ChatController: Use OAuth scopes.

2020-04-17 13:04:46 +02:00 · 2020-04-17 13:04:46 +02:00 · d45ae64858
parent f8c3ae7a62
commit d45ae64858
2 changed files with 36 additions and 23 deletions
--- a/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex
@ -8,6 +8,7 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
  alias Pleroma.Object
  alias Pleroma.Repo
  alias Pleroma.User
+  alias Pleroma.Plugs.OAuthScopesPlug
  alias Pleroma.Web.CommonAPI
  alias Pleroma.Web.PleromaAPI.ChatView
  alias Pleroma.Web.PleromaAPI.ChatMessageView
@ -16,10 +17,18 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
  import Ecto.Query

  # TODO
-  # - Oauth stuff
-  # - Views / Representers
  # - Error handling

+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["write:statuses"]} when action in [:post_chat_message, :create]
+  )
+
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["read:statuses"]} when action in [:messages, :index]
+  )
+
  defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.ChatOperation

  def post_chat_message(%{assigns: %{user: %{id: user_id} = user}} = conn, %{
@ -62,6 +71,11 @@ def messages(%{assigns: %{user: %{id: user_id} = user}} = conn, %{"id" => id} =
      conn
      |> put_view(ChatMessageView)
      |> render("index.json", for: user, objects: messages, chat: chat)
+    else
+      _ ->
+        conn
+        |> put_status(:not_found)
+        |> json(%{error: "not found"})
    end
  end

--- a/test/web/pleroma_api/controllers/chat_controller_test.exs
+++ b/test/web/pleroma_api/controllers/chat_controller_test.exs
@ -10,15 +10,15 @@ defmodule Pleroma.Web.PleromaAPI.ChatControllerTest do
  import Pleroma.Factory

  describe "POST /api/v1/pleroma/chats/:id/messages" do
-    test "it posts a message to the chat", %{conn: conn} do
-      user = insert(:user)
+    setup do: oauth_access(["write:statuses"])
+
+    test "it posts a message to the chat", %{conn: conn, user: user} do
      other_user = insert(:user)

      {:ok, chat} = Chat.get_or_create(user.id, other_user.ap_id)

      result =
        conn
-        |> assign(:user, user)
        |> post("/api/v1/pleroma/chats/#{chat.id}/messages", %{"content" => "Hallo!!"})
        |> json_response(200)

@ -28,8 +28,9 @@ test "it posts a message to the chat", %{conn: conn} do
  end

  describe "GET /api/v1/pleroma/chats/:id/messages" do
-    test "it paginates", %{conn: conn} do
-      user = insert(:user)
+    setup do: oauth_access(["read:statuses"])
+
+    test "it paginates", %{conn: conn, user: user} do
      recipient = insert(:user)

      Enum.each(1..30, fn _ ->
@ -40,7 +41,6 @@ test "it paginates", %{conn: conn} do

      result =
        conn
-        |> assign(:user, user)
        |> get("/api/v1/pleroma/chats/#{chat.id}/messages")
        |> json_response(200)

@ -48,17 +48,13 @@ test "it paginates", %{conn: conn} do

      result =
        conn
-        |> assign(:user, user)
        |> get("/api/v1/pleroma/chats/#{chat.id}/messages", %{"max_id" => List.last(result)["id"]})
        |> json_response(200)

      assert length(result) == 10
    end

-    # TODO
-    # - Test the case where it's not the user's chat
-    test "it returns the messages for a given chat", %{conn: conn} do
-      user = insert(:user)
+    test "it returns the messages for a given chat", %{conn: conn, user: user} do
      other_user = insert(:user)
      third_user = insert(:user)

@ -71,7 +67,6 @@ test "it returns the messages for a given chat", %{conn: conn} do

      result =
        conn
-        |> assign(:user, user)
        |> get("/api/v1/pleroma/chats/#{chat.id}/messages")
        |> json_response(200)

@ -81,17 +76,25 @@ test "it returns the messages for a given chat", %{conn: conn} do
      end)

      assert length(result) == 3
+
+      # Trying to get the chat of a different user
+      result =
+        conn
+        |> assign(:user, other_user)
+        |> get("/api/v1/pleroma/chats/#{chat.id}/messages")
+
+      assert result |> json_response(404)
    end
  end

  describe "POST /api/v1/pleroma/chats/by-ap-id/:id" do
+    setup do: oauth_access(["write:statuses"])
+
    test "it creates or returns a chat", %{conn: conn} do
-      user = insert(:user)
      other_user = insert(:user)

      result =
        conn
-        |> assign(:user, user)
        |> post("/api/v1/pleroma/chats/by-ap-id/#{URI.encode_www_form(other_user.ap_id)}")
        |> json_response(200)

@ -100,9 +103,9 @@ test "it creates or returns a chat", %{conn: conn} do
  end

  describe "GET /api/v1/pleroma/chats" do
-    test "it paginates", %{conn: conn} do
-      user = insert(:user)
+    setup do: oauth_access(["read:statuses"])

+    test "it paginates", %{conn: conn, user: user} do
      Enum.each(1..30, fn _ ->
        recipient = insert(:user)
        {:ok, _} = Chat.get_or_create(user.id, recipient.ap_id)
@ -110,7 +113,6 @@ test "it paginates", %{conn: conn} do

      result =
        conn
-        |> assign(:user, user)
        |> get("/api/v1/pleroma/chats")
        |> json_response(200)

@ -118,7 +120,6 @@ test "it paginates", %{conn: conn} do

      result =
        conn
-        |> assign(:user, user)
        |> get("/api/v1/pleroma/chats", %{max_id: List.last(result)["id"]})
        |> json_response(200)

@ -126,8 +127,7 @@ test "it paginates", %{conn: conn} do
    end

    test "it return a list of chats the current user is participating in, in descending order of updates",
-         %{conn: conn} do
-      user = insert(:user)
+         %{conn: conn, user: user} do
      har = insert(:user)
      jafnhar = insert(:user)
      tridi = insert(:user)
@ -144,7 +144,6 @@ test "it return a list of chats the current user is participating in, in descend

      result =
        conn
-        |> assign(:user, user)
        |> get("/api/v1/pleroma/chats")
        |> json_response(200)