akkoma/test/pleroma/web/plugs/admin_secret_authentication_plug_test.exs

# Pleroma: A lightweight social networking server
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.Plugs.AdminSecretAuthenticationPlugTest do
  use Pleroma.Web.ConnCase

  import Mock
  import Pleroma.Factory

  alias Pleroma.Web.Plugs.AdminSecretAuthenticationPlug
  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.Plugs.PlugHelper
  alias Pleroma.Web.Plugs.RateLimiter

  test "does nothing if a user is assigned", %{conn: conn} do
    user = insert(:user)

    conn =
      conn
      |> assign(:user, user)

    ret_conn =
      conn
      |> AdminSecretAuthenticationPlug.call(%{})

    assert conn == ret_conn
  end

  describe "when secret set it assigns an admin user" do
    setup do: clear_config([:admin_token])

    setup_with_mocks([{RateLimiter, [:passthrough], []}]) do
      :ok
    end

    test "with `admin_token` query parameter", %{conn: conn} do
      Pleroma.Config.put(:admin_token, "password123")

      conn =
        %{conn | params: %{"admin_token" => "wrong_password"}}
        |> AdminSecretAuthenticationPlug.call(%{})

      refute conn.assigns[:user]
      assert called(RateLimiter.call(conn, name: :authentication))

      conn =
        %{conn | params: %{"admin_token" => "password123"}}
        |> AdminSecretAuthenticationPlug.call(%{})

      assert conn.assigns[:user].is_admin
      assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
    end

    test "with `x-admin-token` HTTP header", %{conn: conn} do
      Pleroma.Config.put(:admin_token, "☕️")

      conn =
        conn
        |> put_req_header("x-admin-token", "🥛")
        |> AdminSecretAuthenticationPlug.call(%{})

      refute conn.assigns[:user]
      assert called(RateLimiter.call(conn, name: :authentication))

      conn =
        conn
        |> put_req_header("x-admin-token", "☕️")
        |> AdminSecretAuthenticationPlug.call(%{})

      assert conn.assigns[:user].is_admin
      assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
    end
  end
end
tests: add legal boilerplate 2018-12-23 20:11:29 +00:00			`# Pleroma: A lightweight social networking server`
Bump copyright years of files changed after 2020-01-07 Done via the following command: git diff fcd5dd259a1700a045be902b43391b0d1bd58a5b --stat --name-only \| xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>' 2020-03-02 05:08:45 +00:00			`# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>`
tests: add legal boilerplate 2018-12-23 20:11:29 +00:00			`# SPDX-License-Identifier: AGPL-3.0-only`

tests consistency 2020-06-23 15:16:47 +00:00			`defmodule Pleroma.Web.Plugs.AdminSecretAuthenticationPlugTest do`
don't run async tests, which use Mock 2020-09-08 14:12:38 +00:00			`use Pleroma.Web.ConnCase`
[#1940] Applied rate limit for requests with bad `admin_token`. Added doc warnings on `admin_token` setting. 2020-07-14 08:58:41 +00:00
			`import Mock`
Add a way to use the admin api without a user. 2018-12-18 20:08:52 +00:00			`import Pleroma.Factory`

AdminSecretAuthenticationPlug module name 2020-06-24 08:18:42 +00:00			`alias Pleroma.Web.Plugs.AdminSecretAuthenticationPlug`
			`alias Pleroma.Web.Plugs.OAuthScopesPlug`
			`alias Pleroma.Web.Plugs.PlugHelper`
			`alias Pleroma.Web.Plugs.RateLimiter`
Add a way to use the admin api without a user. 2018-12-18 20:08:52 +00:00
			`test "does nothing if a user is assigned", %{conn: conn} do`
			`user = insert(:user)`

			`conn =`
			`conn`
			`\|> assign(:user, user)`

			`ret_conn =`
			`conn`
			`\|> AdminSecretAuthenticationPlug.call(%{})`

			`assert conn == ret_conn`
			`end`

Support authentication via `x-admin-token` HTTP header 2019-11-19 08:58:20 +00:00			`describe "when secret set it assigns an admin user" do`
Improved in-test `clear_config/n` applicability (setup / setup_all / in-test usage). 2020-03-20 15:33:00 +00:00			`setup do: clear_config([:admin_token])`
Tweaks to `clear_config` calls in tests in order to prevent side effects on config during test suite execution. 2020-02-13 18:55:47 +00:00
[#1940] Applied rate limit for requests with bad `admin_token`. Added doc warnings on `admin_token` setting. 2020-07-14 08:58:41 +00:00			`setup_with_mocks([{RateLimiter, [:passthrough], []}]) do`
			`:ok`
			`end`

Support authentication via `x-admin-token` HTTP header 2019-11-19 08:58:20 +00:00			test "with `admin_token` query parameter", %{conn: conn} do
			`Pleroma.Config.put(:admin_token, "password123")`
Add a way to use the admin api without a user. 2018-12-18 20:08:52 +00:00
Support authentication via `x-admin-token` HTTP header 2019-11-19 08:58:20 +00:00			`conn =`
			`%{conn \| params: %{"admin_token" => "wrong_password"}}`
			`\|> AdminSecretAuthenticationPlug.call(%{})`
Add a way to use the admin api without a user. 2018-12-18 20:08:52 +00:00
Support authentication via `x-admin-token` HTTP header 2019-11-19 08:58:20 +00:00			`refute conn.assigns[:user]`
[#1940] Applied rate limit for requests with bad `admin_token`. Added doc warnings on `admin_token` setting. 2020-07-14 08:58:41 +00:00			`assert called(RateLimiter.call(conn, name: :authentication))`
Add a way to use the admin api without a user. 2018-12-18 20:08:52 +00:00
Support authentication via `x-admin-token` HTTP header 2019-11-19 08:58:20 +00:00			`conn =`
			`%{conn \| params: %{"admin_token" => "password123"}}`
			`\|> AdminSecretAuthenticationPlug.call(%{})`

			`assert conn.assigns[:user].is_admin`
[#1940] Reinstated OAuth-less `admin_token` authentication. Refactored UserIsAdminPlug (freed from checking admin scopes presence). 2020-07-19 18:35:57 +00:00			`assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)`
Support authentication via `x-admin-token` HTTP header 2019-11-19 08:58:20 +00:00			`end`

			test "with `x-admin-token` HTTP header", %{conn: conn} do
			`Pleroma.Config.put(:admin_token, "☕️")`

			`conn =`
			`conn`
			`\|> put_req_header("x-admin-token", "🥛")`
			`\|> AdminSecretAuthenticationPlug.call(%{})`

			`refute conn.assigns[:user]`
[#1940] Applied rate limit for requests with bad `admin_token`. Added doc warnings on `admin_token` setting. 2020-07-14 08:58:41 +00:00			`assert called(RateLimiter.call(conn, name: :authentication))`
Support authentication via `x-admin-token` HTTP header 2019-11-19 08:58:20 +00:00
			`conn =`
			`conn`
			`\|> put_req_header("x-admin-token", "☕️")`
			`\|> AdminSecretAuthenticationPlug.call(%{})`
Add a way to use the admin api without a user. 2018-12-18 20:08:52 +00:00
Support authentication via `x-admin-token` HTTP header 2019-11-19 08:58:20 +00:00			`assert conn.assigns[:user].is_admin`
[#1940] Reinstated OAuth-less `admin_token` authentication. Refactored UserIsAdminPlug (freed from checking admin scopes presence). 2020-07-19 18:35:57 +00:00			`assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)`
Support authentication via `x-admin-token` HTTP header 2019-11-19 08:58:20 +00:00			`end`
Add a way to use the admin api without a user. 2018-12-18 20:08:52 +00:00			`end`
			`end`