pleroma/test/pleroma/web/plugs/admin_secret_authentication...

# Pleroma: A lightweight social networking server
# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.Plugs.AdminSecretAuthenticationPlugTest do
  use Pleroma.Web.ConnCase

  import Mock
  import Pleroma.Factory

  alias Pleroma.Web.Plugs.AdminSecretAuthenticationPlug
  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.Plugs.PlugHelper
  alias Pleroma.Web.Plugs.RateLimiter

  test "does nothing if a user is assigned", %{conn: conn} do
    user = insert(:user)

    conn =
      conn
      |> assign(:user, user)

    ret_conn =
      conn
      |> AdminSecretAuthenticationPlug.call(%{})

    assert conn == ret_conn
  end

  describe "when secret set it assigns an admin user" do
    setup do: clear_config([:admin_token])

    setup_with_mocks([{RateLimiter, [:passthrough], []}]) do
      :ok
    end

    test "with `admin_token` query parameter", %{conn: conn} do
      clear_config(:admin_token, "password123")

      conn =
        %{conn | params: %{"admin_token" => "wrong_password"}}
        |> AdminSecretAuthenticationPlug.call(%{})

      refute conn.assigns[:user]
      assert called(RateLimiter.call(conn, name: :authentication))

      conn =
        %{conn | params: %{"admin_token" => "password123"}}
        |> AdminSecretAuthenticationPlug.call(%{})

      assert conn.assigns[:user].is_admin
      assert conn.assigns[:token] == nil
      assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
    end

    test "with `x-admin-token` HTTP header", %{conn: conn} do
      clear_config(:admin_token, "☕️")

      conn =
        conn
        |> put_req_header("x-admin-token", "🥛")
        |> AdminSecretAuthenticationPlug.call(%{})

      refute conn.assigns[:user]
      assert called(RateLimiter.call(conn, name: :authentication))

      conn =
        conn
        |> put_req_header("x-admin-token", "☕️")
        |> AdminSecretAuthenticationPlug.call(%{})

      assert conn.assigns[:user].is_admin
      assert conn.assigns[:token] == nil
      assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
    end
  end
end
tests: add legal boilerplate 2018-12-23 21:11:29 +01:00			`# Pleroma: A lightweight social networking server`
Copyright bump for 2022 2022-02-26 07:11:42 +01:00			`# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>`
tests: add legal boilerplate 2018-12-23 21:11:29 +01:00			`# SPDX-License-Identifier: AGPL-3.0-only`

tests consistency 2020-06-23 17:16:47 +02:00			`defmodule Pleroma.Web.Plugs.AdminSecretAuthenticationPlugTest do`
don't run async tests, which use Mock 2020-09-08 16:12:38 +02:00			`use Pleroma.Web.ConnCase`
[#1940] Applied rate limit for requests with bad `admin_token`. Added doc warnings on `admin_token` setting. 2020-07-14 10:58:41 +02:00
			`import Mock`
Add a way to use the admin api without a user. 2018-12-18 21:08:52 +01:00			`import Pleroma.Factory`

AdminSecretAuthenticationPlug module name 2020-06-24 10:18:42 +02:00			`alias Pleroma.Web.Plugs.AdminSecretAuthenticationPlug`
			`alias Pleroma.Web.Plugs.OAuthScopesPlug`
			`alias Pleroma.Web.Plugs.PlugHelper`
			`alias Pleroma.Web.Plugs.RateLimiter`
Add a way to use the admin api without a user. 2018-12-18 21:08:52 +01:00
			`test "does nothing if a user is assigned", %{conn: conn} do`
			`user = insert(:user)`

			`conn =`
			`conn`
			`\|> assign(:user, user)`

			`ret_conn =`
			`conn`
			`\|> AdminSecretAuthenticationPlug.call(%{})`

			`assert conn == ret_conn`
			`end`

Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00			`describe "when secret set it assigns an admin user" do`
Improved in-test `clear_config/n` applicability (setup / setup_all / in-test usage). 2020-03-20 16:33:00 +01:00			`setup do: clear_config([:admin_token])`
Tweaks to `clear_config` calls in tests in order to prevent side effects on config during test suite execution. 2020-02-13 19:55:47 +01:00
[#1940] Applied rate limit for requests with bad `admin_token`. Added doc warnings on `admin_token` setting. 2020-07-14 10:58:41 +02:00			`setup_with_mocks([{RateLimiter, [:passthrough], []}]) do`
			`:ok`
			`end`

Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00			test "with `admin_token` query parameter", %{conn: conn} do
Convert tests to all use clear_config instead of Pleroma.Config.put 2021-01-26 18:58:43 +01:00			`clear_config(:admin_token, "password123")`
Add a way to use the admin api without a user. 2018-12-18 21:08:52 +01:00
Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00			`conn =`
			`%{conn \| params: %{"admin_token" => "wrong_password"}}`
			`\|> AdminSecretAuthenticationPlug.call(%{})`
Add a way to use the admin api without a user. 2018-12-18 21:08:52 +01:00
Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00			`refute conn.assigns[:user]`
[#1940] Applied rate limit for requests with bad `admin_token`. Added doc warnings on `admin_token` setting. 2020-07-14 10:58:41 +02:00			`assert called(RateLimiter.call(conn, name: :authentication))`
Add a way to use the admin api without a user. 2018-12-18 21:08:52 +01:00
Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00			`conn =`
			`%{conn \| params: %{"admin_token" => "password123"}}`
			`\|> AdminSecretAuthenticationPlug.call(%{})`

			`assert conn.assigns[:user].is_admin`
Auth subsystem refactoring and tweaks. Added proper OAuth skipping for SessionAuthenticationPlug. Integrated LegacyAuthenticationPlug into AuthenticationPlug. Adjusted tests & docs. 2020-10-31 11:38:35 +01:00			`assert conn.assigns[:token] == nil`
[#1940] Reinstated OAuth-less `admin_token` authentication. Refactored UserIsAdminPlug (freed from checking admin scopes presence). 2020-07-19 20:35:57 +02:00			`assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)`
Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00			`end`

			test "with `x-admin-token` HTTP header", %{conn: conn} do
Convert tests to all use clear_config instead of Pleroma.Config.put 2021-01-26 18:58:43 +01:00			`clear_config(:admin_token, "☕️")`
Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00
			`conn =`
			`conn`
			`\|> put_req_header("x-admin-token", "🥛")`
			`\|> AdminSecretAuthenticationPlug.call(%{})`

			`refute conn.assigns[:user]`
[#1940] Applied rate limit for requests with bad `admin_token`. Added doc warnings on `admin_token` setting. 2020-07-14 10:58:41 +02:00			`assert called(RateLimiter.call(conn, name: :authentication))`
Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00
			`conn =`
			`conn`
			`\|> put_req_header("x-admin-token", "☕️")`
			`\|> AdminSecretAuthenticationPlug.call(%{})`
Add a way to use the admin api without a user. 2018-12-18 21:08:52 +01:00
Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00			`assert conn.assigns[:user].is_admin`
Auth subsystem refactoring and tweaks. Added proper OAuth skipping for SessionAuthenticationPlug. Integrated LegacyAuthenticationPlug into AuthenticationPlug. Adjusted tests & docs. 2020-10-31 11:38:35 +01:00			`assert conn.assigns[:token] == nil`
[#1940] Reinstated OAuth-less `admin_token` authentication. Refactored UserIsAdminPlug (freed from checking admin scopes presence). 2020-07-19 20:35:57 +02:00			`assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)`
Support authentication via `x-admin-token` HTTP header 2019-11-19 09:58:20 +01:00			`end`
Add a way to use the admin api without a user. 2018-12-18 21:08:52 +01:00			`end`
			`end`