2018-12-23 21:11:29 +01:00
|
|
|
# Pleroma: A lightweight social networking server
|
2021-01-13 07:49:20 +01:00
|
|
|
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
|
2018-12-23 21:11:29 +01:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
2017-09-09 12:02:59 +02:00
|
|
|
defmodule Pleroma.Web.OAuth.TokenTest do
|
2020-12-21 12:21:40 +01:00
|
|
|
use Pleroma.DataCase, async: true
|
2019-03-05 03:52:23 +01:00
|
|
|
alias Pleroma.Repo
|
2019-02-10 22:57:38 +01:00
|
|
|
alias Pleroma.Web.OAuth.App
|
|
|
|
alias Pleroma.Web.OAuth.Authorization
|
|
|
|
alias Pleroma.Web.OAuth.Token
|
2017-09-09 12:02:59 +02:00
|
|
|
|
|
|
|
import Pleroma.Factory
|
|
|
|
|
2019-02-19 20:28:21 +01:00
|
|
|
test "exchanges a auth token for an access token, preserving `scopes`" do
|
2018-03-30 15:01:53 +02:00
|
|
|
{:ok, app} =
|
|
|
|
Repo.insert(
|
|
|
|
App.register_changeset(%App{}, %{
|
|
|
|
client_name: "client",
|
2019-02-19 20:28:21 +01:00
|
|
|
scopes: ["read", "write"],
|
2018-03-30 15:01:53 +02:00
|
|
|
redirect_uris: "url"
|
|
|
|
})
|
|
|
|
)
|
|
|
|
|
2017-09-09 12:02:59 +02:00
|
|
|
user = insert(:user)
|
|
|
|
|
2019-02-19 20:28:21 +01:00
|
|
|
{:ok, auth} = Authorization.create_authorization(app, user, ["read"])
|
|
|
|
assert auth.scopes == ["read"]
|
2017-09-09 12:02:59 +02:00
|
|
|
|
|
|
|
{:ok, token} = Token.exchange_token(app, auth)
|
|
|
|
|
|
|
|
assert token.app_id == app.id
|
|
|
|
assert token.user_id == user.id
|
2019-02-19 20:28:21 +01:00
|
|
|
assert token.scopes == auth.scopes
|
2017-09-09 12:02:59 +02:00
|
|
|
assert String.length(token.token) > 10
|
|
|
|
assert String.length(token.refresh_token) > 10
|
|
|
|
|
|
|
|
auth = Repo.get(Authorization, auth.id)
|
|
|
|
{:error, "already used"} = Token.exchange_token(app, auth)
|
|
|
|
end
|
2018-10-14 01:45:11 +02:00
|
|
|
|
|
|
|
test "deletes all tokens of a user" do
|
|
|
|
{:ok, app1} =
|
|
|
|
Repo.insert(
|
|
|
|
App.register_changeset(%App{}, %{
|
|
|
|
client_name: "client1",
|
2019-02-13 22:29:29 +01:00
|
|
|
scopes: ["scope"],
|
2018-10-14 01:45:11 +02:00
|
|
|
redirect_uris: "url"
|
|
|
|
})
|
|
|
|
)
|
|
|
|
|
|
|
|
{:ok, app2} =
|
|
|
|
Repo.insert(
|
|
|
|
App.register_changeset(%App{}, %{
|
|
|
|
client_name: "client2",
|
2019-02-13 22:29:29 +01:00
|
|
|
scopes: ["scope"],
|
2018-10-14 01:45:11 +02:00
|
|
|
redirect_uris: "url"
|
|
|
|
})
|
|
|
|
)
|
|
|
|
|
|
|
|
user = insert(:user)
|
|
|
|
|
|
|
|
{:ok, auth1} = Authorization.create_authorization(app1, user)
|
|
|
|
{:ok, auth2} = Authorization.create_authorization(app2, user)
|
|
|
|
|
2018-12-11 13:31:52 +01:00
|
|
|
{:ok, _token1} = Token.exchange_token(app1, auth1)
|
|
|
|
{:ok, _token2} = Token.exchange_token(app2, auth2)
|
2018-10-14 01:45:11 +02:00
|
|
|
|
|
|
|
{tokens, _} = Token.delete_user_tokens(user)
|
|
|
|
|
|
|
|
assert tokens == 2
|
|
|
|
end
|
2017-09-09 12:02:59 +02:00
|
|
|
end
|