forked from YokaiRick/akkoma
70 lines
1.7 KiB
Elixir
70 lines
1.7 KiB
Elixir
# Pleroma: A lightweight social networking server
|
|
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
defmodule Pleroma.Web.AdminAPI.ConfigControllerTest do
|
|
use Pleroma.Web.ConnCase, async: false
|
|
|
|
import Pleroma.Factory
|
|
|
|
setup_all do
|
|
Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
|
|
|
|
:ok
|
|
end
|
|
|
|
setup do
|
|
clear_config(:configurable_from_database, true)
|
|
admin = insert(:user, is_admin: true)
|
|
token = insert(:oauth_admin_token, user: admin)
|
|
|
|
conn =
|
|
build_conn()
|
|
|> assign(:user, admin)
|
|
|> assign(:token, token)
|
|
|> put_req_header("content-type", "application/json")
|
|
|
|
{:ok, %{admin: admin, token: token, conn: conn}}
|
|
end
|
|
|
|
describe "POST /api/v1/pleroma/admin/config" do
|
|
test "Refuses to update non-whitelisted config options", %{conn: conn} do
|
|
banned_config = %{
|
|
configs: [
|
|
%{
|
|
group: ":mogrify",
|
|
key: ":mogrify_command",
|
|
value: [
|
|
%{tuple: [":path", "sh"]},
|
|
%{tuple: [":args", ["-c", "echo pwnd > /tmp/a"]]}
|
|
]
|
|
},
|
|
%{
|
|
group: ":pleroma",
|
|
key: ":http",
|
|
value: [
|
|
%{tuple: ["wow", "nice"]}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
|
|
resp =
|
|
conn
|
|
|> post(~p"/api/v1/pleroma/admin/config", banned_config)
|
|
|> json_response_and_validate_schema(200)
|
|
|
|
# It should basically just throw out the mogrify option
|
|
assert Enum.count(resp["configs"]) == 1
|
|
|
|
assert %{
|
|
"configs" => [
|
|
%{
|
|
"group" => ":pleroma"
|
|
}
|
|
]
|
|
} = resp
|
|
end
|
|
end
|
|
end
|