Move account_register, relationships and verify_credentials to MastodonAPI.AccountController
This commit is contained in:
parent
122cc050ab
commit
c0ce2d5faf
|
@ -8,22 +8,89 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
|
|||
import Pleroma.Web.ControllerHelper,
|
||||
only: [add_link_headers: 2, truthy_param?: 1, assign_account_by_id: 2, json_response: 3]
|
||||
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Web.CommonAPI
|
||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
||||
alias Pleroma.Web.MastodonAPI.StatusView
|
||||
alias Pleroma.Web.MastodonAPI.MastodonAPI
|
||||
alias Pleroma.Web.MastodonAPI.ListView
|
||||
alias Pleroma.Plugs.RateLimiter
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
||||
alias Pleroma.Web.CommonAPI
|
||||
alias Pleroma.Web.MastodonAPI.ListView
|
||||
alias Pleroma.Web.MastodonAPI.MastodonAPI
|
||||
alias Pleroma.Web.MastodonAPI.StatusView
|
||||
alias Pleroma.Web.OAuth.Token
|
||||
alias Pleroma.Web.TwitterAPI.TwitterAPI
|
||||
|
||||
@relations ~w(follow unfollow)a
|
||||
@relations [:follow, :unfollow]
|
||||
@needs_account ~W(followers following lists follow unfollow mute unmute block unblock)a
|
||||
|
||||
plug(RateLimiter, {:relations_id_action, params: ["id", "uri"]} when action in @relations)
|
||||
plug(RateLimiter, :relations_actions when action in @relations)
|
||||
plug(:assign_account_by_id when action not in [:show, :statuses])
|
||||
plug(RateLimiter, :app_account_creation when action == :create)
|
||||
plug(:assign_account_by_id when action in @needs_account)
|
||||
|
||||
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
||||
|
||||
@doc "POST /api/v1/accounts"
|
||||
def create(
|
||||
%{assigns: %{app: app}} = conn,
|
||||
%{"username" => nickname, "email" => _, "password" => _, "agreement" => true} = params
|
||||
) do
|
||||
params =
|
||||
params
|
||||
|> Map.take([
|
||||
"email",
|
||||
"captcha_solution",
|
||||
"captcha_token",
|
||||
"captcha_answer_data",
|
||||
"token",
|
||||
"password"
|
||||
])
|
||||
|> Map.put("nickname", nickname)
|
||||
|> Map.put("fullname", params["fullname"] || nickname)
|
||||
|> Map.put("bio", params["bio"] || "")
|
||||
|> Map.put("confirm", params["password"])
|
||||
|
||||
with {:ok, user} <- TwitterAPI.register_user(params, need_confirmation: true),
|
||||
{:ok, token} <- Token.create_token(app, user, %{scopes: app.scopes}) do
|
||||
json(conn, %{
|
||||
token_type: "Bearer",
|
||||
access_token: token.token,
|
||||
scope: app.scopes,
|
||||
created_at: Token.Utils.format_created_at(token)
|
||||
})
|
||||
else
|
||||
{:error, errors} -> json_response(conn, :bad_request, errors)
|
||||
end
|
||||
end
|
||||
|
||||
def create(%{assigns: %{app: _app}} = conn, _) do
|
||||
render_error(conn, :bad_request, "Missing parameters")
|
||||
end
|
||||
|
||||
def create(conn, _) do
|
||||
render_error(conn, :forbidden, "Invalid credentials")
|
||||
end
|
||||
|
||||
@doc "GET /api/v1/accounts/verify_credentials"
|
||||
def verify_credentials(%{assigns: %{user: user}} = conn, _) do
|
||||
chat_token = Phoenix.Token.sign(conn, "user socket", user.id)
|
||||
|
||||
render(conn, "show.json",
|
||||
user: user,
|
||||
for: user,
|
||||
with_pleroma_settings: true,
|
||||
with_chat_token: chat_token
|
||||
)
|
||||
end
|
||||
|
||||
@doc "GET /api/v1/accounts/relationships"
|
||||
def relationships(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
||||
targets = User.get_all_by_ids(List.wrap(id))
|
||||
|
||||
render(conn, "relationships.json", user: user, targets: targets)
|
||||
end
|
||||
|
||||
# Instead of returning a 400 when no "id" params is present, Mastodon returns an empty array.
|
||||
def relationships(%{assigns: %{user: _user}} = conn, _), do: json(conn, [])
|
||||
|
||||
@doc "GET /api/v1/accounts/:id"
|
||||
def show(%{assigns: %{user: for_user}} = conn, %{"id" => nickname_or_id}) do
|
||||
with %User{} = user <- User.get_cached_by_nickname_or_id(nickname_or_id, for: for_user),
|
||||
|
|
|
@ -35,8 +35,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
|
|||
|
||||
require Logger
|
||||
|
||||
plug(RateLimiter, :app_account_creation when action == :account_register)
|
||||
plug(RateLimiter, :search when action in [:search, :search2, :account_search])
|
||||
plug(RateLimiter, :password_reset when action == :password_reset)
|
||||
|
||||
@local_mastodon_name "Mastodon-Local"
|
||||
|
@ -164,20 +162,6 @@ def update_credentials(%{assigns: %{user: user}} = conn, params) do
|
|||
end
|
||||
end
|
||||
|
||||
|
||||
def verify_credentials(%{assigns: %{user: user}} = conn, _) do
|
||||
chat_token = Phoenix.Token.sign(conn, "user socket", user.id)
|
||||
|
||||
account =
|
||||
AccountView.render("show.json", %{
|
||||
user: user,
|
||||
for: user,
|
||||
with_pleroma_settings: true,
|
||||
with_chat_token: chat_token
|
||||
})
|
||||
|
||||
json(conn, account)
|
||||
end
|
||||
def verify_app_credentials(%{assigns: %{user: _user, token: token}} = conn, _) do
|
||||
with %Token{app: %App{} = app} <- Repo.preload(token, :app) do
|
||||
conn
|
||||
|
@ -288,17 +272,6 @@ def poll_vote(%{assigns: %{user: user}} = conn, %{"id" => id, "choices" => choic
|
|||
end
|
||||
end
|
||||
|
||||
def relationships(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
||||
targets = User.get_all_by_ids(List.wrap(id))
|
||||
|
||||
conn
|
||||
|> put_view(AccountView)
|
||||
|> render("relationships.json", %{user: user, targets: targets})
|
||||
end
|
||||
|
||||
# Instead of returning a 400 when no "id" params is present, Mastodon returns an empty array.
|
||||
def relationships(%{assigns: %{user: _user}} = conn, _), do: json(conn, [])
|
||||
|
||||
def update_media(
|
||||
%{assigns: %{user: user}} = conn,
|
||||
%{"id" => id, "description" => description} = _
|
||||
|
@ -649,49 +622,6 @@ defp fetch_suggestion_id(attrs) do
|
|||
end
|
||||
end
|
||||
|
||||
def account_register(
|
||||
%{assigns: %{app: app}} = conn,
|
||||
%{"username" => nickname, "email" => _, "password" => _, "agreement" => true} = params
|
||||
) do
|
||||
params =
|
||||
params
|
||||
|> Map.take([
|
||||
"email",
|
||||
"captcha_solution",
|
||||
"captcha_token",
|
||||
"captcha_answer_data",
|
||||
"token",
|
||||
"password"
|
||||
])
|
||||
|> Map.put("nickname", nickname)
|
||||
|> Map.put("fullname", params["fullname"] || nickname)
|
||||
|> Map.put("bio", params["bio"] || "")
|
||||
|> Map.put("confirm", params["password"])
|
||||
|
||||
with {:ok, user} <- TwitterAPI.register_user(params, need_confirmation: true),
|
||||
{:ok, token} <- Token.create_token(app, user, %{scopes: app.scopes}) do
|
||||
json(conn, %{
|
||||
token_type: "Bearer",
|
||||
access_token: token.token,
|
||||
scope: app.scopes,
|
||||
created_at: Token.Utils.format_created_at(token)
|
||||
})
|
||||
else
|
||||
{:error, errors} ->
|
||||
conn
|
||||
|> put_status(:bad_request)
|
||||
|> json(errors)
|
||||
end
|
||||
end
|
||||
|
||||
def account_register(%{assigns: %{app: _app}} = conn, _) do
|
||||
render_error(conn, :bad_request, "Missing parameters")
|
||||
end
|
||||
|
||||
def account_register(conn, _) do
|
||||
render_error(conn, :forbidden, "Invalid credentials")
|
||||
end
|
||||
|
||||
def password_reset(conn, params) do
|
||||
nickname_or_email = params["email"] || params["nickname"]
|
||||
|
||||
|
|
|
@ -335,9 +335,9 @@ defmodule Pleroma.Web.Router do
|
|||
scope [] do
|
||||
pipe_through(:oauth_read)
|
||||
|
||||
get("/accounts/verify_credentials", MastodonAPIController, :verify_credentials)
|
||||
get("/accounts/verify_credentials", AccountController, :verify_credentials)
|
||||
|
||||
get("/accounts/relationships", MastodonAPIController, :relationships)
|
||||
get("/accounts/relationships", AccountController, :relationships)
|
||||
|
||||
get("/accounts/:id/lists", AccountController, :lists)
|
||||
get("/accounts/:id/identity_proofs", MastodonAPIController, :empty_array)
|
||||
|
@ -459,7 +459,7 @@ defmodule Pleroma.Web.Router do
|
|||
scope "/api/v1", Pleroma.Web.MastodonAPI do
|
||||
pipe_through(:api)
|
||||
|
||||
post("/accounts", MastodonAPIController, :account_register)
|
||||
post("/accounts", AccountController, :create)
|
||||
|
||||
get("/instance", MastodonAPIController, :masto_instance)
|
||||
get("/instance/peers", MastodonAPIController, :peers)
|
||||
|
|
|
@ -5,9 +5,11 @@
|
|||
defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
|
||||
use Pleroma.Web.ConnCase
|
||||
|
||||
alias Pleroma.Repo
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
||||
alias Pleroma.Web.CommonAPI
|
||||
alias Pleroma.Web.OAuth.Token
|
||||
|
||||
import Pleroma.Factory
|
||||
|
||||
|
@ -595,4 +597,256 @@ test "blocking / unblocking a user", %{conn: conn} do
|
|||
|
||||
assert %{"id" => _id, "blocking" => false} = json_response(conn, 200)
|
||||
end
|
||||
|
||||
describe "create account by app" do
|
||||
setup do
|
||||
valid_params = %{
|
||||
username: "lain",
|
||||
email: "lain@example.org",
|
||||
password: "PlzDontHackLain",
|
||||
agreement: true
|
||||
}
|
||||
|
||||
[valid_params: valid_params]
|
||||
end
|
||||
|
||||
test "Account registration via Application", %{conn: conn} do
|
||||
conn =
|
||||
conn
|
||||
|> post("/api/v1/apps", %{
|
||||
client_name: "client_name",
|
||||
redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
|
||||
scopes: "read, write, follow"
|
||||
})
|
||||
|
||||
%{
|
||||
"client_id" => client_id,
|
||||
"client_secret" => client_secret,
|
||||
"id" => _,
|
||||
"name" => "client_name",
|
||||
"redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
|
||||
"vapid_key" => _,
|
||||
"website" => nil
|
||||
} = json_response(conn, 200)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> post("/oauth/token", %{
|
||||
grant_type: "client_credentials",
|
||||
client_id: client_id,
|
||||
client_secret: client_secret
|
||||
})
|
||||
|
||||
assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
|
||||
json_response(conn, 200)
|
||||
|
||||
assert token
|
||||
token_from_db = Repo.get_by(Token, token: token)
|
||||
assert token_from_db
|
||||
assert refresh
|
||||
assert scope == "read write follow"
|
||||
|
||||
conn =
|
||||
build_conn()
|
||||
|> put_req_header("authorization", "Bearer " <> token)
|
||||
|> post("/api/v1/accounts", %{
|
||||
username: "lain",
|
||||
email: "lain@example.org",
|
||||
password: "PlzDontHackLain",
|
||||
bio: "Test Bio",
|
||||
agreement: true
|
||||
})
|
||||
|
||||
%{
|
||||
"access_token" => token,
|
||||
"created_at" => _created_at,
|
||||
"scope" => _scope,
|
||||
"token_type" => "Bearer"
|
||||
} = json_response(conn, 200)
|
||||
|
||||
token_from_db = Repo.get_by(Token, token: token)
|
||||
assert token_from_db
|
||||
token_from_db = Repo.preload(token_from_db, :user)
|
||||
assert token_from_db.user
|
||||
|
||||
assert token_from_db.user.info.confirmation_pending
|
||||
end
|
||||
|
||||
test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
|
||||
_user = insert(:user, email: "lain@example.org")
|
||||
app_token = insert(:oauth_token, user: nil)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("authorization", "Bearer " <> app_token.token)
|
||||
|
||||
res = post(conn, "/api/v1/accounts", valid_params)
|
||||
assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"}
|
||||
end
|
||||
|
||||
test "rate limit", %{conn: conn} do
|
||||
app_token = insert(:oauth_token, user: nil)
|
||||
|
||||
conn =
|
||||
put_req_header(conn, "authorization", "Bearer " <> app_token.token)
|
||||
|> Map.put(:remote_ip, {15, 15, 15, 15})
|
||||
|
||||
for i <- 1..5 do
|
||||
conn =
|
||||
conn
|
||||
|> post("/api/v1/accounts", %{
|
||||
username: "#{i}lain",
|
||||
email: "#{i}lain@example.org",
|
||||
password: "PlzDontHackLain",
|
||||
agreement: true
|
||||
})
|
||||
|
||||
%{
|
||||
"access_token" => token,
|
||||
"created_at" => _created_at,
|
||||
"scope" => _scope,
|
||||
"token_type" => "Bearer"
|
||||
} = json_response(conn, 200)
|
||||
|
||||
token_from_db = Repo.get_by(Token, token: token)
|
||||
assert token_from_db
|
||||
token_from_db = Repo.preload(token_from_db, :user)
|
||||
assert token_from_db.user
|
||||
|
||||
assert token_from_db.user.info.confirmation_pending
|
||||
end
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> post("/api/v1/accounts", %{
|
||||
username: "6lain",
|
||||
email: "6lain@example.org",
|
||||
password: "PlzDontHackLain",
|
||||
agreement: true
|
||||
})
|
||||
|
||||
assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"}
|
||||
end
|
||||
|
||||
test "returns bad_request if missing required params", %{
|
||||
conn: conn,
|
||||
valid_params: valid_params
|
||||
} do
|
||||
app_token = insert(:oauth_token, user: nil)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("authorization", "Bearer " <> app_token.token)
|
||||
|
||||
res = post(conn, "/api/v1/accounts", valid_params)
|
||||
assert json_response(res, 200)
|
||||
|
||||
[{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}]
|
||||
|> Stream.zip(valid_params)
|
||||
|> Enum.each(fn {ip, {attr, _}} ->
|
||||
res =
|
||||
conn
|
||||
|> Map.put(:remote_ip, ip)
|
||||
|> post("/api/v1/accounts", Map.delete(valid_params, attr))
|
||||
|> json_response(400)
|
||||
|
||||
assert res == %{"error" => "Missing parameters"}
|
||||
end)
|
||||
end
|
||||
|
||||
test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("authorization", "Bearer " <> "invalid-token")
|
||||
|
||||
res = post(conn, "/api/v1/accounts", valid_params)
|
||||
assert json_response(res, 403) == %{"error" => "Invalid credentials"}
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /api/v1/accounts/:id/lists - account_lists" do
|
||||
test "returns lists to which the account belongs", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
other_user = insert(:user)
|
||||
assert {:ok, %Pleroma.List{} = list} = Pleroma.List.create("Test List", user)
|
||||
{:ok, %{following: _following}} = Pleroma.List.follow(list, other_user)
|
||||
|
||||
res =
|
||||
conn
|
||||
|> assign(:user, user)
|
||||
|> get("/api/v1/accounts/#{other_user.id}/lists")
|
||||
|> json_response(200)
|
||||
|
||||
assert res == [%{"id" => to_string(list.id), "title" => "Test List"}]
|
||||
end
|
||||
end
|
||||
|
||||
describe "verify_credentials" do
|
||||
test "verify_credentials", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> assign(:user, user)
|
||||
|> get("/api/v1/accounts/verify_credentials")
|
||||
|
||||
response = json_response(conn, 200)
|
||||
|
||||
assert %{"id" => id, "source" => %{"privacy" => "public"}} = response
|
||||
assert response["pleroma"]["chat_token"]
|
||||
assert id == to_string(user.id)
|
||||
end
|
||||
|
||||
test "verify_credentials default scope unlisted", %{conn: conn} do
|
||||
user = insert(:user, %{info: %User.Info{default_scope: "unlisted"}})
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> assign(:user, user)
|
||||
|> get("/api/v1/accounts/verify_credentials")
|
||||
|
||||
assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200)
|
||||
assert id == to_string(user.id)
|
||||
end
|
||||
|
||||
test "locked accounts", %{conn: conn} do
|
||||
user = insert(:user, %{info: %User.Info{default_scope: "private"}})
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> assign(:user, user)
|
||||
|> get("/api/v1/accounts/verify_credentials")
|
||||
|
||||
assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200)
|
||||
assert id == to_string(user.id)
|
||||
end
|
||||
end
|
||||
|
||||
describe "user relationships" do
|
||||
test "returns the relationships for the current user", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
other_user = insert(:user)
|
||||
{:ok, user} = User.follow(user, other_user)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> assign(:user, user)
|
||||
|> get("/api/v1/accounts/relationships", %{"id" => [other_user.id]})
|
||||
|
||||
assert [relationship] = json_response(conn, 200)
|
||||
|
||||
assert to_string(other_user.id) == relationship["id"]
|
||||
end
|
||||
|
||||
test "returns an empty list on a bad request", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> assign(:user, user)
|
||||
|> get("/api/v1/accounts/relationships", %{})
|
||||
|
||||
assert [] = json_response(conn, 200)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -15,7 +15,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
|
|||
alias Pleroma.Web.ActivityPub.ActivityPub
|
||||
alias Pleroma.Web.CommonAPI
|
||||
alias Pleroma.Web.OAuth.App
|
||||
alias Pleroma.Web.OAuth.Token
|
||||
alias Pleroma.Web.Push
|
||||
|
||||
import ExUnit.CaptureLog
|
||||
|
@ -31,33 +30,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
|
|||
clear_config([:instance, :public])
|
||||
clear_config([:rich_media, :enabled])
|
||||
|
||||
test "verify_credentials", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> assign(:user, user)
|
||||
|> get("/api/v1/accounts/verify_credentials")
|
||||
|
||||
response = json_response(conn, 200)
|
||||
|
||||
assert %{"id" => id, "source" => %{"privacy" => "public"}} = response
|
||||
assert response["pleroma"]["chat_token"]
|
||||
assert id == to_string(user.id)
|
||||
end
|
||||
|
||||
test "verify_credentials default scope unlisted", %{conn: conn} do
|
||||
user = insert(:user, %{info: %User.Info{default_scope: "unlisted"}})
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> assign(:user, user)
|
||||
|> get("/api/v1/accounts/verify_credentials")
|
||||
|
||||
assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200)
|
||||
assert id == to_string(user.id)
|
||||
end
|
||||
|
||||
test "apps/verify_credentials", %{conn: conn} do
|
||||
token = insert(:oauth_token)
|
||||
|
||||
|
@ -105,34 +77,6 @@ test "creates an oauth app", %{conn: conn} do
|
|||
assert expected == json_response(conn, 200)
|
||||
end
|
||||
|
||||
describe "user relationships" do
|
||||
test "returns the relationships for the current user", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
other_user = insert(:user)
|
||||
{:ok, user} = User.follow(user, other_user)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> assign(:user, user)
|
||||
|> get("/api/v1/accounts/relationships", %{"id" => [other_user.id]})
|
||||
|
||||
assert [relationship] = json_response(conn, 200)
|
||||
|
||||
assert to_string(other_user.id) == relationship["id"]
|
||||
end
|
||||
|
||||
test "returns an empty list on a bad request", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> assign(:user, user)
|
||||
|> get("/api/v1/accounts/relationships", %{})
|
||||
|
||||
assert [] = json_response(conn, 200)
|
||||
end
|
||||
end
|
||||
|
||||
describe "media upload" do
|
||||
setup do
|
||||
user = insert(:user)
|
||||
|
@ -170,20 +114,6 @@ test "returns uploaded image", %{conn: conn, image: image} do
|
|||
end
|
||||
end
|
||||
|
||||
describe "locked accounts" do
|
||||
test "verify_credentials", %{conn: conn} do
|
||||
user = insert(:user, %{info: %User.Info{default_scope: "private"}})
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> assign(:user, user)
|
||||
|> get("/api/v1/accounts/verify_credentials")
|
||||
|
||||
assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200)
|
||||
assert id == to_string(user.id)
|
||||
end
|
||||
end
|
||||
|
||||
describe "/api/v1/pleroma/mascot" do
|
||||
test "mascot upload", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
|
@ -555,172 +485,6 @@ test "redirects to the getting-started page when referer is not present", %{conn
|
|||
end
|
||||
end
|
||||
|
||||
describe "create account by app" do
|
||||
setup do
|
||||
valid_params = %{
|
||||
username: "lain",
|
||||
email: "lain@example.org",
|
||||
password: "PlzDontHackLain",
|
||||
agreement: true
|
||||
}
|
||||
|
||||
[valid_params: valid_params]
|
||||
end
|
||||
|
||||
test "Account registration via Application", %{conn: conn} do
|
||||
conn =
|
||||
conn
|
||||
|> post("/api/v1/apps", %{
|
||||
client_name: "client_name",
|
||||
redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
|
||||
scopes: "read, write, follow"
|
||||
})
|
||||
|
||||
%{
|
||||
"client_id" => client_id,
|
||||
"client_secret" => client_secret,
|
||||
"id" => _,
|
||||
"name" => "client_name",
|
||||
"redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
|
||||
"vapid_key" => _,
|
||||
"website" => nil
|
||||
} = json_response(conn, 200)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> post("/oauth/token", %{
|
||||
grant_type: "client_credentials",
|
||||
client_id: client_id,
|
||||
client_secret: client_secret
|
||||
})
|
||||
|
||||
assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
|
||||
json_response(conn, 200)
|
||||
|
||||
assert token
|
||||
token_from_db = Repo.get_by(Token, token: token)
|
||||
assert token_from_db
|
||||
assert refresh
|
||||
assert scope == "read write follow"
|
||||
|
||||
conn =
|
||||
build_conn()
|
||||
|> put_req_header("authorization", "Bearer " <> token)
|
||||
|> post("/api/v1/accounts", %{
|
||||
username: "lain",
|
||||
email: "lain@example.org",
|
||||
password: "PlzDontHackLain",
|
||||
bio: "Test Bio",
|
||||
agreement: true
|
||||
})
|
||||
|
||||
%{
|
||||
"access_token" => token,
|
||||
"created_at" => _created_at,
|
||||
"scope" => _scope,
|
||||
"token_type" => "Bearer"
|
||||
} = json_response(conn, 200)
|
||||
|
||||
token_from_db = Repo.get_by(Token, token: token)
|
||||
assert token_from_db
|
||||
token_from_db = Repo.preload(token_from_db, :user)
|
||||
assert token_from_db.user
|
||||
|
||||
assert token_from_db.user.info.confirmation_pending
|
||||
end
|
||||
|
||||
test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
|
||||
_user = insert(:user, email: "lain@example.org")
|
||||
app_token = insert(:oauth_token, user: nil)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("authorization", "Bearer " <> app_token.token)
|
||||
|
||||
res = post(conn, "/api/v1/accounts", valid_params)
|
||||
assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"}
|
||||
end
|
||||
|
||||
test "rate limit", %{conn: conn} do
|
||||
app_token = insert(:oauth_token, user: nil)
|
||||
|
||||
conn =
|
||||
put_req_header(conn, "authorization", "Bearer " <> app_token.token)
|
||||
|> Map.put(:remote_ip, {15, 15, 15, 15})
|
||||
|
||||
for i <- 1..5 do
|
||||
conn =
|
||||
conn
|
||||
|> post("/api/v1/accounts", %{
|
||||
username: "#{i}lain",
|
||||
email: "#{i}lain@example.org",
|
||||
password: "PlzDontHackLain",
|
||||
agreement: true
|
||||
})
|
||||
|
||||
%{
|
||||
"access_token" => token,
|
||||
"created_at" => _created_at,
|
||||
"scope" => _scope,
|
||||
"token_type" => "Bearer"
|
||||
} = json_response(conn, 200)
|
||||
|
||||
token_from_db = Repo.get_by(Token, token: token)
|
||||
assert token_from_db
|
||||
token_from_db = Repo.preload(token_from_db, :user)
|
||||
assert token_from_db.user
|
||||
|
||||
assert token_from_db.user.info.confirmation_pending
|
||||
end
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> post("/api/v1/accounts", %{
|
||||
username: "6lain",
|
||||
email: "6lain@example.org",
|
||||
password: "PlzDontHackLain",
|
||||
agreement: true
|
||||
})
|
||||
|
||||
assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"}
|
||||
end
|
||||
|
||||
test "returns bad_request if missing required params", %{
|
||||
conn: conn,
|
||||
valid_params: valid_params
|
||||
} do
|
||||
app_token = insert(:oauth_token, user: nil)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("authorization", "Bearer " <> app_token.token)
|
||||
|
||||
res = post(conn, "/api/v1/accounts", valid_params)
|
||||
assert json_response(res, 200)
|
||||
|
||||
[{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}]
|
||||
|> Stream.zip(valid_params)
|
||||
|> Enum.each(fn {ip, {attr, _}} ->
|
||||
res =
|
||||
conn
|
||||
|> Map.put(:remote_ip, ip)
|
||||
|> post("/api/v1/accounts", Map.delete(valid_params, attr))
|
||||
|> json_response(400)
|
||||
|
||||
assert res == %{"error" => "Missing parameters"}
|
||||
end)
|
||||
end
|
||||
|
||||
test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("authorization", "Bearer " <> "invalid-token")
|
||||
|
||||
res = post(conn, "/api/v1/accounts", valid_params)
|
||||
assert json_response(res, 403) == %{"error" => "Invalid credentials"}
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /api/v1/polls/:id" do
|
||||
test "returns poll entity for object id", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
|
|
Loading…
Reference in New Issue