98cb255d12
OTP builds to 1.15
Changelog entry
Ensure policies are fully loaded
Fix :warn
use main branch for linkify
Fix warn in tests
Migrations for phoenix 1.17
Revert "Migrations for phoenix 1.17"
This reverts commit 6a3b2f15b7.
Oban upgrade
Add default empty whitelist
mix format
limit test to amd64
OTP 26 tests for 1.15
use OTP_VERSION tag
baka
just 1.15
Massive deps update
Update locale, deps
Mix format
shell????
multiline???
?
max cases 1
use assert_recieve
don't put_env in async tests
don't async conn/fs tests
mix format
FIx some uploader issues
Fix tests
135 lines
4.1 KiB
Elixir
135 lines
4.1 KiB
Elixir
# Pleroma: A lightweight social networking server
|
|
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
|
|
use Pleroma.Web.ConnCase, async: false
|
|
alias Pleroma.Repo
|
|
alias Pleroma.Web.OAuth.Token
|
|
import Pleroma.Factory
|
|
import Mock
|
|
|
|
@skip if !Code.ensure_loaded?(:eldap), do: :skip
|
|
|
|
setup_all do: clear_config([:ldap, :enabled], true)
|
|
|
|
setup_all do: clear_config(Pleroma.Web.Auth.Authenticator, Pleroma.Web.Auth.LDAPAuthenticator)
|
|
|
|
@tag @skip
|
|
test "authorizes the existing user using LDAP credentials" do
|
|
password = "testpassword"
|
|
user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password))
|
|
app = insert(:oauth_app, scopes: ["read", "write"])
|
|
|
|
host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
|
|
port = Pleroma.Config.get([:ldap, :port])
|
|
|
|
with_mocks [
|
|
{:eldap, [],
|
|
[
|
|
open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:ok, self()} end,
|
|
simple_bind: fn _connection, _dn, ^password -> :ok end,
|
|
close: fn _connection ->
|
|
send(self(), :close_connection)
|
|
:ok
|
|
end
|
|
]}
|
|
] do
|
|
conn =
|
|
build_conn()
|
|
|> post("/oauth/token", %{
|
|
"grant_type" => "password",
|
|
"username" => user.nickname,
|
|
"password" => password,
|
|
"client_id" => app.client_id,
|
|
"client_secret" => app.client_secret
|
|
})
|
|
|
|
assert %{"access_token" => token} = json_response(conn, 200)
|
|
|
|
token = Repo.get_by(Token, token: token)
|
|
|
|
assert token.user_id == user.id
|
|
assert_receive :close_connection
|
|
end
|
|
end
|
|
|
|
@tag @skip
|
|
test "creates a new user after successful LDAP authorization" do
|
|
password = "testpassword"
|
|
user = build(:user)
|
|
app = insert(:oauth_app, scopes: ["read", "write"])
|
|
|
|
host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
|
|
port = Pleroma.Config.get([:ldap, :port])
|
|
|
|
with_mocks [
|
|
{:eldap, [],
|
|
[
|
|
open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:ok, self()} end,
|
|
simple_bind: fn _connection, _dn, ^password -> :ok end,
|
|
equalityMatch: fn _type, _value -> :ok end,
|
|
wholeSubtree: fn -> :ok end,
|
|
search: fn _connection, _options ->
|
|
{:ok, {:eldap_search_result, [{:eldap_entry, ~c"", []}], [], []}}
|
|
end,
|
|
close: fn _connection ->
|
|
send(self(), :close_connection)
|
|
:ok
|
|
end
|
|
]}
|
|
] do
|
|
conn =
|
|
build_conn()
|
|
|> post("/oauth/token", %{
|
|
"grant_type" => "password",
|
|
"username" => user.nickname,
|
|
"password" => password,
|
|
"client_id" => app.client_id,
|
|
"client_secret" => app.client_secret
|
|
})
|
|
|
|
assert %{"access_token" => token} = json_response(conn, 200)
|
|
|
|
token = Repo.get_by(Token, token: token) |> Repo.preload(:user)
|
|
|
|
assert token.user.nickname == user.nickname
|
|
assert_receive :close_connection
|
|
end
|
|
end
|
|
|
|
@tag @skip
|
|
test "disallow authorization for wrong LDAP credentials" do
|
|
password = "testpassword"
|
|
user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password))
|
|
app = insert(:oauth_app, scopes: ["read", "write"])
|
|
|
|
host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
|
|
port = Pleroma.Config.get([:ldap, :port])
|
|
|
|
with_mocks [
|
|
{:eldap, [],
|
|
[
|
|
open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:ok, self()} end,
|
|
simple_bind: fn _connection, _dn, ^password -> {:error, :invalidCredentials} end,
|
|
close: fn _connection ->
|
|
send(self(), :close_connection)
|
|
:ok
|
|
end
|
|
]}
|
|
] do
|
|
conn =
|
|
build_conn()
|
|
|> post("/oauth/token", %{
|
|
"grant_type" => "password",
|
|
"username" => user.nickname,
|
|
"password" => password,
|
|
"client_id" => app.client_id,
|
|
"client_secret" => app.client_secret
|
|
})
|
|
|
|
assert %{"error" => "Invalid credentials"} = json_response(conn, 400)
|
|
assert_receive :close_connection
|
|
end
|
|
end
|
|
end
|