2 files changed, 211 insertions, 0 deletions

diff --git a/test/web/oauth/ldap_authorization_test.exs b/test/web/oauth/ldap_authorization_test.exs
new file mode 100644
index 000000000..5bf7eb93c
--- /dev/null
+++ b/test/web/oauth/ldap_authorization_test.exs
@@ -0,0 +1,189 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
+  use Pleroma.Web.ConnCase
+  alias Pleroma.Repo
+  alias Pleroma.Web.OAuth.Token
+  import Pleroma.Factory
+  import ExUnit.CaptureLog
+  import Mock
+
+  setup_all do
+    ldap_authenticator =
+      Pleroma.Config.get(Pleroma.Web.Auth.Authenticator, Pleroma.Web.Auth.PleromaAuthenticator)
+
+    ldap_enabled = Pleroma.Config.get([:ldap, :enabled])
+
+    on_exit(fn ->
+      Pleroma.Config.put(Pleroma.Web.Auth.Authenticator, ldap_authenticator)
+      Pleroma.Config.put([:ldap, :enabled], ldap_enabled)
+    end)
+
+    Pleroma.Config.put(Pleroma.Web.Auth.Authenticator, Pleroma.Web.Auth.LDAPAuthenticator)
+    Pleroma.Config.put([:ldap, :enabled], true)
+
+    :ok
+  end
+
+  test "authorizes the existing user using LDAP credentials" do
+    password = "testpassword"
+    user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+    app = insert(:oauth_app, scopes: ["read", "write"])
+
+    host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
+    port = Pleroma.Config.get([:ldap, :port])
+
+    with_mocks [
+      {:eldap, [],
+       [
+         open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:ok, self()} end,
+         simple_bind: fn _connection, _dn, ^password -> :ok end,
+         close: fn _connection ->
+           send(self(), :close_connection)
+           :ok
+         end
+       ]}
+    ] do
+      conn =
+        build_conn()
+        |> post("/oauth/token", %{
+          "grant_type" => "password",
+          "username" => user.nickname,
+          "password" => password,
+          "client_id" => app.client_id,
+          "client_secret" => app.client_secret
+        })
+
+      assert %{"access_token" => token} = json_response(conn, 200)
+
+      token = Repo.get_by(Token, token: token)
+
+      assert token.user_id == user.id
+      assert_received :close_connection
+    end
+  end
+
+  test "creates a new user after successful LDAP authorization" do
+    password = "testpassword"
+    user = build(:user)
+    app = insert(:oauth_app, scopes: ["read", "write"])
+
+    host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
+    port = Pleroma.Config.get([:ldap, :port])
+
+    with_mocks [
+      {:eldap, [],
+       [
+         open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:ok, self()} end,
+         simple_bind: fn _connection, _dn, ^password -> :ok end,
+         equalityMatch: fn _type, _value -> :ok end,
+         wholeSubtree: fn -> :ok end,
+         search: fn _connection, _options ->
+           {:ok,
+            {:eldap_search_result, [{:eldap_entry, '', [{'mail', [to_charlist(user.email)]}]}],
+             []}}
+         end,
+         close: fn _connection ->
+           send(self(), :close_connection)
+           :ok
+         end
+       ]}
+    ] do
+      conn =
+        build_conn()
+        |> post("/oauth/token", %{
+          "grant_type" => "password",
+          "username" => user.nickname,
+          "password" => password,
+          "client_id" => app.client_id,
+          "client_secret" => app.client_secret
+        })
+
+      assert %{"access_token" => token} = json_response(conn, 200)
+
+      token = Repo.get_by(Token, token: token) |> Repo.preload(:user)
+
+      assert token.user.nickname == user.nickname
+      assert_received :close_connection
+    end
+  end
+
+  test "falls back to the default authorization when LDAP is unavailable" do
+    password = "testpassword"
+    user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+    app = insert(:oauth_app, scopes: ["read", "write"])
+
+    host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
+    port = Pleroma.Config.get([:ldap, :port])
+
+    with_mocks [
+      {:eldap, [],
+       [
+         open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:error, 'connect failed'} end,
+         simple_bind: fn _connection, _dn, ^password -> :ok end,
+         close: fn _connection ->
+           send(self(), :close_connection)
+           :ok
+         end
+       ]}
+    ] do
+      log =
+        capture_log(fn ->
+          conn =
+            build_conn()
+            |> post("/oauth/token", %{
+              "grant_type" => "password",
+              "username" => user.nickname,
+              "password" => password,
+              "client_id" => app.client_id,
+              "client_secret" => app.client_secret
+            })
+
+          assert %{"access_token" => token} = json_response(conn, 200)
+
+          token = Repo.get_by(Token, token: token)
+
+          assert token.user_id == user.id
+        end)
+
+      assert log =~ "Could not open LDAP connection: 'connect failed'"
+      refute_received :close_connection
+    end
+  end
+
+  test "disallow authorization for wrong LDAP credentials" do
+    password = "testpassword"
+    user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+    app = insert(:oauth_app, scopes: ["read", "write"])
+
+    host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
+    port = Pleroma.Config.get([:ldap, :port])
+
+    with_mocks [
+      {:eldap, [],
+       [
+         open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:ok, self()} end,
+         simple_bind: fn _connection, _dn, ^password -> {:error, :invalidCredentials} end,
+         close: fn _connection ->
+           send(self(), :close_connection)
+           :ok
+         end
+       ]}
+    ] do
+      conn =
+        build_conn()
+        |> post("/oauth/token", %{
+          "grant_type" => "password",
+          "username" => user.nickname,
+          "password" => password,
+          "client_id" => app.client_id,
+          "client_secret" => app.client_secret
+        })
+
+      assert %{"error" => "Invalid credentials"} = json_response(conn, 400)
+      assert_received :close_connection
+    end
+  end
+end
diff --git a/test/web/twitter_api/util_controller_test.exs b/test/web/twitter_api/util_controller_test.exs
index fc762ab18..6e8a25056 100644
--- a/test/web/twitter_api/util_controller_test.exs
+++ b/test/web/twitter_api/util_controller_test.exs
@@ -1,6 +1,9 @@
 defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
   use Pleroma.Web.ConnCase
 
+  alias Pleroma.Notification
+  alias Pleroma.Repo
+  alias Pleroma.Web.CommonAPI
   import Pleroma.Factory
 
   describe "POST /api/pleroma/follow_import" do
@@ -52,6 +55,25 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
     end
   end
 
+  describe "POST /api/pleroma/notifications/read" do
+    test "it marks a single notification as read", %{conn: conn} do
+      user1 = insert(:user)
+      user2 = insert(:user)
+      {:ok, activity1} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
+      {:ok, activity2} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
+      {:ok, [notification1]} = Notification.create_notifications(activity1)
+      {:ok, [notification2]} = Notification.create_notifications(activity2)
+
+      conn
+      |> assign(:user, user1)
+      |> post("/api/pleroma/notifications/read", %{"id" => "#{notification1.id}"})
+      |> json_response(:ok)
+
+      assert Repo.get(Notification, notification1.id).seen
+      refute Repo.get(Notification, notification2.id).seen
+    end
+  end
+
   describe "GET /api/statusnet/config.json" do
     test "it returns the managed config", %{conn: conn} do
       Pleroma.Config.put([:instance, :managed_config], false)