diff options
| author | lain <lain@soykaf.club> | 2020-05-18 18:38:32 +0200 |
|---|---|---|
| committer | lain <lain@soykaf.club> | 2020-05-18 18:38:32 +0200 |
| commit | 0d417e005d5ef89f982866ee09559aef24e36a85 (patch) | |
| tree | 1381e8f6dbe63ab3a0f61562672a3cf2d69d7f65 /test/web | |
| parent | baf051a59e8bfcb2e55b5e28e46e80d6961b9bb4 (diff) | |
| parent | 8e9c939e42b7d649d58ce91465086751031b13c8 (diff) | |
| download | pleroma-0d417e005d5ef89f982866ee09559aef24e36a85.tar.gz | |
Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into remake-remodel-dms
Diffstat (limited to 'test/web')
| -rw-r--r-- | test/web/auth/pleroma_authenticator_test.exs | 11 | ||||
| -rw-r--r-- | test/web/auth/totp_authenticator_test.exs | 2 | ||||
| -rw-r--r-- | test/web/mastodon_api/controllers/media_controller_test.exs | 30 |
3 files changed, 33 insertions, 10 deletions
diff --git a/test/web/auth/pleroma_authenticator_test.exs b/test/web/auth/pleroma_authenticator_test.exs index 5a421e5ed..1ba0dfecc 100644 --- a/test/web/auth/pleroma_authenticator_test.exs +++ b/test/web/auth/pleroma_authenticator_test.exs @@ -1,5 +1,5 @@ # Pleroma: A lightweight social networking server -# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/> +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.Auth.PleromaAuthenticatorTest do @@ -15,11 +15,16 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticatorTest do {:ok, [user: user, name: name, password: password]} end - test "get_user/authorization", %{user: user, name: name, password: password} do + test "get_user/authorization", %{name: name, password: password} do + name = name <> "1" + user = insert(:user, nickname: name, password_hash: Bcrypt.hash_pwd_salt(password)) + params = %{"authorization" => %{"name" => name, "password" => password}} res = PleromaAuthenticator.get_user(%Plug.Conn{params: params}) - assert {:ok, user} == res + assert {:ok, returned_user} = res + assert returned_user.id == user.id + assert "$pbkdf2" <> _ = returned_user.password_hash end test "get_user/authorization with invalid password", %{name: name} do diff --git a/test/web/auth/totp_authenticator_test.exs b/test/web/auth/totp_authenticator_test.exs index e502e0ae8..84d4cd840 100644 --- a/test/web/auth/totp_authenticator_test.exs +++ b/test/web/auth/totp_authenticator_test.exs @@ -1,5 +1,5 @@ # Pleroma: A lightweight social networking server -# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/> +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.Auth.TOTPAuthenticatorTest do diff --git a/test/web/mastodon_api/controllers/media_controller_test.exs b/test/web/mastodon_api/controllers/media_controller_test.exs index 7ba1727f2..906fd940f 100644 --- a/test/web/mastodon_api/controllers/media_controller_test.exs +++ b/test/web/mastodon_api/controllers/media_controller_test.exs @@ -9,9 +9,9 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do alias Pleroma.User alias Pleroma.Web.ActivityPub.ActivityPub - setup do: oauth_access(["write:media"]) - describe "Upload media" do + setup do: oauth_access(["write:media"]) + setup do image = %Plug.Upload{ content_type: "image/jpg", @@ -42,7 +42,7 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do assert object.data["actor"] == User.ap_id(conn.assigns[:user]) end - test "/api/v2/media", %{conn: conn, image: image} do + test "/api/v2/media", %{conn: conn, user: user, image: image} do desc = "Description of the image" response = @@ -53,6 +53,8 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do assert media_id = response["id"] + %{conn: conn} = oauth_access(["read:media"], user: user) + media = conn |> get("/api/v1/media/#{media_id}") @@ -61,12 +63,15 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do assert media["type"] == "image" assert media["description"] == desc assert media["id"] + object = Object.get_by_id(media["id"]) - assert object.data["actor"] == User.ap_id(conn.assigns[:user]) + assert object.data["actor"] == user.ap_id end end describe "Update media description" do + setup do: oauth_access(["write:media"]) + setup %{user: actor} do file = %Plug.Upload{ content_type: "image/jpg", @@ -96,7 +101,9 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do end end - describe "Get media by id" do + describe "Get media by id (/api/v1/media/:id)" do + setup do: oauth_access(["read:media"]) + setup %{user: actor} do file = %Plug.Upload{ content_type: "image/jpg", @@ -114,7 +121,7 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do [object: object] end - test "/api/v1/media/:id", %{conn: conn, object: object} do + test "it returns media object when requested by owner", %{conn: conn, object: object} do media = conn |> get("/api/v1/media/#{object.id}") @@ -124,5 +131,16 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do assert media["type"] == "image" assert media["id"] end + + test "it returns 403 if media object requested by non-owner", %{object: object, user: user} do + %{conn: conn, user: other_user} = oauth_access(["read:media"]) + + assert object.data["actor"] == user.ap_id + refute user.id == other_user.id + + conn + |> get("/api/v1/media/#{object.id}") + |> json_response(403) + end end end |