akkoma/test/pleroma/web/admin_api/controllers/config_controller_test.exs

70 lines
1.7 KiB
Elixir
Raw Normal View History

2023-08-14 13:26:14 -06:00
# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.AdminAPI.ConfigControllerTest do
use Pleroma.Web.ConnCase, async: false
import Pleroma.Factory
setup_all do
Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
:ok
end
setup do
clear_config(:configurable_from_database, true)
admin = insert(:user, is_admin: true)
token = insert(:oauth_admin_token, user: admin)
conn =
build_conn()
|> assign(:user, admin)
|> assign(:token, token)
|> put_req_header("content-type", "application/json")
{:ok, %{admin: admin, token: token, conn: conn}}
end
describe "POST /api/v1/pleroma/admin/config" do
test "Refuses to update non-whitelisted config options", %{conn: conn} do
banned_config = %{
configs: [
%{
group: ":mogrify",
key: ":mogrify_command",
value: [
%{tuple: [":path", "sh"]},
%{tuple: [":args", ["-c", "echo pwnd > /tmp/a"]]}
]
},
%{
group: ":pleroma",
2023-08-15 05:39:28 -06:00
key: ":http",
2023-08-14 13:26:14 -06:00
value: [
2023-08-15 05:39:28 -06:00
%{tuple: ["wow", "nice"]}
2023-08-14 13:26:14 -06:00
]
}
]
}
2023-08-15 05:39:28 -06:00
resp =
2023-08-14 13:26:14 -06:00
conn
|> post(~p"/api/v1/pleroma/admin/config", banned_config)
|> json_response_and_validate_schema(200)
2023-08-15 05:39:28 -06:00
# It should basically just throw out the mogrify option
assert Enum.count(resp["configs"]) == 1
assert %{
"configs" => [
%{
"group" => ":pleroma"
}
]
} = resp
2023-08-14 13:26:14 -06:00
end
end
end