commit: 497d34b825bd3600b2067a8c47e29f41234fa315
parent: d107919b3d8b2275ddb7b17846cab182682098a7
Author: lambda <lain@soykaf.club>
Date: Thu, 2 May 2019 14:17:17 +0000
Merge branch 'iss-849' into 'develop'
Parse access_token from body parameters and URL parameters
See merge request pleroma/pleroma!1103
Diffstat:
3 files changed, 32 insertions(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -48,6 +48,7 @@ unit-testing:
- name: postgres:9.6.2
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
script:
+ - mix deps.get
- mix ecto.create
- mix ecto.migrate
- mix test --trace --preload-modules
@@ -77,4 +78,4 @@ docs-deploy:
- echo "${SSH_HOST_KEY}" > ~/.ssh/known_hosts
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- - rsync -hrvz --delete -e "ssh -p ${SSH_PORT}" priv/static/doc/ "${SSH_USER_HOST_LOCATION}/${CI_COMMIT_REF_NAME}"
+ - rsync -hrvz --delete -e "ssh -p ${SSH_PORT}" priv/static/doc/ "${SSH_USER_HOST_LOCATION}/${CI_COMMIT_REF_NAME}"
diff --git a/lib/pleroma/plugs/oauth_plug.ex b/lib/pleroma/plugs/oauth_plug.ex
@@ -16,6 +16,16 @@ defmodule Pleroma.Plugs.OAuthPlug do
def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
+ def call(%{params: %{"access_token" => access_token}} = conn, _) do
+ with {:ok, user, token_record} <- fetch_user_and_token(access_token) do
+ conn
+ |> assign(:token, token_record)
+ |> assign(:user, user)
+ else
+ _ -> conn
+ end
+ end
+
def call(conn, _) do
with {:ok, token_str} <- fetch_token_str(conn),
{:ok, user, token_record} <- fetch_user_and_token(token_str) do
diff --git a/test/plugs/oauth_plug_test.exs b/test/plugs/oauth_plug_test.exs
@@ -38,6 +38,26 @@ defmodule Pleroma.Plugs.OAuthPlugTest do
assert conn.assigns[:user] == opts[:user]
end
+ test "with valid token(downcase) in url parameters, it assings the user", opts do
+ conn =
+ :get
+ |> build_conn("/?access_token=#{opts[:token]}")
+ |> put_req_header("content-type", "application/json")
+ |> fetch_query_params()
+ |> OAuthPlug.call(%{})
+
+ assert conn.assigns[:user] == opts[:user]
+ end
+
+ test "with valid token(downcase) in body parameters, it assigns the user", opts do
+ conn =
+ :post
+ |> build_conn("/api/v1/statuses", access_token: opts[:token], status: "test")
+ |> OAuthPlug.call(%{})
+
+ assert conn.assigns[:user] == opts[:user]
+ end
+
test "with invalid token, it not assigns the user", %{conn: conn} do
conn =
conn
