pleroma/test/plugs/admin_secret_authentication...

# Pleroma: A lightweight social networking server
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Plugs.AdminSecretAuthenticationPlugTest do
  use Pleroma.Web.ConnCase, async: true
  import Pleroma.Factory

  alias Pleroma.Plugs.AdminSecretAuthenticationPlug
  alias Pleroma.Plugs.OAuthScopesPlug
  alias Pleroma.Plugs.PlugHelper

  test "does nothing if a user is assigned", %{conn: conn} do
    user = insert(:user)

    conn =
      conn
      |> assign(:user, user)

    ret_conn =
      conn
      |> AdminSecretAuthenticationPlug.call(%{})

    assert conn == ret_conn
  end

  describe "when secret set it assigns an admin user" do
    setup do: clear_config([:admin_token])

    test "with `admin_token` query parameter", %{conn: conn} do
      Pleroma.Config.put(:admin_token, "password123")

      conn =
        %{conn | params: %{"admin_token" => "wrong_password"}}
        |> AdminSecretAuthenticationPlug.call(%{})

      refute conn.assigns[:user]

      conn =
        %{conn | params: %{"admin_token" => "password123"}}
        |> AdminSecretAuthenticationPlug.call(%{})

      assert conn.assigns[:user].is_admin
      assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
    end

    test "with `x-admin-token` HTTP header", %{conn: conn} do
      Pleroma.Config.put(:admin_token, "☕️")

      conn =
        conn
        |> put_req_header("x-admin-token", "🥛")
        |> AdminSecretAuthenticationPlug.call(%{})

      refute conn.assigns[:user]

      conn =
        conn
        |> put_req_header("x-admin-token", "☕️")
        |> AdminSecretAuthenticationPlug.call(%{})

      assert conn.assigns[:user].is_admin
      assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
    end
  end
end
tests: add legal boilerplate 2018-12-23 21:11:29 +01:00			`# Pleroma: A lightweight social networking server`
Bump copyright years of files changed after 2020-01-07 Done via the following command: git diff fcd5dd259a1700a045be902b43391b0d1bd58a5b --stat --name-only \| xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>' 2020-03-02 06:08:45 +01:00			`# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>`
tests: add legal boilerplate 2018-12-23 21:11:29 +01:00			`# SPDX-License-Identifier: AGPL-3.0-only`

Add a way to use the admin api without a user. 2018-12-18 21:08:52 +01:00			`defmodule Pleroma.Plugs.AdminSecretAuthenticationPlugTest do`
			`use Pleroma.Web.ConnCase, async: true`
			`import Pleroma.Factory`

			`alias Pleroma.Plugs.AdminSecretAuthenticationPlug`
[#1940] Reinstated OAuth-less `admin_token` authentication. Refactored UserIsAdminPlug (freed from checking admin scopes presence). 2020-07-19 20:35:57 +02:00			`alias Pleroma.Plugs.OAuthScopesPlug`
			`alias Pleroma.Plugs.PlugHelper`
Add a way to use the admin api without a user. 2018-12-18 21:08:52 +01:00
			`test "does nothing if a user is assigned", %{conn: conn} do`
			`user = insert(:user)`

			`conn =`
			`conn`
			`\|> assign(:user, user)`

			`ret_conn =`
			`conn`
			`\|> AdminSecretAuthenticationPlug.call(%{})`

			`assert conn == ret_conn`
			`end`

Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00			`describe "when secret set it assigns an admin user" do`
Improved in-test `clear_config/n` applicability (setup / setup_all / in-test usage). 2020-03-20 16:33:00 +01:00			`setup do: clear_config([:admin_token])`
Tweaks to `clear_config` calls in tests in order to prevent side effects on config during test suite execution. 2020-02-13 19:55:47 +01:00
Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00			test "with `admin_token` query parameter", %{conn: conn} do
			`Pleroma.Config.put(:admin_token, "password123")`
Add a way to use the admin api without a user. 2018-12-18 21:08:52 +01:00
Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00			`conn =`
			`%{conn \| params: %{"admin_token" => "wrong_password"}}`
			`\|> AdminSecretAuthenticationPlug.call(%{})`
Add a way to use the admin api without a user. 2018-12-18 21:08:52 +01:00
Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00			`refute conn.assigns[:user]`
Add a way to use the admin api without a user. 2018-12-18 21:08:52 +01:00
Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00			`conn =`
			`%{conn \| params: %{"admin_token" => "password123"}}`
			`\|> AdminSecretAuthenticationPlug.call(%{})`

			`assert conn.assigns[:user].is_admin`
[#1940] Reinstated OAuth-less `admin_token` authentication. Refactored UserIsAdminPlug (freed from checking admin scopes presence). 2020-07-19 20:35:57 +02:00			`assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)`
Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00			`end`

			test "with `x-admin-token` HTTP header", %{conn: conn} do
			`Pleroma.Config.put(:admin_token, "☕️")`

			`conn =`
			`conn`
			`\|> put_req_header("x-admin-token", "🥛")`
			`\|> AdminSecretAuthenticationPlug.call(%{})`

			`refute conn.assigns[:user]`

			`conn =`
			`conn`
			`\|> put_req_header("x-admin-token", "☕️")`
			`\|> AdminSecretAuthenticationPlug.call(%{})`
Add a way to use the admin api without a user. 2018-12-18 21:08:52 +01:00
Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00			`assert conn.assigns[:user].is_admin`
[#1940] Reinstated OAuth-less `admin_token` authentication. Refactored UserIsAdminPlug (freed from checking admin scopes presence). 2020-07-19 20:35:57 +02:00			`assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)`
Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00			`end`
Add a way to use the admin api without a user. 2018-12-18 21:08:52 +01:00			`end`
			`end`