
Flag For Later
Size
3 KB
Referenced Files
None
Subscribers
None
user_is_admin_plug_test.exs
View Options
# Pleroma: A lightweight social networking server
# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule
Pleroma.Plugs.UserIsAdminPlugTest
do
use
Pleroma.Web.ConnCase
,
async
:
true
alias
Pleroma.Plugs.UserIsAdminPlug
import
Pleroma.Factory
describe
"unless [:auth, :enforce_oauth_admin_scope_usage],"
do
clear_config
([
:auth
,
:enforce_oauth_admin_scope_usage
])
do
Pleroma.Config
.
put
([
:auth
,
:enforce_oauth_admin_scope_usage
],
false
)
end
test
"accepts a user that is an admin"
do
user
=
insert
(
:user
,
is_admin
:
true
)
conn
=
assign
(
build_conn
(),
:user
,
user
)
ret_conn
=
UserIsAdminPlug
.
call
(
conn
,
%{})
assert
conn
==
ret_conn
end
test
"denies a user that isn't an admin"
do
user
=
insert
(
:user
)
conn
=
build_conn
()
|>
assign
(
:user
,
user
)
|>
UserIsAdminPlug
.
call
(%{})
assert
conn
.
status
==
403
end
test
"denies when a user isn't set"
do
conn
=
UserIsAdminPlug
.
call
(
build_conn
(),
%{})
assert
conn
.
status
==
403
end
end
describe
"with [:auth, :enforce_oauth_admin_scope_usage],"
do
clear_config
([
:auth
,
:enforce_oauth_admin_scope_usage
])
do
Pleroma.Config
.
put
([
:auth
,
:enforce_oauth_admin_scope_usage
],
true
)
end
setup
do
admin_user
=
insert
(
:user
,
is_admin
:
true
)
non_admin_user
=
insert
(
:user
,
is_admin
:
false
)
blank_user
=
nil
{
:ok
,
%{
users
:
[
admin_user
,
non_admin_user
,
blank_user
]}}
end
test
"if token has any of admin scopes, accepts a user that is an admin"
,
%{
conn
:
conn
}
do
user
=
insert
(
:user
,
is_admin
:
true
)
token
=
insert
(
:oauth_token
,
user
:
user
,
scopes
:
[
"admin:something"
])
conn
=
conn
|>
assign
(
:user
,
user
)
|>
assign
(
:token
,
token
)
ret_conn
=
UserIsAdminPlug
.
call
(
conn
,
%{})
assert
conn
==
ret_conn
end
test
"if token has any of admin scopes, denies a user that isn't an admin"
,
%{
conn
:
conn
}
do
user
=
insert
(
:user
,
is_admin
:
false
)
token
=
insert
(
:oauth_token
,
user
:
user
,
scopes
:
[
"admin:something"
])
conn
=
conn
|>
assign
(
:user
,
user
)
|>
assign
(
:token
,
token
)
|>
UserIsAdminPlug
.
call
(%{})
assert
conn
.
status
==
403
end
test
"if token has any of admin scopes, denies when a user isn't set"
,
%{
conn
:
conn
}
do
token
=
insert
(
:oauth_token
,
scopes
:
[
"admin:something"
])
conn
=
conn
|>
assign
(
:user
,
nil
)
|>
assign
(
:token
,
token
)
|>
UserIsAdminPlug
.
call
(%{})
assert
conn
.
status
==
403
end
test
"if token lacks admin scopes, denies users regardless of is_admin flag"
,
%{
users
:
users
}
do
for
user
<-
users
do
token
=
insert
(
:oauth_token
,
user
:
user
)
conn
=
build_conn
()
|>
assign
(
:user
,
user
)
|>
assign
(
:token
,
token
)
|>
UserIsAdminPlug
.
call
(%{})
assert
conn
.
status
==
403
end
end
test
"if token is missing, denies users regardless of is_admin flag"
,
%{
users
:
users
}
do
for
user
<-
users
do
conn
=
build_conn
()
|>
assign
(
:user
,
user
)
|>
assign
(
:token
,
nil
)
|>
UserIsAdminPlug
.
call
(%{})
assert
conn
.
status
==
403
end
end
end
end
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sun, Dec 7, 9:06 PM (1 d, 20 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
691701
Default Alt Text
user_is_admin_plug_test.exs (3 KB)
Attached To
Mode
rPUBE pleroma-upstream
Attached
Detach File
Event Timeline
Log In to Comment