Merge branch 'release/2.2.0' into 'stable'v2.2.0

Release/2.2.0 See merge request pleroma/secteam/pleroma!19
author: rinpatch <rinpatch@sdf.org> 2020-11-12 12:34:48 +0000
committer: rinpatch <rinpatch@sdf.org> 2020-11-12 12:34:48 +0000
commit: 1172844ed18d94d84724dc6f11c6e9f72e0ba6ec (patch)
tree: 7d48a259e08856ab6db0eba255f20c0c19410463 /test/plugs/oauth_scopes_plug_test.exs
parent: a0f5e8b27edbe2224d9c2c3997ad5b8ea484244b (diff)
parent: b4c6b262d6dc12362f0014a864e8aed6c727c39c (diff)
download: pleroma-2.2.0.tar.gz
1 files changed, 0 insertions, 210 deletions
diff --git a/test/plugs/oauth_scopes_plug_test.exs b/test/plugs/oauth_scopes_plug_test.exs
deleted file mode 100644
index 334316043..000000000
--- a/test/plugs/oauth_scopes_plug_test.exs
+++ /dev/null
@@ -1,210 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Plugs.OAuthScopesPlugTest do
-  use Pleroma.Web.ConnCase
-
-  alias Pleroma.Plugs.OAuthScopesPlug
-  alias Pleroma.Repo
-
-  import Mock
-  import Pleroma.Factory
-
-  test "is not performed if marked as skipped", %{conn: conn} do
-    with_mock OAuthScopesPlug, [:passthrough], perform: &passthrough([&1, &2]) do
-      conn =
-        conn
-        |> OAuthScopesPlug.skip_plug()
-        |> OAuthScopesPlug.call(%{scopes: ["random_scope"]})
-
-      refute called(OAuthScopesPlug.perform(:_, :_))
-      refute conn.halted
-    end
-  end
-
-  test "if `token.scopes` fulfills specified 'any of' conditions, " <>
-         "proceeds with no op",
-       %{conn: conn} do
-    token = insert(:oauth_token, scopes: ["read", "write"]) |> Repo.preload(:user)
-
-    conn =
-      conn
-      |> assign(:user, token.user)
-      |> assign(:token, token)
-      |> OAuthScopesPlug.call(%{scopes: ["read"]})
-
-    refute conn.halted
-    assert conn.assigns[:user]
-  end
-
-  test "if `token.scopes` fulfills specified 'all of' conditions, " <>
-         "proceeds with no op",
-       %{conn: conn} do
-    token = insert(:oauth_token, scopes: ["scope1", "scope2", "scope3"]) |> Repo.preload(:user)
-
-    conn =
-      conn
-      |> assign(:user, token.user)
-      |> assign(:token, token)
-      |> OAuthScopesPlug.call(%{scopes: ["scope2", "scope3"], op: :&})
-
-    refute conn.halted
-    assert conn.assigns[:user]
-  end
-
-  describe "with `fallback: :proceed_unauthenticated` option, " do
-    test "if `token.scopes` doesn't fulfill specified conditions, " <>
-           "clears :user and :token assigns",
-         %{conn: conn} do
-      user = insert(:user)
-      token1 = insert(:oauth_token, scopes: ["read", "write"], user: user)
-
-      for token <- [token1, nil], op <- [:|, :&] do
-        ret_conn =
-          conn
-          |> assign(:user, user)
-          |> assign(:token, token)
-          |> OAuthScopesPlug.call(%{
-            scopes: ["follow"],
-            op: op,
-            fallback: :proceed_unauthenticated
-          })
-
-        refute ret_conn.halted
-        refute ret_conn.assigns[:user]
-        refute ret_conn.assigns[:token]
-      end
-    end
-  end
-
-  describe "without :fallback option, " do
-    test "if `token.scopes` does not fulfill specified 'any of' conditions, " <>
-           "returns 403 and halts",
-         %{conn: conn} do
-      for token <- [insert(:oauth_token, scopes: ["read", "write"]), nil] do
-        any_of_scopes = ["follow", "push"]
-
-        ret_conn =
-          conn
-          |> assign(:token, token)
-          |> OAuthScopesPlug.call(%{scopes: any_of_scopes})
-
-        assert ret_conn.halted
-        assert 403 == ret_conn.status
-
-        expected_error = "Insufficient permissions: #{Enum.join(any_of_scopes, " | ")}."
-        assert Jason.encode!(%{error: expected_error}) == ret_conn.resp_body
-      end
-    end
-
-    test "if `token.scopes` does not fulfill specified 'all of' conditions, " <>
-           "returns 403 and halts",
-         %{conn: conn} do
-      for token <- [insert(:oauth_token, scopes: ["read", "write"]), nil] do
-        token_scopes = (token && token.scopes) || []
-        all_of_scopes = ["write", "follow"]
-
-        conn =
-          conn
-          |> assign(:token, token)
-          |> OAuthScopesPlug.call(%{scopes: all_of_scopes, op: :&})
-
-        assert conn.halted
-        assert 403 == conn.status
-
-        expected_error =
-          "Insufficient permissions: #{Enum.join(all_of_scopes -- token_scopes, " & ")}."
-
-        assert Jason.encode!(%{error: expected_error}) == conn.resp_body
-      end
-    end
-  end
-
-  describe "with hierarchical scopes, " do
-    test "if `token.scopes` fulfills specified 'any of' conditions, " <>
-           "proceeds with no op",
-         %{conn: conn} do
-      token = insert(:oauth_token, scopes: ["read", "write"]) |> Repo.preload(:user)
-
-      conn =
-        conn
-        |> assign(:user, token.user)
-        |> assign(:token, token)
-        |> OAuthScopesPlug.call(%{scopes: ["read:something"]})
-
-      refute conn.halted
-      assert conn.assigns[:user]
-    end
-
-    test "if `token.scopes` fulfills specified 'all of' conditions, " <>
-           "proceeds with no op",
-         %{conn: conn} do
-      token = insert(:oauth_token, scopes: ["scope1", "scope2", "scope3"]) |> Repo.preload(:user)
-
-      conn =
-        conn
-        |> assign(:user, token.user)
-        |> assign(:token, token)
-        |> OAuthScopesPlug.call(%{scopes: ["scope1:subscope", "scope2:subscope"], op: :&})
-
-      refute conn.halted
-      assert conn.assigns[:user]
-    end
-  end
-
-  describe "filter_descendants/2" do
-    test "filters scopes which directly match or are ancestors of supported scopes" do
-      f = fn scopes, supported_scopes ->
-        OAuthScopesPlug.filter_descendants(scopes, supported_scopes)
-      end
-
-      assert f.(["read", "follow"], ["write", "read"]) == ["read"]
-
-      assert f.(["read", "write:something", "follow"], ["write", "read"]) ==
-               ["read", "write:something"]
-
-      assert f.(["admin:read"], ["write", "read"]) == []
-
-      assert f.(["admin:read"], ["write", "admin"]) == ["admin:read"]
-    end
-  end
-
-  describe "transform_scopes/2" do
-    setup do: clear_config([:auth, :enforce_oauth_admin_scope_usage])
-
-    setup do
-      {:ok, %{f: &OAuthScopesPlug.transform_scopes/2}}
-    end
-
-    test "with :admin option, prefixes all requested scopes with `admin:` " <>
-           "and [optionally] keeps only prefixed scopes, " <>
-           "depending on `[:auth, :enforce_oauth_admin_scope_usage]` setting",
-         %{f: f} do
-      Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], false)
-
-      assert f.(["read"], %{admin: true}) == ["admin:read", "read"]
-
-      assert f.(["read", "write"], %{admin: true}) == [
-               "admin:read",
-               "read",
-               "admin:write",
-               "write"
-             ]
-
-      Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], true)
-
-      assert f.(["read:accounts"], %{admin: true}) == ["admin:read:accounts"]
-
-      assert f.(["read", "write:reports"], %{admin: true}) == [
-               "admin:read",
-               "admin:write:reports"
-             ]
-    end
-
-    test "with no supported options, returns unmodified scopes", %{f: f} do
-      assert f.(["read"], %{}) == ["read"]
-      assert f.(["read", "write"], %{}) == ["read", "write"]
-    end
-  end
-end
author	rinpatch <rinpatch@sdf.org>	2020-11-12 12:34:48 +0000
committer	rinpatch <rinpatch@sdf.org>	2020-11-12 12:34:48 +0000
commit	1172844ed18d94d84724dc6f11c6e9f72e0ba6ec (patch)
tree	7d48a259e08856ab6db0eba255f20c0c19410463 /test/plugs/oauth_scopes_plug_test.exs
parent	a0f5e8b27edbe2224d9c2c3997ad5b8ea484244b (diff)
parent	b4c6b262d6dc12362f0014a864e8aed6c727c39c (diff)
download	pleroma-2.2.0.tar.gz