@ -8,36 +8,116 @@ defmodule Pleroma.Plugs.UserIsAdminPlugTest do
alias Pleroma.Plugs.UserIsAdminPlug
import Pleroma.Factory
test " accepts a user that is admin " do
describe " unless [:auth, :enforce_oauth_admin_scope_usage], " do
clear_config ( [ :auth , :enforce_oauth_admin_scope_usage ] ) do
Pleroma.Config . put ( [ :auth , :enforce_oauth_admin_scope_usage ] , false )
end
test " accepts a user that is an admin " do
user = insert ( :user , is_admin : true )
conn = assign ( build_conn ( ) , :user , user )
ret_conn = UserIsAdminPlug . call ( conn , %{ } )
assert conn == ret_conn
end
test " denies a user that isn't an admin " do
user = insert ( :user )
conn =
build_conn ( )
|> assign ( :user , user )
|> UserIsAdminPlug . call ( %{ } )
ret_conn =
assert conn . status == 403
end
test " denies when a user isn't set " do
conn = UserIsAdminPlug . call ( build_conn ( ) , %{ } )
assert conn . status == 403
end
end
describe " with [:auth, :enforce_oauth_admin_scope_usage], " do
clear_config ( [ :auth , :enforce_oauth_admin_scope_usage ] ) do
Pleroma.Config . put ( [ :auth , :enforce_oauth_admin_scope_usage ] , true )
end
setup do
admin_user = insert ( :user , is_admin : true )
non_admin_user = insert ( :user , is_admin : false )
blank_user = nil
{ :ok , %{ users : [ admin_user , non_admin_user , blank_user ] } }
end
test " if token has any of admin scopes, accepts a user that is an admin " , %{ conn : conn } do
user = insert ( :user , is_admin : true )
token = insert ( :oauth_token , user : user , scopes : [ " admin:something " ] )
conn =
conn
|> UserIsAdminPlug . call ( %{ } )
|> assign ( :user , user )
|> assign ( :token , token )
ret_conn = UserIsAdminPlug . call ( conn , %{ } )
assert conn == ret_conn
end
test " denies a user that isn't admin " do
user = insert ( :user )
test " if token has any of admin scopes, denies a user that isn't an admin " , %{ conn : conn } do
user = insert ( :user , is_admin : false )
token = insert ( :oauth_token , user : user , scopes : [ " admin:something " ] )
conn =
conn
|> assign ( :user , user )
|> assign ( :token , token )
|> UserIsAdminPlug . call ( %{ } )
assert conn . status == 403
end
test " if token has any of admin scopes, denies when a user isn't set " , %{ conn : conn } do
token = insert ( :oauth_token , scopes : [ " admin:something " ] )
conn =
conn
|> assign ( :user , nil )
|> assign ( :token , token )
|> UserIsAdminPlug . call ( %{ } )
assert conn . status == 403
end
test " if token lacks admin scopes, denies users regardless of is_admin flag " ,
%{ users : users } do
for user <- users do
token = insert ( :oauth_token , user : user )
conn =
build_conn ( )
|> assign ( :user , user )
|> assign ( :token , token )
|> UserIsAdminPlug . call ( %{ } )
assert conn . status == 403
end
end
test " denies when a user isn't set " do
test " if token is missing, denies users regardless of is_admin flag " , %{ users : users } do
for user <- users do
conn =
build_conn ( )
|> assign ( :user , user )
|> assign ( :token , nil )
|> UserIsAdminPlug . call ( %{ } )
assert conn . status == 403
end
end
end
end