[#1940] Reinstated OAuth-less `admin_token` authentication. Refactored UserIsAdminPlug (freed from checking admin scopes presence).

author: Ivan Tashkinov <ivantashkinov@gmail.com> 2020-07-19 21:35:57 +0300
committer: Ivan Tashkinov <ivantashkinov@gmail.com> 2020-07-19 21:35:57 +0300
commit: cf3f8cb72a46f0c8c798d4022cff442fae4ab401 (patch)
tree: 585b45b649a67efae1db0f22114b120d804031e8 /test/web/admin_api/controllers/admin_api_controller_test.exs
parent: 5d215fd81f529b639db9096ca71d4e7f0a6ed386 (diff)
download: pleroma-cf3f8cb72a46f0c8c798d4022cff442fae4ab401.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/test/web/admin_api/controllers/admin_api_controller_test.exs b/test/web/admin_api/controllers/admin_api_controller_test.exs
index c2433f23c..da91cd552 100644
--- a/test/web/admin_api/controllers/admin_api_controller_test.exs
+++ b/test/web/admin_api/controllers/admin_api_controller_test.exs
@@ -41,6 +41,16 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
     {:ok, %{admin: admin, token: token, conn: conn}}
   end
 
+  test "with valid `admin_token` query parameter, skips OAuth scopes check" do
+    clear_config([:admin_token], "password123")
+
+    user = insert(:user)
+
+    conn = get(build_conn(), "/api/pleroma/admin/users/#{user.nickname}?admin_token=password123")
+
+    assert json_response(conn, 200)
+  end
+
   describe "with [:auth, :enforce_oauth_admin_scope_usage]," do
     setup do: clear_config([:auth, :enforce_oauth_admin_scope_usage], true)
author	Ivan Tashkinov <ivantashkinov@gmail.com>	2020-07-19 21:35:57 +0300
committer	Ivan Tashkinov <ivantashkinov@gmail.com>	2020-07-19 21:35:57 +0300
commit	cf3f8cb72a46f0c8c798d4022cff442fae4ab401 (patch)
tree	585b45b649a67efae1db0f22114b120d804031e8 /test/web/admin_api/controllers/admin_api_controller_test.exs
parent	5d215fd81f529b639db9096ca71d4e7f0a6ed386 (diff)
download	pleroma-cf3f8cb72a46f0c8c798d4022cff442fae4ab401.tar.gz