akkoma/test/web/oauth/token_test.exs

# Pleroma: A lightweight social networking server
# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.OAuth.TokenTest do
  use Pleroma.DataCase
  alias Pleroma.Web.OAuth.App
  alias Pleroma.Web.OAuth.Authorization
  alias Pleroma.Web.OAuth.Token
  alias Pleroma.Repo

  import Pleroma.Factory

  test "exchanges a auth token for an access token" do
    {:ok, app} =
      Repo.insert(
        App.register_changeset(%App{}, %{
          client_name: "client",
          scopes: ["scope"],
          redirect_uris: "url"
        })
      )

    user = insert(:user)

    {:ok, auth} = Authorization.create_authorization(app, user)

    {:ok, token} = Token.exchange_token(app, auth)

    assert token.app_id == app.id
    assert token.user_id == user.id
    assert String.length(token.token) > 10
    assert String.length(token.refresh_token) > 10

    auth = Repo.get(Authorization, auth.id)
    {:error, "already used"} = Token.exchange_token(app, auth)
  end

  test "deletes all tokens of a user" do
    {:ok, app1} =
      Repo.insert(
        App.register_changeset(%App{}, %{
          client_name: "client1",
          scopes: ["scope"],
          redirect_uris: "url"
        })
      )

    {:ok, app2} =
      Repo.insert(
        App.register_changeset(%App{}, %{
          client_name: "client2",
          scopes: ["scope"],
          redirect_uris: "url"
        })
      )

    user = insert(:user)

    {:ok, auth1} = Authorization.create_authorization(app1, user)
    {:ok, auth2} = Authorization.create_authorization(app2, user)

    {:ok, _token1} = Token.exchange_token(app1, auth1)
    {:ok, _token2} = Token.exchange_token(app2, auth2)

    {tokens, _} = Token.delete_user_tokens(user)

    assert tokens == 2
  end
end
tests: add legal boilerplate 2018-12-23 20:11:29 +00:00			`# Pleroma: A lightweight social networking server`
			`# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>`
			`# SPDX-License-Identifier: AGPL-3.0-only`

Make auth tokens usable once and expire them. 2017-09-09 10:02:59 +00:00			`defmodule Pleroma.Web.OAuth.TokenTest do`
			`use Pleroma.DataCase`
test: de-group alias/es 2019-02-10 21:57:38 +00:00			`alias Pleroma.Web.OAuth.App`
			`alias Pleroma.Web.OAuth.Authorization`
			`alias Pleroma.Web.OAuth.Token`
Make auth tokens usable once and expire them. 2017-09-09 10:02:59 +00:00			`alias Pleroma.Repo`

			`import Pleroma.Factory`

			`test "exchanges a auth token for an access token" do`
Format the code. 2018-03-30 13:01:53 +00:00			`{:ok, app} =`
			`Repo.insert(`
			`App.register_changeset(%App{}, %{`
			`client_name: "client",`
[#468] User UI for OAuth permissions restriction. Standardized storage format for `scopes` fields, updated usages. 2019-02-13 21:29:29 +00:00			`scopes: ["scope"],`
Format the code. 2018-03-30 13:01:53 +00:00			`redirect_uris: "url"`
			`})`
			`)`

Make auth tokens usable once and expire them. 2017-09-09 10:02:59 +00:00			`user = insert(:user)`

			`{:ok, auth} = Authorization.create_authorization(app, user)`

			`{:ok, token} = Token.exchange_token(app, auth)`

			`assert token.app_id == app.id`
			`assert token.user_id == user.id`
			`assert String.length(token.token) > 10`
			`assert String.length(token.refresh_token) > 10`

			`auth = Repo.get(Authorization, auth.id)`
			`{:error, "already used"} = Token.exchange_token(app, auth)`
			`end`
Delete Tokens and Authorizations on password change Closes: https://git.pleroma.social/pleroma/pleroma/issues/320 2018-10-13 23:45:11 +00:00
			`test "deletes all tokens of a user" do`
			`{:ok, app1} =`
			`Repo.insert(`
			`App.register_changeset(%App{}, %{`
			`client_name: "client1",`
[#468] User UI for OAuth permissions restriction. Standardized storage format for `scopes` fields, updated usages. 2019-02-13 21:29:29 +00:00			`scopes: ["scope"],`
Delete Tokens and Authorizations on password change Closes: https://git.pleroma.social/pleroma/pleroma/issues/320 2018-10-13 23:45:11 +00:00			`redirect_uris: "url"`
			`})`
			`)`

			`{:ok, app2} =`
			`Repo.insert(`
			`App.register_changeset(%App{}, %{`
			`client_name: "client2",`
[#468] User UI for OAuth permissions restriction. Standardized storage format for `scopes` fields, updated usages. 2019-02-13 21:29:29 +00:00			`scopes: ["scope"],`
Delete Tokens and Authorizations on password change Closes: https://git.pleroma.social/pleroma/pleroma/issues/320 2018-10-13 23:45:11 +00:00			`redirect_uris: "url"`
			`})`
			`)`

			`user = insert(:user)`

			`{:ok, auth1} = Authorization.create_authorization(app1, user)`
			`{:ok, auth2} = Authorization.create_authorization(app2, user)`

fix warnings 2018-12-11 12:31:52 +00:00			`{:ok, _token1} = Token.exchange_token(app1, auth1)`
			`{:ok, _token2} = Token.exchange_token(app2, auth2)`
Delete Tokens and Authorizations on password change Closes: https://git.pleroma.social/pleroma/pleroma/issues/320 2018-10-13 23:45:11 +00:00
			`{tokens, _} = Token.delete_user_tokens(user)`

			`assert tokens == 2`
			`end`
Make auth tokens usable once and expire them. 2017-09-09 10:02:59 +00:00			`end`