Remove `:auth, :enforce_oauth_admin_scope_usage`

`admin` scope has been required by default for more than a year now and all apps that use the API seems to request a proper scope by now.
author: rinpatch <rin@patch.cx> 2021-02-17 20:47:38 +0300
committer: rinpatch <rin@patch.cx> 2021-02-17 20:47:38 +0300
commit: 6d66fadea7f798f64f4f8b5d41c9ef29469eaf78 (patch)
tree: 8b2dc3283128e35c3aaebfe238ad59779af73a42 /test
parent: 679a2e799e464f044d7afceb4c9a650d2d3b2e2a (diff)
5 files changed, 69 insertions, 224 deletions
diff --git a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs
index e7688c728..8cd9f939b 100644
--- a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs
+++ b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs
@@ -46,104 +46,47 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
     assert json_response(conn, 200)
   end
 
-  describe "with [:auth, :enforce_oauth_admin_scope_usage]," do
-    setup do: clear_config([:auth, :enforce_oauth_admin_scope_usage], true)
+  test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope",
+       %{admin: admin} do
+    user = insert(:user)
+    url = "/api/pleroma/admin/users/#{user.nickname}"
 
-    test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope",
-         %{admin: admin} do
-      user = insert(:user)
-      url = "/api/pleroma/admin/users/#{user.nickname}"
-
-      good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
-      good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
-      good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
-
-      bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
-      bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
-      bad_token3 = nil
-
-      for good_token <- [good_token1, good_token2, good_token3] do
-        conn =
-          build_conn()
-          |> assign(:user, admin)
-          |> assign(:token, good_token)
-          |> get(url)
-
-        assert json_response(conn, 200)
-      end
-
-      for good_token <- [good_token1, good_token2, good_token3] do
-        conn =
-          build_conn()
-          |> assign(:user, nil)
-          |> assign(:token, good_token)
-          |> get(url)
-
-        assert json_response(conn, :forbidden)
-      end
-
-      for bad_token <- [bad_token1, bad_token2, bad_token3] do
-        conn =
-          build_conn()
-          |> assign(:user, admin)
-          |> assign(:token, bad_token)
-          |> get(url)
-
-        assert json_response(conn, :forbidden)
-      end
+    good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
+    good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
+    good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
+
+    bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
+    bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
+    bad_token3 = nil
+
+    for good_token <- [good_token1, good_token2, good_token3] do
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> assign(:token, good_token)
+        |> get(url)
+
+      assert json_response(conn, 200)
     end
-  end
 
-  describe "unless [:auth, :enforce_oauth_admin_scope_usage]," do
-    setup do: clear_config([:auth, :enforce_oauth_admin_scope_usage], false)
+    for good_token <- [good_token1, good_token2, good_token3] do
+      conn =
+        build_conn()
+        |> assign(:user, nil)
+        |> assign(:token, good_token)
+        |> get(url)
+
+      assert json_response(conn, :forbidden)
+    end
 
-    test "GET /api/pleroma/admin/users/:nickname requires " <>
-           "read:accounts or admin:read:accounts or broader scope",
-         %{admin: admin} do
-      user = insert(:user)
-      url = "/api/pleroma/admin/users/#{user.nickname}"
-
-      good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
-      good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
-      good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
-      good_token4 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
-      good_token5 = insert(:oauth_token, user: admin, scopes: ["read"])
-
-      good_tokens = [good_token1, good_token2, good_token3, good_token4, good_token5]
-
-      bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts:partial"])
-      bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
-      bad_token3 = nil
-
-      for good_token <- good_tokens do
-        conn =
-          build_conn()
-          |> assign(:user, admin)
-          |> assign(:token, good_token)
-          |> get(url)
-
-        assert json_response(conn, 200)
-      end
-
-      for good_token <- good_tokens do
-        conn =
-          build_conn()
-          |> assign(:user, nil)
-          |> assign(:token, good_token)
-          |> get(url)
-
-        assert json_response(conn, :forbidden)
-      end
-
-      for bad_token <- [bad_token1, bad_token2, bad_token3] do
-        conn =
-          build_conn()
-          |> assign(:user, admin)
-          |> assign(:token, bad_token)
-          |> get(url)
-
-        assert json_response(conn, :forbidden)
-      end
+    for bad_token <- [bad_token1, bad_token2, bad_token3] do
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> assign(:token, bad_token)
+        |> get(url)
+
+      assert json_response(conn, :forbidden)
     end
   end
 
diff --git a/test/pleroma/web/admin_api/controllers/user_controller_test.exs b/test/pleroma/web/admin_api/controllers/user_controller_test.exs
index ef16dede3..beb8a5d58 100644
--- a/test/pleroma/web/admin_api/controllers/user_controller_test.exs
+++ b/test/pleroma/web/admin_api/controllers/user_controller_test.exs
@@ -47,104 +47,47 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
     assert json_response(conn, 200)
   end
 
-  describe "with [:auth, :enforce_oauth_admin_scope_usage]," do
-    setup do: clear_config([:auth, :enforce_oauth_admin_scope_usage], true)
-
-    test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope",
-         %{admin: admin} do
-      user = insert(:user)
-      url = "/api/pleroma/admin/users/#{user.nickname}"
-
-      good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
-      good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
-      good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
-
-      bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
-      bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
-      bad_token3 = nil
-
-      for good_token <- [good_token1, good_token2, good_token3] do
-        conn =
-          build_conn()
-          |> assign(:user, admin)
-          |> assign(:token, good_token)
-          |> get(url)
+  test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope",
+       %{admin: admin} do
+    user = insert(:user)
+    url = "/api/pleroma/admin/users/#{user.nickname}"
 
-        assert json_response(conn, 200)
-      end
+    good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
+    good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
+    good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
 
-      for good_token <- [good_token1, good_token2, good_token3] do
-        conn =
-          build_conn()
-          |> assign(:user, nil)
-          |> assign(:token, good_token)
-          |> get(url)
+    bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
+    bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
+    bad_token3 = nil
 
-        assert json_response(conn, :forbidden)
-      end
-
-      for bad_token <- [bad_token1, bad_token2, bad_token3] do
-        conn =
-          build_conn()
-          |> assign(:user, admin)
-          |> assign(:token, bad_token)
-          |> get(url)
+    for good_token <- [good_token1, good_token2, good_token3] do
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> assign(:token, good_token)
+        |> get(url)
 
-        assert json_response(conn, :forbidden)
-      end
+      assert json_response(conn, 200)
     end
-  end
 
-  describe "unless [:auth, :enforce_oauth_admin_scope_usage]," do
-    setup do: clear_config([:auth, :enforce_oauth_admin_scope_usage], false)
-
-    test "GET /api/pleroma/admin/users/:nickname requires " <>
-           "read:accounts or admin:read:accounts or broader scope",
-         %{admin: admin} do
-      user = insert(:user)
-      url = "/api/pleroma/admin/users/#{user.nickname}"
-
-      good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
-      good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
-      good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
-      good_token4 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
-      good_token5 = insert(:oauth_token, user: admin, scopes: ["read"])
-
-      good_tokens = [good_token1, good_token2, good_token3, good_token4, good_token5]
-
-      bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts:partial"])
-      bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
-      bad_token3 = nil
-
-      for good_token <- good_tokens do
-        conn =
-          build_conn()
-          |> assign(:user, admin)
-          |> assign(:token, good_token)
-          |> get(url)
-
-        assert json_response(conn, 200)
-      end
-
-      for good_token <- good_tokens do
-        conn =
-          build_conn()
-          |> assign(:user, nil)
-          |> assign(:token, good_token)
-          |> get(url)
+    for good_token <- [good_token1, good_token2, good_token3] do
+      conn =
+        build_conn()
+        |> assign(:user, nil)
+        |> assign(:token, good_token)
+        |> get(url)
 
-        assert json_response(conn, :forbidden)
-      end
+      assert json_response(conn, :forbidden)
+    end
 
-      for bad_token <- [bad_token1, bad_token2, bad_token3] do
-        conn =
-          build_conn()
-          |> assign(:user, admin)
-          |> assign(:token, bad_token)
-          |> get(url)
+    for bad_token <- [bad_token1, bad_token2, bad_token3] do
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> assign(:token, bad_token)
+        |> get(url)
 
-        assert json_response(conn, :forbidden)
-      end
+      assert json_response(conn, :forbidden)
     end
   end
 
diff --git a/test/pleroma/web/pleroma_api/controllers/emoji_file_controller_test.exs b/test/pleroma/web/pleroma_api/controllers/emoji_file_controller_test.exs
index 8f0da00c0..547391249 100644
--- a/test/pleroma/web/pleroma_api/controllers/emoji_file_controller_test.exs
+++ b/test/pleroma/web/pleroma_api/controllers/emoji_file_controller_test.exs
@@ -13,8 +13,6 @@ defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do
                 Pleroma.Config.get!([:instance, :static_dir]),
                 "emoji"
               )
-  setup do: clear_config([:auth, :enforce_oauth_admin_scope_usage], false)
-
   setup do: clear_config([:instance, :public], true)
 
   setup do
diff --git a/test/pleroma/web/pleroma_api/controllers/emoji_pack_controller_test.exs b/test/pleroma/web/pleroma_api/controllers/emoji_pack_controller_test.exs
index cd9fc391d..d1ba067b8 100644
--- a/test/pleroma/web/pleroma_api/controllers/emoji_pack_controller_test.exs
+++ b/test/pleroma/web/pleroma_api/controllers/emoji_pack_controller_test.exs
@@ -13,7 +13,6 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
                 Pleroma.Config.get!([:instance, :static_dir]),
                 "emoji"
               )
-  setup do: clear_config([:auth, :enforce_oauth_admin_scope_usage], false)
 
   setup do: clear_config([:instance, :public], true)
 
diff --git a/test/pleroma/web/plugs/o_auth_scopes_plug_test.exs b/test/pleroma/web/plugs/o_auth_scopes_plug_test.exs
index 7241b0afd..9f6d3dc71 100644
--- a/test/pleroma/web/plugs/o_auth_scopes_plug_test.exs
+++ b/test/pleroma/web/plugs/o_auth_scopes_plug_test.exs
@@ -169,42 +169,4 @@ defmodule Pleroma.Web.Plugs.OAuthScopesPlugTest do
       assert f.(["admin:read"], ["write", "admin"]) == ["admin:read"]
     end
   end
-
-  describe "transform_scopes/2" do
-    setup do: clear_config([:auth, :enforce_oauth_admin_scope_usage])
-
-    setup do
-      {:ok, %{f: &OAuthScopesPlug.transform_scopes/2}}
-    end
-
-    test "with :admin option, prefixes all requested scopes with `admin:` " <>
-           "and [optionally] keeps only prefixed scopes, " <>
-           "depending on `[:auth, :enforce_oauth_admin_scope_usage]` setting",
-         %{f: f} do
-      clear_config([:auth, :enforce_oauth_admin_scope_usage], false)
-
-      assert f.(["read"], %{admin: true}) == ["admin:read", "read"]
-
-      assert f.(["read", "write"], %{admin: true}) == [
-               "admin:read",
-               "read",
-               "admin:write",
-               "write"
-             ]
-
-      clear_config([:auth, :enforce_oauth_admin_scope_usage], true)
-
-      assert f.(["read:accounts"], %{admin: true}) == ["admin:read:accounts"]
-
-      assert f.(["read", "write:reports"], %{admin: true}) == [
-               "admin:read",
-               "admin:write:reports"
-             ]
-    end
-
-    test "with no supported options, returns unmodified scopes", %{f: f} do
-      assert f.(["read"], %{}) == ["read"]
-      assert f.(["read", "write"], %{}) == ["read", "write"]
-    end
-  end
 end
author	rinpatch <rin@patch.cx>	2021-02-17 20:47:38 +0300
committer	rinpatch <rin@patch.cx>	2021-02-17 20:47:38 +0300
commit	6d66fadea7f798f64f4f8b5d41c9ef29469eaf78 (patch)
tree	8b2dc3283128e35c3aaebfe238ad59779af73a42 /test
parent	679a2e799e464f044d7afceb4c9a650d2d3b2e2a (diff)