logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma

two_factor_authentication_controller_test.exs (9183B)

    

  1. defmodule Pleroma.Web.PleromaAPI.TwoFactorAuthenticationControllerTest do

  2.   use Pleroma.Web.ConnCase

  3. 

  4.   import Pleroma.Factory

  5.   alias Pleroma.MFA.Settings

  6.   alias Pleroma.MFA.TOTP

  7. 

  8.   describe "GET /api/pleroma/accounts/mfa/settings" do

  9.     test "returns user mfa settings for new user", %{conn: conn} do

  10.       token = insert(:oauth_token, scopes: ["read", "follow"])

  11.       token2 = insert(:oauth_token, scopes: ["write"])

  12. 

  13.       assert conn

  14.              |> put_req_header("authorization", "Bearer #{token.token}")

  15.              |> get("/api/pleroma/accounts/mfa")

  16.              |> json_response(:ok) == %{

  17.                "settings" => %{"enabled" => false, "totp" => false}

  18.              }

  19. 

  20.       assert conn

  21.              |> put_req_header("authorization", "Bearer #{token2.token}")

  22.              |> get("/api/pleroma/accounts/mfa")

  23.              |> json_response(403) == %{

  24.                "error" => "Insufficient permissions: read:security."

  25.              }

  26.     end

  27. 

  28.     test "returns user mfa settings with enabled totp", %{conn: conn} do

  29.       user =

  30.         insert(:user,

  31.           multi_factor_authentication_settings: %Settings{

  32.             enabled: true,

  33.             totp: %Settings.TOTP{secret: "XXX", delivery_type: "app", confirmed: true}

  34.           }

  35.         )

  36. 

  37.       token = insert(:oauth_token, scopes: ["read", "follow"], user: user)

  38. 

  39.       assert conn

  40.              |> put_req_header("authorization", "Bearer #{token.token}")

  41.              |> get("/api/pleroma/accounts/mfa")

  42.              |> json_response(:ok) == %{

  43.                "settings" => %{"enabled" => true, "totp" => true}

  44.              }

  45.     end

  46.   end

  47. 

  48.   describe "GET /api/pleroma/accounts/mfa/backup_codes" do

  49.     test "returns backup codes", %{conn: conn} do

  50.       user =

  51.         insert(:user,

  52.           multi_factor_authentication_settings: %Settings{

  53.             backup_codes: ["1", "2", "3"],

  54.             totp: %Settings.TOTP{secret: "secret"}

  55.           }

  56.         )

  57. 

  58.       token = insert(:oauth_token, scopes: ["write", "follow"], user: user)

  59.       token2 = insert(:oauth_token, scopes: ["read"])

  60. 

  61.       response =

  62.         conn

  63.         |> put_req_header("authorization", "Bearer #{token.token}")

  64.         |> get("/api/pleroma/accounts/mfa/backup_codes")

  65.         |> json_response(:ok)

  66. 

  67.       assert [<<_::bytes-size(6)>>, <<_::bytes-size(6)>>] = response["codes"]

  68.       user = refresh_record(user)

  69.       mfa_settings = user.multi_factor_authentication_settings

  70.       assert mfa_settings.totp.secret == "secret"

  71.       refute mfa_settings.backup_codes == ["1", "2", "3"]

  72.       refute mfa_settings.backup_codes == []

  73. 

  74.       assert conn

  75.              |> put_req_header("authorization", "Bearer #{token2.token}")

  76.              |> get("/api/pleroma/accounts/mfa/backup_codes")

  77.              |> json_response(403) == %{

  78.                "error" => "Insufficient permissions: write:security."

  79.              }

  80.     end

  81.   end

  82. 

  83.   describe "GET /api/pleroma/accounts/mfa/setup/totp" do

  84.     test "return errors when method is invalid", %{conn: conn} do

  85.       user = insert(:user)

  86.       token = insert(:oauth_token, scopes: ["write", "follow"], user: user)

  87. 

  88.       response =

  89.         conn

  90.         |> put_req_header("authorization", "Bearer #{token.token}")

  91.         |> get("/api/pleroma/accounts/mfa/setup/torf")

  92.         |> json_response(400)

  93. 

  94.       assert response == %{"error" => "undefined method"}

  95.     end

  96. 

  97.     test "returns key and provisioning_uri", %{conn: conn} do

  98.       user =

  99.         insert(:user,

  100.           multi_factor_authentication_settings: %Settings{backup_codes: ["1", "2", "3"]}

  101.         )

  102. 

  103.       token = insert(:oauth_token, scopes: ["write", "follow"], user: user)

  104.       token2 = insert(:oauth_token, scopes: ["read"])

  105. 

  106.       response =

  107.         conn

  108.         |> put_req_header("authorization", "Bearer #{token.token}")

  109.         |> get("/api/pleroma/accounts/mfa/setup/totp")

  110.         |> json_response(:ok)

  111. 

  112.       user = refresh_record(user)

  113.       mfa_settings = user.multi_factor_authentication_settings

  114.       secret = mfa_settings.totp.secret

  115.       refute mfa_settings.enabled

  116.       assert mfa_settings.backup_codes == ["1", "2", "3"]

  117. 

  118.       assert response == %{

  119.                "key" => secret,

  120.                "provisioning_uri" => TOTP.provisioning_uri(secret, "#{user.email}")

  121.              }

  122. 

  123.       assert conn

  124.              |> put_req_header("authorization", "Bearer #{token2.token}")

  125.              |> get("/api/pleroma/accounts/mfa/setup/totp")

  126.              |> json_response(403) == %{

  127.                "error" => "Insufficient permissions: write:security."

  128.              }

  129.     end

  130.   end

  131. 

  132.   describe "GET /api/pleroma/accounts/mfa/confirm/totp" do

  133.     test "returns success result", %{conn: conn} do

  134.       secret = TOTP.generate_secret()

  135.       code = TOTP.generate_token(secret)

  136. 

  137.       user =

  138.         insert(:user,

  139.           multi_factor_authentication_settings: %Settings{

  140.             backup_codes: ["1", "2", "3"],

  141.             totp: %Settings.TOTP{secret: secret}

  142.           }

  143.         )

  144. 

  145.       token = insert(:oauth_token, scopes: ["write", "follow"], user: user)

  146.       token2 = insert(:oauth_token, scopes: ["read"])

  147. 

  148.       assert conn

  149.              |> put_req_header("authorization", "Bearer #{token.token}")

  150.              |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "test", code: code})

  151.              |> json_response(:ok)

  152. 

  153.       settings = refresh_record(user).multi_factor_authentication_settings

  154.       assert settings.enabled

  155.       assert settings.totp.secret == secret

  156.       assert settings.totp.confirmed

  157.       assert settings.backup_codes == ["1", "2", "3"]

  158. 

  159.       assert conn

  160.              |> put_req_header("authorization", "Bearer #{token2.token}")

  161.              |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "test", code: code})

  162.              |> json_response(403) == %{

  163.                "error" => "Insufficient permissions: write:security."

  164.              }

  165.     end

  166. 

  167.     test "returns error if password incorrect", %{conn: conn} do

  168.       secret = TOTP.generate_secret()

  169.       code = TOTP.generate_token(secret)

  170. 

  171.       user =

  172.         insert(:user,

  173.           multi_factor_authentication_settings: %Settings{

  174.             backup_codes: ["1", "2", "3"],

  175.             totp: %Settings.TOTP{secret: secret}

  176.           }

  177.         )

  178. 

  179.       token = insert(:oauth_token, scopes: ["write", "follow"], user: user)

  180. 

  181.       response =

  182.         conn

  183.         |> put_req_header("authorization", "Bearer #{token.token}")

  184.         |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "xxx", code: code})

  185.         |> json_response(422)

  186. 

  187.       settings = refresh_record(user).multi_factor_authentication_settings

  188.       refute settings.enabled

  189.       refute settings.totp.confirmed

  190.       assert settings.backup_codes == ["1", "2", "3"]

  191.       assert response == %{"error" => "Invalid password."}

  192.     end

  193. 

  194.     test "returns error if code incorrect", %{conn: conn} do

  195.       secret = TOTP.generate_secret()

  196. 

  197.       user =

  198.         insert(:user,

  199.           multi_factor_authentication_settings: %Settings{

  200.             backup_codes: ["1", "2", "3"],

  201.             totp: %Settings.TOTP{secret: secret}

  202.           }

  203.         )

  204. 

  205.       token = insert(:oauth_token, scopes: ["write", "follow"], user: user)

  206.       token2 = insert(:oauth_token, scopes: ["read"])

  207. 

  208.       response =

  209.         conn

  210.         |> put_req_header("authorization", "Bearer #{token.token}")

  211.         |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "test", code: "code"})

  212.         |> json_response(422)

  213. 

  214.       settings = refresh_record(user).multi_factor_authentication_settings

  215.       refute settings.enabled

  216.       refute settings.totp.confirmed

  217.       assert settings.backup_codes == ["1", "2", "3"]

  218.       assert response == %{"error" => "invalid_token"}

  219. 

  220.       assert conn

  221.              |> put_req_header("authorization", "Bearer #{token2.token}")

  222.              |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "test", code: "code"})

  223.              |> json_response(403) == %{

  224.                "error" => "Insufficient permissions: write:security."

  225.              }

  226.     end

  227.   end

  228. 

  229.   describe "DELETE /api/pleroma/accounts/mfa/totp" do

  230.     test "returns success result", %{conn: conn} do

  231.       user =

  232.         insert(:user,

  233.           multi_factor_authentication_settings: %Settings{

  234.             backup_codes: ["1", "2", "3"],

  235.             totp: %Settings.TOTP{secret: "secret"}

  236.           }

  237.         )

  238. 

  239.       token = insert(:oauth_token, scopes: ["write", "follow"], user: user)

  240.       token2 = insert(:oauth_token, scopes: ["read"])

  241. 

  242.       assert conn

  243.              |> put_req_header("authorization", "Bearer #{token.token}")

  244.              |> delete("/api/pleroma/accounts/mfa/totp", %{password: "test"})

  245.              |> json_response(:ok)

  246. 

  247.       settings = refresh_record(user).multi_factor_authentication_settings

  248.       refute settings.enabled

  249.       assert settings.totp.secret == nil

  250.       refute settings.totp.confirmed

  251. 

  252.       assert conn

  253.              |> put_req_header("authorization", "Bearer #{token2.token}")

  254.              |> delete("/api/pleroma/accounts/mfa/totp", %{password: "test"})

  255.              |> json_response(403) == %{

  256.                "error" => "Insufficient permissions: write:security."

  257.              }

  258.     end

  259.   end

  260. end