Merge branch 'develop' into feature/tag_feed

author: Maksim Pechnikov <parallel588@gmail.com> 2020-01-15 19:11:13 +0300
committer: Maksim Pechnikov <parallel588@gmail.com> 2020-01-15 19:11:13 +0300
commit: a5db044e579ed9923e610cdf89dff6146d9b0986 (patch)
tree: f72f321dc438f1bba4e3a8ceb6edbc139cdaad92 /test
parent: aa9fe3a712ac14dd2ee3227e6066bd3c47e9a5f3 (diff)
parent: 6317183acd767ba0ae1a245119d0276696444d92 (diff)
download: pleroma-a5db044e579ed9923e610cdf89dff6146d9b0986.tar.gz
2 files changed, 44 insertions, 38 deletions
diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs
index 9cc534f57..59f4674eb 100644
--- a/test/web/oauth/oauth_controller_test.exs
+++ b/test/web/oauth/oauth_controller_test.exs
@@ -568,29 +568,34 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
   describe "POST /oauth/authorize" do
     test "redirects with oauth authorization, " <>
-           "keeping only non-admin scopes for non-admin user" do
-      app = insert(:oauth_app, scopes: ["read", "write", "admin"])
+           "granting requested app-supported scopes to both admin- and non-admin users" do
+      app_scopes = ["read", "write", "admin", "secret_scope"]
+      app = insert(:oauth_app, scopes: app_scopes)
       redirect_uri = OAuthController.default_redirect_uri(app)
 
       non_admin = insert(:user, is_admin: false)
       admin = insert(:user, is_admin: true)
+      scopes_subset = ["read:subscope", "write", "admin"]
 
-      for {user, expected_scopes} <- %{
-            non_admin => ["read:subscope", "write"],
-            admin => ["read:subscope", "write", "admin"]
-          } do
+      # In case scope param is missing, expecting _all_ app-supported scopes to be granted
+      for user <- [non_admin, admin],
+          {requested_scopes, expected_scopes} <-
+            %{scopes_subset => scopes_subset, nil => app_scopes} do
         conn =
-          build_conn()
-          |> post("/oauth/authorize", %{
-            "authorization" => %{
-              "name" => user.nickname,
-              "password" => "test",
-              "client_id" => app.client_id,
-              "redirect_uri" => redirect_uri,
-              "scope" => "read:subscope write admin",
-              "state" => "statepassed"
+          post(
+            build_conn(),
+            "/oauth/authorize",
+            %{
+              "authorization" => %{
+                "name" => user.nickname,
+                "password" => "test",
+                "client_id" => app.client_id,
+                "redirect_uri" => redirect_uri,
+                "scope" => requested_scopes,
+                "state" => "statepassed"
+              }
             }
-          })
+          )
 
         target = redirected_to(conn)
         assert target =~ redirect_uri
@@ -631,34 +636,31 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
       assert result =~ "Invalid Username/Password"
     end
 
-    test "returns 401 for missing scopes " <>
-           "(including all admin-only scopes for non-admin user)" do
+    test "returns 401 for missing scopes" do
       user = insert(:user, is_admin: false)
       app = insert(:oauth_app, scopes: ["read", "write", "admin"])
       redirect_uri = OAuthController.default_redirect_uri(app)
 
-      for scope_param <- ["", "admin:read admin:write"] do
-        result =
-          build_conn()
-          |> post("/oauth/authorize", %{
-            "authorization" => %{
-              "name" => user.nickname,
-              "password" => "test",
-              "client_id" => app.client_id,
-              "redirect_uri" => redirect_uri,
-              "state" => "statepassed",
-              "scope" => scope_param
-            }
-          })
-          |> html_response(:unauthorized)
+      result =
+        build_conn()
+        |> post("/oauth/authorize", %{
+          "authorization" => %{
+            "name" => user.nickname,
+            "password" => "test",
+            "client_id" => app.client_id,
+            "redirect_uri" => redirect_uri,
+            "state" => "statepassed",
+            "scope" => ""
+          }
+        })
+        |> html_response(:unauthorized)
 
-        # Keep the details
-        assert result =~ app.client_id
-        assert result =~ redirect_uri
+      # Keep the details
+      assert result =~ app.client_id
+      assert result =~ redirect_uri
 
-        # Error message
-        assert result =~ "This action is outside the authorized scopes"
-      end
+      # Error message
+      assert result =~ "This action is outside the authorized scopes"
     end
 
     test "returns 401 for scopes beyond app scopes hierarchy", %{conn: conn} do
diff --git a/test/web/pleroma_api/controllers/emoji_api_controller_test.exs b/test/web/pleroma_api/controllers/emoji_api_controller_test.exs
index e1b484dae..8e76f2f3d 100644
--- a/test/web/pleroma_api/controllers/emoji_api_controller_test.exs
+++ b/test/web/pleroma_api/controllers/emoji_api_controller_test.exs
@@ -14,6 +14,10 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
                     "emoji"
                   )
 
+  clear_config([:auth, :enforce_oauth_admin_scope_usage]) do
+    Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], false)
+  end
+
   test "shared & non-shared pack information in list_packs is ok" do
     conn = build_conn()
     resp = conn |> get(emoji_api_path(conn, :list_packs)) |> json_response(200)
author	Maksim Pechnikov <parallel588@gmail.com>	2020-01-15 19:11:13 +0300
committer	Maksim Pechnikov <parallel588@gmail.com>	2020-01-15 19:11:13 +0300
commit	a5db044e579ed9923e610cdf89dff6146d9b0986 (patch)
tree	f72f321dc438f1bba4e3a8ceb6edbc139cdaad92 /test
parent	aa9fe3a712ac14dd2ee3227e6066bd3c47e9a5f3 (diff)
parent	6317183acd767ba0ae1a245119d0276696444d92 (diff)
download	pleroma-a5db044e579ed9923e610cdf89dff6146d9b0986.tar.gz