Merge branch 'moonman/pleroma-sha512-crypt' into 'develop'

auth overhaul and legacy GS auth

See merge request pleroma/pleroma!331
This commit is contained in:
lambda 2018-09-08 09:20:34 +00:00
commit 045953225e
21 changed files with 598 additions and 243 deletions

View file

@ -9,54 +9,34 @@ def init(options) do
def call(%{assigns: %{user: %User{}}} = conn, _), do: conn def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
def call(conn, opts) do def call(
with {:ok, username, password} <- decode_header(conn), %{
{:ok, user} <- opts[:fetcher].(username), assigns: %{
false <- !!user.info["deactivated"], auth_user: %{password_hash: password_hash} = auth_user,
saved_user_id <- get_session(conn, :user_id), auth_credentials: %{password: password}
{:ok, verified_user} <- verify(user, password, saved_user_id) do }
} = conn,
_
) do
if Pbkdf2.checkpw(password, password_hash) do
conn conn
|> assign(:user, verified_user) |> assign(:user, auth_user)
|> put_session(:user_id, verified_user.id)
else else
_ -> conn |> halt_or_continue(opts) conn
end end
end end
# Short-circuit if we have a cookie with the id for the given user. def call(
defp verify(%{id: id} = user, _password, id) do %{
{:ok, user} assigns: %{
end auth_credentials: %{password: password}
}
defp verify(nil, _password, _user_id) do } = conn,
_
) do
Pbkdf2.dummy_checkpw() Pbkdf2.dummy_checkpw()
:error
end
defp verify(user, password, _user_id) do
if Pbkdf2.checkpw(password, user.password_hash) do
{:ok, user}
else
:error
end
end
defp decode_header(conn) do
with ["Basic " <> header] <- get_req_header(conn, "authorization"),
{:ok, userinfo} <- Base.decode64(header),
[username, password] <- String.split(userinfo, ":", parts: 2) do
{:ok, username, password}
end
end
defp halt_or_continue(conn, %{optional: true}) do
conn |> assign(:user, nil)
end
defp halt_or_continue(conn, _) do
conn conn
|> put_resp_content_type("application/json")
|> send_resp(403, Jason.encode!(%{error: "Invalid credentials."}))
|> halt
end end
def call(conn, _), do: conn
end end

View file

@ -0,0 +1,21 @@
defmodule Pleroma.Plugs.BasicAuthDecoderPlug do
import Plug.Conn
def init(options) do
options
end
def call(conn, opts) do
with ["Basic " <> header] <- get_req_header(conn, "authorization"),
{:ok, userinfo} <- Base.decode64(header),
[username, password] <- String.split(userinfo, ":", parts: 2) do
conn
|> assign(:auth_credentials, %{
username: username,
password: password
})
else
_ -> conn
end
end
end

View file

@ -0,0 +1,19 @@
defmodule Pleroma.Plugs.EnsureAuthenticatedPlug do
import Plug.Conn
alias Pleroma.User
def init(options) do
options
end
def call(%{assigns: %{user: %User{}}} = conn, _) do
conn
end
def call(conn, _) do
conn
|> put_resp_content_type("application/json")
|> send_resp(403, Jason.encode!(%{error: "Invalid credentials."}))
|> halt
end
end

View file

@ -0,0 +1,14 @@
defmodule Pleroma.Plugs.EnsureUserKeyPlug do
import Plug.Conn
def init(opts) do
opts
end
def call(%{assigns: %{user: _}} = conn, _), do: conn
def call(conn, _) do
conn
|> assign(:user, nil)
end
end

View file

@ -0,0 +1,35 @@
defmodule Pleroma.Plugs.LegacyAuthenticationPlug do
import Plug.Conn
alias Pleroma.User
def init(options) do
options
end
def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
def call(
%{
assigns: %{
auth_user: %{password_hash: "$6$" <> _ = password_hash} = auth_user,
auth_credentials: %{password: password}
}
} = conn,
_
) do
with ^password_hash <- :crypt.crypt(password, password_hash),
{:ok, user} <-
User.reset_password(auth_user, %{password: password, password_confirmation: password}) do
conn
|> assign(:auth_user, user)
|> assign(:user, user)
else
_ ->
conn
end
end
def call(conn, _) do
conn
end
end

View file

@ -0,0 +1,18 @@
defmodule Pleroma.Plugs.SessionAuthenticationPlug do
import Plug.Conn
alias Pleroma.User
def init(options) do
options
end
def call(conn, _) do
with saved_user_id <- get_session(conn, :user_id),
%{auth_user: %{id: ^saved_user_id}} <- conn.assigns do
conn
|> assign(:user, conn.assigns.auth_user)
else
_ -> conn
end
end
end

View file

@ -0,0 +1,15 @@
defmodule Pleroma.Plugs.SetUserSessionIdPlug do
import Plug.Conn
alias Pleroma.User
def init(opts) do
opts
end
def call(%{assigns: %{user: %User{id: id}}} = conn, _) do
conn
|> put_session(:user_id, id)
end
def call(conn, _), do: conn
end

View file

@ -0,0 +1,17 @@
defmodule Pleroma.Plugs.UserEnabledPlug do
import Plug.Conn
alias Pleroma.User
def init(options) do
options
end
def call(%{assigns: %{user: %User{info: %{"deactivated" => true}}}} = conn, _) do
conn
|> assign(:user, nil)
end
def call(conn, _) do
conn
end
end

View file

@ -0,0 +1,34 @@
defmodule Pleroma.Plugs.UserFetcherPlug do
import Plug.Conn
alias Pleroma.Repo
alias Pleroma.User
def init(options) do
options
end
def call(conn, options) do
with %{auth_credentials: %{username: username}} <- conn.assigns,
{:ok, %User{} = user} <- user_fetcher(username) do
conn
|> assign(:auth_user, user)
else
_ -> conn
end
end
defp user_fetcher(username_or_email) do
{
:ok,
cond do
# First, try logging in as if it was a name
user = Repo.get_by(User, %{nickname: username_or_email}) ->
user
# If we get nil, we try using it as an email
user = Repo.get_by(User, %{email: username_or_email}) ->
user
end
}
end
end

View file

@ -9,47 +9,57 @@ defmodule Pleroma.Web.Router do
@public Keyword.get(@instance, :public) @public Keyword.get(@instance, :public)
@registrations_open Keyword.get(@instance, :registrations_open) @registrations_open Keyword.get(@instance, :registrations_open)
def user_fetcher(username_or_email) do
{
:ok,
cond do
# First, try logging in as if it was a name
user = Repo.get_by(User, %{nickname: username_or_email}) ->
user
# If we get nil, we try using it as an email
user = Repo.get_by(User, %{email: username_or_email}) ->
user
end
}
end
pipeline :api do pipeline :api do
plug(:accepts, ["json"]) plug(:accepts, ["json"])
plug(:fetch_session) plug(:fetch_session)
plug(Pleroma.Plugs.OAuthPlug) plug(Pleroma.Plugs.OAuthPlug)
plug(Pleroma.Plugs.AuthenticationPlug, %{fetcher: &Router.user_fetcher/1, optional: true}) plug(Pleroma.Plugs.BasicAuthDecoderPlug)
plug(Pleroma.Plugs.UserFetcherPlug)
plug(Pleroma.Plugs.SessionAuthenticationPlug)
plug(Pleroma.Plugs.LegacyAuthenticationPlug)
plug(Pleroma.Plugs.AuthenticationPlug)
plug(Pleroma.Plugs.UserEnabledPlug)
plug(Pleroma.Plugs.SetUserSessionIdPlug)
plug(Pleroma.Plugs.EnsureUserKeyPlug)
end end
pipeline :authenticated_api do pipeline :authenticated_api do
plug(:accepts, ["json"]) plug(:accepts, ["json"])
plug(:fetch_session) plug(:fetch_session)
plug(Pleroma.Plugs.OAuthPlug) plug(Pleroma.Plugs.OAuthPlug)
plug(Pleroma.Plugs.AuthenticationPlug, %{fetcher: &Router.user_fetcher/1}) plug(Pleroma.Plugs.BasicAuthDecoderPlug)
plug(Pleroma.Plugs.UserFetcherPlug)
plug(Pleroma.Plugs.SessionAuthenticationPlug)
plug(Pleroma.Plugs.LegacyAuthenticationPlug)
plug(Pleroma.Plugs.AuthenticationPlug)
plug(Pleroma.Plugs.UserEnabledPlug)
plug(Pleroma.Plugs.SetUserSessionIdPlug)
plug(Pleroma.Plugs.EnsureAuthenticatedPlug)
end end
pipeline :mastodon_html do pipeline :mastodon_html do
plug(:accepts, ["html"]) plug(:accepts, ["html"])
plug(:fetch_session) plug(:fetch_session)
plug(Pleroma.Plugs.OAuthPlug) plug(Pleroma.Plugs.OAuthPlug)
plug(Pleroma.Plugs.AuthenticationPlug, %{fetcher: &Router.user_fetcher/1, optional: true}) plug(Pleroma.Plugs.BasicAuthDecoderPlug)
plug(Pleroma.Plugs.UserFetcherPlug)
plug(Pleroma.Plugs.SessionAuthenticationPlug)
plug(Pleroma.Plugs.LegacyAuthenticationPlug)
plug(Pleroma.Plugs.AuthenticationPlug)
plug(Pleroma.Plugs.UserEnabledPlug)
plug(Pleroma.Plugs.SetUserSessionIdPlug)
plug(Pleroma.Plugs.EnsureUserKeyPlug)
end end
pipeline :pleroma_html do pipeline :pleroma_html do
plug(:accepts, ["html"]) plug(:accepts, ["html"])
plug(:fetch_session) plug(:fetch_session)
plug(Pleroma.Plugs.OAuthPlug) plug(Pleroma.Plugs.OAuthPlug)
plug(Pleroma.Plugs.AuthenticationPlug, %{fetcher: &Router.user_fetcher/1, optional: true}) plug(Pleroma.Plugs.BasicAuthDecoderPlug)
plug(Pleroma.Plugs.UserFetcherPlug)
plug(Pleroma.Plugs.SessionAuthenticationPlug)
plug(Pleroma.Plugs.AuthenticationPlug)
plug(Pleroma.Plugs.EnsureUserKeyPlug)
end end
pipeline :well_known do pipeline :well_known do

View file

@ -50,7 +50,9 @@ defp deps do
{:ex_aws_s3, "~> 2.0"}, {:ex_aws_s3, "~> 2.0"},
{:ex_machina, "~> 2.2", only: :test}, {:ex_machina, "~> 2.2", only: :test},
{:credo, "~> 0.9.3", only: [:dev, :test]}, {:credo, "~> 0.9.3", only: [:dev, :test]},
{:mock, "~> 0.3.1", only: :test} {:mock, "~> 0.3.1", only: :test},
{:crypt,
git: "https://github.com/msantos/crypt", ref: "1f2b58927ab57e72910191a7ebaeff984382a1d3"}
] ]
end end

View file

@ -8,6 +8,7 @@
"cowboy": {:hex, :cowboy, "1.1.2", "61ac29ea970389a88eca5a65601460162d370a70018afe6f949a29dca91f3bb0", [:rebar3], [{:cowlib, "~> 1.0.2", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.3.2", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm"}, "cowboy": {:hex, :cowboy, "1.1.2", "61ac29ea970389a88eca5a65601460162d370a70018afe6f949a29dca91f3bb0", [:rebar3], [{:cowlib, "~> 1.0.2", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.3.2", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm"},
"cowlib": {:hex, :cowlib, "1.0.2", "9d769a1d062c9c3ac753096f868ca121e2730b9a377de23dec0f7e08b1df84ee", [:make], [], "hexpm"}, "cowlib": {:hex, :cowlib, "1.0.2", "9d769a1d062c9c3ac753096f868ca121e2730b9a377de23dec0f7e08b1df84ee", [:make], [], "hexpm"},
"credo": {:hex, :credo, "0.9.3", "76fa3e9e497ab282e0cf64b98a624aa11da702854c52c82db1bf24e54ab7c97a", [:mix], [{:bunt, "~> 0.2.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:poison, ">= 0.0.0", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm"}, "credo": {:hex, :credo, "0.9.3", "76fa3e9e497ab282e0cf64b98a624aa11da702854c52c82db1bf24e54ab7c97a", [:mix], [{:bunt, "~> 0.2.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:poison, ">= 0.0.0", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm"},
"crypt": {:git, "https://github.com/msantos/crypt", "1f2b58927ab57e72910191a7ebaeff984382a1d3", [ref: "1f2b58927ab57e72910191a7ebaeff984382a1d3"]},
"db_connection": {:hex, :db_connection, "1.1.3", "89b30ca1ef0a3b469b1c779579590688561d586694a3ce8792985d4d7e575a61", [:mix], [{:connection, "~> 1.0.2", [hex: :connection, repo: "hexpm", optional: false]}, {:poolboy, "~> 1.5", [hex: :poolboy, repo: "hexpm", optional: true]}, {:sbroker, "~> 1.0", [hex: :sbroker, repo: "hexpm", optional: true]}], "hexpm"}, "db_connection": {:hex, :db_connection, "1.1.3", "89b30ca1ef0a3b469b1c779579590688561d586694a3ce8792985d4d7e575a61", [:mix], [{:connection, "~> 1.0.2", [hex: :connection, repo: "hexpm", optional: false]}, {:poolboy, "~> 1.5", [hex: :poolboy, repo: "hexpm", optional: true]}, {:sbroker, "~> 1.0", [hex: :sbroker, repo: "hexpm", optional: true]}], "hexpm"},
"decimal": {:hex, :decimal, "1.5.0", "b0433a36d0e2430e3d50291b1c65f53c37d56f83665b43d79963684865beab68", [:mix], [], "hexpm"}, "decimal": {:hex, :decimal, "1.5.0", "b0433a36d0e2430e3d50291b1c65f53c37d56f83665b43d79963684865beab68", [:mix], [], "hexpm"},
"ecto": {:hex, :ecto, "2.2.10", "e7366dc82f48f8dd78fcbf3ab50985ceeb11cb3dc93435147c6e13f2cda0992e", [:mix], [{:db_connection, "~> 1.1", [hex: :db_connection, repo: "hexpm", optional: true]}, {:decimal, "~> 1.2", [hex: :decimal, repo: "hexpm", optional: false]}, {:mariaex, "~> 0.8.0", [hex: :mariaex, repo: "hexpm", optional: true]}, {:poison, "~> 2.2 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: true]}, {:poolboy, "~> 1.5", [hex: :poolboy, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.13.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:sbroker, "~> 1.0", [hex: :sbroker, repo: "hexpm", optional: true]}], "hexpm"}, "ecto": {:hex, :ecto, "2.2.10", "e7366dc82f48f8dd78fcbf3ab50985ceeb11cb3dc93435147c6e13f2cda0992e", [:mix], [{:db_connection, "~> 1.1", [hex: :db_connection, repo: "hexpm", optional: true]}, {:decimal, "~> 1.2", [hex: :decimal, repo: "hexpm", optional: false]}, {:mariaex, "~> 0.8.0", [hex: :mariaex, repo: "hexpm", optional: true]}, {:poison, "~> 2.2 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: true]}, {:poolboy, "~> 1.5", [hex: :poolboy, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.13.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:sbroker, "~> 1.0", [hex: :sbroker, repo: "hexpm", optional: true]}], "hexpm"},

View file

@ -4,196 +4,50 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do
alias Pleroma.Plugs.AuthenticationPlug alias Pleroma.Plugs.AuthenticationPlug
alias Pleroma.User alias Pleroma.User
defp fetch_nil(_name) do setup %{conn: conn} do
{:ok, nil} user = %User{
end
@user %User{
id: 1, id: 1,
name: "dude", name: "dude",
password_hash: Comeonin.Pbkdf2.hashpwsalt("guy") password_hash: Comeonin.Pbkdf2.hashpwsalt("guy")
} }
@deactivated %User{
id: 1,
name: "dude",
password_hash: Comeonin.Pbkdf2.hashpwsalt("guy"),
info: %{"deactivated" => true}
}
@session_opts [
store: :cookie,
key: "_test",
signing_salt: "cooldude"
]
defp fetch_user(_name) do
{:ok, @user}
end
defp basic_auth_enc(username, password) do
"Basic " <> Base.encode64("#{username}:#{password}")
end
describe "without an authorization header" do
test "it halts the application" do
conn = conn =
build_conn() conn
|> Plug.Session.call(Plug.Session.init(@session_opts)) |> assign(:auth_user, user)
|> fetch_session
%{user: user, conn: conn}
end
test "it does nothing if a user is assigned", %{conn: conn} do
conn =
conn
|> assign(:user, %User{})
ret_conn =
conn
|> AuthenticationPlug.call(%{}) |> AuthenticationPlug.call(%{})
assert conn.status == 403 assert ret_conn == conn
assert conn.halted == true
end end
test "it assigns a nil user if the 'optional' option is used" do test "with a correct password in the credentials, it assigns the auth_user", %{conn: conn} do
conn =
build_conn()
|> Plug.Session.call(Plug.Session.init(@session_opts))
|> fetch_session
|> AuthenticationPlug.call(%{optional: true})
assert %{user: nil} == conn.assigns
end
end
describe "with an authorization header for a nonexisting user" do
test "it halts the application" do
conn =
build_conn()
|> Plug.Session.call(Plug.Session.init(@session_opts))
|> fetch_session
|> AuthenticationPlug.call(%{fetcher: &fetch_nil/1})
assert conn.status == 403
assert conn.halted == true
end
test "it assigns a nil user if the 'optional' option is used" do
conn =
build_conn()
|> Plug.Session.call(Plug.Session.init(@session_opts))
|> fetch_session
|> AuthenticationPlug.call(%{optional: true, fetcher: &fetch_nil/1})
assert %{user: nil} == conn.assigns
end
end
describe "with an incorrect authorization header for a enxisting user" do
test "it halts the application" do
opts = %{
fetcher: &fetch_user/1
}
header = basic_auth_enc("dude", "man")
conn =
build_conn()
|> Plug.Session.call(Plug.Session.init(@session_opts))
|> fetch_session
|> put_req_header("authorization", header)
|> AuthenticationPlug.call(opts)
assert conn.status == 403
assert conn.halted == true
end
test "it assigns a nil user if the 'optional' option is used" do
opts = %{
optional: true,
fetcher: &fetch_user/1
}
header = basic_auth_enc("dude", "man")
conn =
build_conn()
|> Plug.Session.call(Plug.Session.init(@session_opts))
|> fetch_session
|> put_req_header("authorization", header)
|> AuthenticationPlug.call(opts)
assert %{user: nil} == conn.assigns
end
end
describe "with a correct authorization header for an existing user" do
test "it assigns the user", %{conn: conn} do
opts = %{
optional: true,
fetcher: &fetch_user/1
}
header = basic_auth_enc("dude", "guy")
conn = conn =
conn conn
|> Plug.Session.call(Plug.Session.init(@session_opts)) |> assign(:auth_credentials, %{password: "guy"})
|> fetch_session |> AuthenticationPlug.call(%{})
|> put_req_header("authorization", header)
|> AuthenticationPlug.call(opts)
assert %{user: @user} == conn.assigns assert conn.assigns.user == conn.assigns.auth_user
assert get_session(conn, :user_id) == @user.id
assert conn.halted == false
end
end end
describe "with a correct authorization header for an deactiviated user" do test "with a wrong password in the credentials, it does nothing", %{conn: conn} do
test "it halts the appication", %{conn: conn} do
opts = %{
optional: false,
fetcher: fn _ -> @deactivated end
}
header = basic_auth_enc("dude", "guy")
conn = conn =
conn conn
|> Plug.Session.call(Plug.Session.init(@session_opts)) |> assign(:auth_credentials, %{password: "wrong"})
|> fetch_session
|> put_req_header("authorization", header)
|> AuthenticationPlug.call(opts)
assert conn.status == 403 ret_conn =
assert conn.halted == true
end
end
describe "with a user_id in the session for an existing user" do
test "it assigns the user", %{conn: conn} do
opts = %{
optional: true,
fetcher: &fetch_user/1
}
header = basic_auth_enc("dude", "THIS IS WRONG")
conn =
conn conn
|> Plug.Session.call(Plug.Session.init(@session_opts)) |> AuthenticationPlug.call(%{})
|> fetch_session
|> put_session(:user_id, @user.id)
|> put_req_header("authorization", header)
|> AuthenticationPlug.call(opts)
assert %{user: @user} == conn.assigns assert conn == ret_conn
assert get_session(conn, :user_id) == @user.id
assert conn.halted == false
end
end
describe "with an assigned user" do
test "it does nothing, returning the incoming conn", %{conn: conn} do
conn =
conn
|> assign(:user, @user)
conn_result = AuthenticationPlug.call(conn, %{})
assert conn == conn_result
end
end end
end end

View file

@ -0,0 +1,31 @@
defmodule Pleroma.Plugs.BasicAuthDecoderPlugTest do
use Pleroma.Web.ConnCase, async: true
alias Pleroma.Plugs.BasicAuthDecoderPlug
defp basic_auth_enc(username, password) do
"Basic " <> Base.encode64("#{username}:#{password}")
end
test "it puts the decoded credentials into the assigns", %{conn: conn} do
header = basic_auth_enc("moonman", "iloverobek")
conn =
conn
|> put_req_header("authorization", header)
|> BasicAuthDecoderPlug.call(%{})
assert conn.assigns[:auth_credentials] == %{
username: "moonman",
password: "iloverobek"
}
end
test "without a authorization header it doesn't do anything", %{conn: conn} do
ret_conn =
conn
|> BasicAuthDecoderPlug.call(%{})
assert conn == ret_conn
end
end

View file

@ -0,0 +1,27 @@
defmodule Pleroma.Plugs.EnsureAuthenticatedPlugTest do
use Pleroma.Web.ConnCase, async: true
alias Pleroma.Plugs.EnsureAuthenticatedPlug
alias Pleroma.User
test "it halts if no user is assigned", %{conn: conn} do
conn =
conn
|> EnsureAuthenticatedPlug.call(%{})
assert conn.status == 403
assert conn.halted == true
end
test "it continues if a user is assigned", %{conn: conn} do
conn =
conn
|> assign(:user, %User{})
ret_conn =
conn
|> EnsureAuthenticatedPlug.call(%{})
assert ret_conn == conn
end
end

View file

@ -0,0 +1,25 @@
defmodule Pleroma.Plugs.EnsureUserKeyPlugTest do
use Pleroma.Web.ConnCase, async: true
alias Pleroma.Plugs.EnsureUserKeyPlug
test "if the conn has a user key set, it does nothing", %{conn: conn} do
conn =
conn
|> assign(:user, 1)
ret_conn =
conn
|> EnsureUserKeyPlug.call(%{})
assert conn == ret_conn
end
test "if the conn has no key set, it sets it to nil", %{conn: conn} do
conn =
conn
|> EnsureUserKeyPlug.call(%{})
assert Map.has_key?(conn.assigns, :user)
end
end

View file

@ -0,0 +1,82 @@
defmodule Pleroma.Plugs.LegacyAuthenticationPlugTest do
use Pleroma.Web.ConnCase, async: true
alias Pleroma.Plugs.LegacyAuthenticationPlug
alias Pleroma.User
import Mock
setup do
# password is "password"
user = %User{
id: 1,
name: "dude",
password_hash:
"$6$9psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1"
}
%{user: user}
end
test "it does nothing if a user is assigned", %{conn: conn, user: user} do
conn =
conn
|> assign(:auth_credentials, %{username: "dude", password: "password"})
|> assign(:auth_user, user)
|> assign(:user, %User{})
ret_conn =
conn
|> LegacyAuthenticationPlug.call(%{})
assert ret_conn == conn
end
test "it authenticates the auth_user if present and password is correct and resets the password",
%{
conn: conn,
user: user
} do
conn =
conn
|> assign(:auth_credentials, %{username: "dude", password: "password"})
|> assign(:auth_user, user)
conn =
with_mock User,
reset_password: fn user, %{password: password, password_confirmation: password} ->
send(self(), :reset_password)
{:ok, user}
end do
conn
|> LegacyAuthenticationPlug.call(%{})
end
assert_received :reset_password
assert conn.assigns.user == user
end
test "it does nothing if the password is wrong", %{
conn: conn,
user: user
} do
conn =
conn
|> assign(:auth_credentials, %{username: "dude", password: "wrong_password"})
|> assign(:auth_user, user)
ret_conn =
conn
|> LegacyAuthenticationPlug.call(%{})
assert conn == ret_conn
end
test "with no credentials or user it does nothing", %{conn: conn} do
ret_conn =
conn
|> LegacyAuthenticationPlug.call(%{})
assert ret_conn == conn
end
end

View file

@ -0,0 +1,59 @@
defmodule Pleroma.Plugs.SessionAuthenticationPlugTest do
use Pleroma.Web.ConnCase, async: true
alias Pleroma.Plugs.SessionAuthenticationPlug
alias Pleroma.User
setup %{conn: conn} do
session_opts = [
store: :cookie,
key: "_test",
signing_salt: "cooldude"
]
conn =
conn
|> Plug.Session.call(Plug.Session.init(session_opts))
|> fetch_session
|> assign(:auth_user, %User{id: 1})
%{conn: conn}
end
test "it does nothing if a user is assigned", %{conn: conn} do
conn =
conn
|> assign(:user, %User{})
ret_conn =
conn
|> SessionAuthenticationPlug.call(%{})
assert ret_conn == conn
end
test "if the auth_user has the same id as the user_id in the session, it assigns the user", %{
conn: conn
} do
conn =
conn
|> put_session(:user_id, conn.assigns.auth_user.id)
|> SessionAuthenticationPlug.call(%{})
assert conn.assigns.user == conn.assigns.auth_user
end
test "if the auth_user has a different id as the user_id in the session, it does nothing", %{
conn: conn
} do
conn =
conn
|> put_session(:user_id, -1)
ret_conn =
conn
|> SessionAuthenticationPlug.call(%{})
assert ret_conn == conn
end
end

View file

@ -0,0 +1,39 @@
defmodule Pleroma.Plugs.SetUserSessionIdPlugTest do
use Pleroma.Web.ConnCase, async: true
alias Pleroma.Plugs.SetUserSessionIdPlug
alias Pleroma.User
setup %{conn: conn} do
session_opts = [
store: :cookie,
key: "_test",
signing_salt: "cooldude"
]
conn =
conn
|> Plug.Session.call(Plug.Session.init(session_opts))
|> fetch_session
%{conn: conn}
end
test "doesn't do anything if the user isn't set", %{conn: conn} do
ret_conn =
conn
|> SetUserSessionIdPlug.call(%{})
assert ret_conn == conn
end
test "sets the user_id in the session to the user id of the user assign", %{conn: conn} do
conn =
conn
|> assign(:user, %User{id: 1})
|> SetUserSessionIdPlug.call(%{})
id = get_session(conn, :user_id)
assert id == 1
end
end

View file

@ -0,0 +1,35 @@
defmodule Pleroma.Plugs.UserEnabledPlugTest do
use Pleroma.Web.ConnCase, async: true
alias Pleroma.Plugs.UserEnabledPlug
alias Pleroma.User
test "doesn't do anything if the user isn't set", %{conn: conn} do
ret_conn =
conn
|> UserEnabledPlug.call(%{})
assert ret_conn == conn
end
test "with a user that is deactivated, it removes that user", %{conn: conn} do
conn =
conn
|> assign(:user, %User{info: %{"deactivated" => true}})
|> UserEnabledPlug.call(%{})
assert conn.assigns.user == nil
end
test "with a user that is not deactivated, it does nothing", %{conn: conn} do
conn =
conn
|> assign(:user, %User{})
ret_conn =
conn
|> UserEnabledPlug.call(%{})
assert conn == ret_conn
end
end

View file

@ -0,0 +1,37 @@
defmodule Pleroma.Plugs.UserFetcherPlugTest do
use Pleroma.Web.ConnCase, async: true
alias Pleroma.Plugs.UserFetcherPlug
import Pleroma.Factory
setup do
user = insert(:user)
%{user: user}
end
test "if an auth_credentials assign is present, it tries to fetch the user and assigns it", %{
conn: conn,
user: user
} do
conn =
conn
|> assign(:auth_credentials, %{
username: user.nickname,
password: nil
})
conn =
conn
|> UserFetcherPlug.call(%{})
assert conn.assigns[:auth_user] == user
end
test "without a credential assign it doesn't do anything", %{conn: conn} do
ret_conn =
conn
|> UserFetcherPlug.call(%{})
assert conn == ret_conn
end
end