diff options
| author | Roger Braun <roger@rogerbraun.net> | 2017-09-09 12:02:59 +0200 |
|---|---|---|
| committer | Roger Braun <roger@rogerbraun.net> | 2017-09-09 12:02:59 +0200 |
| commit | 95cedd60004893fd646735d17f7196297c38e22c (patch) | |
| tree | 9915027eb19f458aa8627f8ac886518a27e41d79 /test/web/oauth | |
| parent | 890503ca1ea4308664d31622eb19208757a4c881 (diff) | |
| download | pleroma-95cedd60004893fd646735d17f7196297c38e22c.tar.gz | |
Make auth tokens usable once and expire them.
Diffstat (limited to 'test/web/oauth')
| -rw-r--r-- | test/web/oauth/authorization_test.exs | 42 | ||||
| -rw-r--r-- | test/web/oauth/token_test.exs | 24 |
2 files changed, 66 insertions, 0 deletions
diff --git a/test/web/oauth/authorization_test.exs b/test/web/oauth/authorization_test.exs new file mode 100644 index 000000000..52441fa7d --- /dev/null +++ b/test/web/oauth/authorization_test.exs @@ -0,0 +1,42 @@ +defmodule Pleroma.Web.OAuth.AuthorizationTest do + use Pleroma.DataCase + alias Pleroma.Web.OAuth.{Authorization, App} + import Pleroma.Factory + + test "create an authorization token for a valid app" do + {:ok, app} = Repo.insert(App.register_changeset(%App{}, %{client_name: "client", scopes: "scope", redirect_uris: "url"})) + user = insert(:user) + + {:ok, auth} = Authorization.create_authorization(app, user) + + assert auth.user_id == user.id + assert auth.app_id == app.id + assert String.length(auth.token) > 10 + assert auth.used == false + end + + test "use up a token" do + {:ok, app} = Repo.insert(App.register_changeset(%App{}, %{client_name: "client", scopes: "scope", redirect_uris: "url"})) + user = insert(:user) + + {:ok, auth} = Authorization.create_authorization(app, user) + + {:ok, auth} = Authorization.use_token(auth) + + assert auth.used == true + + assert {:error, "already used"} == Authorization.use_token(auth) + + expired_auth = %Authorization{ + user_id: user.id, + app_id: app.id, + valid_until: NaiveDateTime.add(NaiveDateTime.utc_now, -10), + token: "mytoken", + used: false + } + + {:ok, expired_auth} = Repo.insert(expired_auth) + + assert {:error, "token expired"} == Authorization.use_token(expired_auth) + end +end diff --git a/test/web/oauth/token_test.exs b/test/web/oauth/token_test.exs new file mode 100644 index 000000000..3bd763989 --- /dev/null +++ b/test/web/oauth/token_test.exs @@ -0,0 +1,24 @@ +defmodule Pleroma.Web.OAuth.TokenTest do + use Pleroma.DataCase + alias Pleroma.Web.OAuth.{App, Token, Authorization} + alias Pleroma.Repo + + import Pleroma.Factory + + test "exchanges a auth token for an access token" do + {:ok, app} = Repo.insert(App.register_changeset(%App{}, %{client_name: "client", scopes: "scope", redirect_uris: "url"})) + user = insert(:user) + + {:ok, auth} = Authorization.create_authorization(app, user) + + {:ok, token} = Token.exchange_token(app, auth) + + assert token.app_id == app.id + assert token.user_id == user.id + assert String.length(token.token) > 10 + assert String.length(token.refresh_token) > 10 + + auth = Repo.get(Authorization, auth.id) + {:error, "already used"} = Token.exchange_token(app, auth) + end +end |