Make auth tokens usable once and expire them.

author: Roger Braun <roger@rogerbraun.net> 2017-09-09 12:02:59 +0200
committer: Roger Braun <roger@rogerbraun.net> 2017-09-09 12:02:59 +0200
commit: 95cedd60004893fd646735d17f7196297c38e22c (patch)
tree: 9915027eb19f458aa8627f8ac886518a27e41d79 /test/web/oauth/token_test.exs
parent: 890503ca1ea4308664d31622eb19208757a4c881 (diff)
download: pleroma-95cedd60004893fd646735d17f7196297c38e22c.tar.gz
1 files changed, 24 insertions, 0 deletions
diff --git a/test/web/oauth/token_test.exs b/test/web/oauth/token_test.exs
new file mode 100644
index 000000000..3bd763989
--- /dev/null
+++ b/test/web/oauth/token_test.exs
@@ -0,0 +1,24 @@
+defmodule Pleroma.Web.OAuth.TokenTest do
+  use Pleroma.DataCase
+  alias Pleroma.Web.OAuth.{App, Token, Authorization}
+  alias Pleroma.Repo
+
+  import Pleroma.Factory
+
+  test "exchanges a auth token for an access token" do
+    {:ok, app} = Repo.insert(App.register_changeset(%App{}, %{client_name: "client", scopes: "scope", redirect_uris: "url"}))
+    user = insert(:user)
+
+    {:ok, auth} = Authorization.create_authorization(app, user)
+
+    {:ok, token} = Token.exchange_token(app, auth)
+
+    assert token.app_id == app.id
+    assert token.user_id == user.id
+    assert String.length(token.token) > 10
+    assert String.length(token.refresh_token) > 10
+
+    auth = Repo.get(Authorization, auth.id)
+    {:error, "already used"} = Token.exchange_token(app, auth)
+  end
+end
author	Roger Braun <roger@rogerbraun.net>	2017-09-09 12:02:59 +0200
committer	Roger Braun <roger@rogerbraun.net>	2017-09-09 12:02:59 +0200
commit	95cedd60004893fd646735d17f7196297c38e22c (patch)
tree	9915027eb19f458aa8627f8ac886518a27e41d79 /test/web/oauth/token_test.exs
parent	890503ca1ea4308664d31622eb19208757a4c881 (diff)
download	pleroma-95cedd60004893fd646735d17f7196297c38e22c.tar.gz