logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma

authorization_test.exs (2011B)


  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  4. defmodule Pleroma.Web.OAuth.AuthorizationTest do
  5. use Pleroma.DataCase
  6. alias Pleroma.Web.OAuth.App
  7. alias Pleroma.Web.OAuth.Authorization
  8. import Pleroma.Factory
  9. setup do
  10. {:ok, app} =
  11. Repo.insert(
  12. App.register_changeset(%App{}, %{
  13. client_name: "client",
  14. scopes: ["read", "write"],
  15. redirect_uris: "url"
  16. })
  17. )
  18. %{app: app}
  19. end
  20. test "create an authorization token for a valid app", %{app: app} do
  21. user = insert(:user)
  22. {:ok, auth1} = Authorization.create_authorization(app, user)
  23. assert auth1.scopes == app.scopes
  24. {:ok, auth2} = Authorization.create_authorization(app, user, ["read"])
  25. assert auth2.scopes == ["read"]
  26. for auth <- [auth1, auth2] do
  27. assert auth.user_id == user.id
  28. assert auth.app_id == app.id
  29. assert String.length(auth.token) > 10
  30. assert auth.used == false
  31. end
  32. end
  33. test "use up a token", %{app: app} do
  34. user = insert(:user)
  35. {:ok, auth} = Authorization.create_authorization(app, user)
  36. {:ok, auth} = Authorization.use_token(auth)
  37. assert auth.used == true
  38. assert {:error, "already used"} == Authorization.use_token(auth)
  39. expired_auth = %Authorization{
  40. user_id: user.id,
  41. app_id: app.id,
  42. valid_until: NaiveDateTime.add(NaiveDateTime.utc_now(), -10),
  43. token: "mytoken",
  44. used: false
  45. }
  46. {:ok, expired_auth} = Repo.insert(expired_auth)
  47. assert {:error, "token expired"} == Authorization.use_token(expired_auth)
  48. end
  49. test "delete authorizations", %{app: app} do
  50. user = insert(:user)
  51. {:ok, auth} = Authorization.create_authorization(app, user)
  52. {:ok, auth} = Authorization.use_token(auth)
  53. Authorization.delete_user_authorizations(user)
  54. {_, invalid} = Authorization.use_token(auth)
  55. assert auth != invalid
  56. end
  57. end