blob: a2f6009acb511c75a132f59d4a21f825e16b5866 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
# Pleroma: A lightweight social networking server
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Tests.OAuthTestControllerTest do
use Pleroma.Web.ConnCase
import Pleroma.Factory
setup %{conn: conn} do
user = insert(:user)
conn = assign(conn, :user, user)
%{conn: conn, user: user}
end
test "missed_oauth", %{conn: conn} do
res =
conn
|> get("/test/authenticated_api/missed_oauth")
|> json_response(403)
assert res ==
%{
"error" =>
"Security violation: OAuth scopes check was neither handled nor explicitly skipped."
}
end
test "skipped_oauth", %{conn: conn} do
conn
|> assign(:token, nil)
|> get("/test/authenticated_api/skipped_oauth")
|> json_response(200)
end
test "performed_oauth", %{user: user} do
%{conn: good_token_conn} = oauth_access(["read"], user: user)
good_token_conn
|> get("/test/authenticated_api/performed_oauth")
|> json_response(200)
%{conn: bad_token_conn} = oauth_access(["follow"], user: user)
bad_token_conn
|> get("/test/authenticated_api/performed_oauth")
|> json_response(403)
end
end
|
