logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma

ensure_authenticated_plug_test.exs (3259B)


  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  4. defmodule Pleroma.Plugs.EnsureAuthenticatedPlugTest do
  5. use Pleroma.Web.ConnCase, async: true
  6. alias Pleroma.Plugs.EnsureAuthenticatedPlug
  7. alias Pleroma.User
  8. describe "without :if_func / :unless_func options" do
  9. test "it halts if user is NOT assigned", %{conn: conn} do
  10. conn = EnsureAuthenticatedPlug.call(conn, %{})
  11. assert conn.status == 403
  12. assert conn.halted == true
  13. end
  14. test "it continues if a user is assigned", %{conn: conn} do
  15. conn = assign(conn, :user, %User{})
  16. ret_conn = EnsureAuthenticatedPlug.call(conn, %{})
  17. refute ret_conn.halted
  18. end
  19. end
  20. test "it halts if user is assigned and MFA enabled", %{conn: conn} do
  21. conn =
  22. conn
  23. |> assign(:user, %User{multi_factor_authentication_settings: %{enabled: true}})
  24. |> assign(:auth_credentials, %{password: "xd-42"})
  25. |> EnsureAuthenticatedPlug.call(%{})
  26. assert conn.status == 403
  27. assert conn.halted == true
  28. assert conn.resp_body ==
  29. "{\"error\":\"Two-factor authentication enabled, you must use a access token.\"}"
  30. end
  31. test "it continues if user is assigned and MFA disabled", %{conn: conn} do
  32. conn =
  33. conn
  34. |> assign(:user, %User{multi_factor_authentication_settings: %{enabled: false}})
  35. |> assign(:auth_credentials, %{password: "xd-42"})
  36. |> EnsureAuthenticatedPlug.call(%{})
  37. refute conn.status == 403
  38. refute conn.halted
  39. end
  40. describe "with :if_func / :unless_func options" do
  41. setup do
  42. %{
  43. true_fn: fn _conn -> true end,
  44. false_fn: fn _conn -> false end
  45. }
  46. end
  47. test "it continues if a user is assigned", %{conn: conn, true_fn: true_fn, false_fn: false_fn} do
  48. conn = assign(conn, :user, %User{})
  49. refute EnsureAuthenticatedPlug.call(conn, if_func: true_fn).halted
  50. refute EnsureAuthenticatedPlug.call(conn, if_func: false_fn).halted
  51. refute EnsureAuthenticatedPlug.call(conn, unless_func: true_fn).halted
  52. refute EnsureAuthenticatedPlug.call(conn, unless_func: false_fn).halted
  53. end
  54. test "it continues if a user is NOT assigned but :if_func evaluates to `false`",
  55. %{conn: conn, false_fn: false_fn} do
  56. ret_conn = EnsureAuthenticatedPlug.call(conn, if_func: false_fn)
  57. refute ret_conn.halted
  58. end
  59. test "it continues if a user is NOT assigned but :unless_func evaluates to `true`",
  60. %{conn: conn, true_fn: true_fn} do
  61. ret_conn = EnsureAuthenticatedPlug.call(conn, unless_func: true_fn)
  62. refute ret_conn.halted
  63. end
  64. test "it halts if a user is NOT assigned and :if_func evaluates to `true`",
  65. %{conn: conn, true_fn: true_fn} do
  66. conn = EnsureAuthenticatedPlug.call(conn, if_func: true_fn)
  67. assert conn.status == 403
  68. assert conn.halted == true
  69. end
  70. test "it halts if a user is NOT assigned and :unless_func evaluates to `false`",
  71. %{conn: conn, false_fn: false_fn} do
  72. conn = EnsureAuthenticatedPlug.call(conn, unless_func: false_fn)
  73. assert conn.status == 403
  74. assert conn.halted == true
  75. end
  76. end
  77. end