mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2025-01-09 08:45:26 +00:00
Chat moderation: add tests for unauthorized access
This commit is contained in:
parent
e229536e5c
commit
dfb831ca39
3 changed files with 109 additions and 2 deletions
|
@ -1395,7 +1395,7 @@ Loads json generated from `config/descriptions.exs`.
|
|||
|
||||
### List the messages in a chat
|
||||
|
||||
- Params: None
|
||||
- Params: `max_id`, `min_id`
|
||||
|
||||
- Response:
|
||||
|
||||
|
|
|
@ -1528,6 +1528,35 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
|||
end
|
||||
end
|
||||
|
||||
describe "GET /api/pleroma/admin/users/:nickname/chats unauthorized" do
|
||||
setup do
|
||||
user = insert(:user)
|
||||
insert(:chat, user: user)
|
||||
%{conn: conn} = oauth_access(["read:chats"])
|
||||
%{conn: conn, user: user}
|
||||
end
|
||||
|
||||
test "returns 403", %{conn: conn, user: user} do
|
||||
conn
|
||||
|> get("/api/pleroma/admin/users/#{user.nickname}/chats")
|
||||
|> json_response(403)
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /api/pleroma/admin/users/:nickname/chats unauthenticated" do
|
||||
setup do
|
||||
user = insert(:user)
|
||||
insert(:chat, user: user)
|
||||
%{conn: build_conn(), user: user}
|
||||
end
|
||||
|
||||
test "returns 403", %{conn: conn, user: user} do
|
||||
conn
|
||||
|> get("/api/pleroma/admin/users/#{user.nickname}/chats")
|
||||
|> json_response(403)
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /api/pleroma/admin/moderation_log" do
|
||||
setup do
|
||||
moderator = insert(:user, is_moderator: true)
|
||||
|
|
|
@ -15,7 +15,7 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
|
|||
alias Pleroma.Repo
|
||||
alias Pleroma.Web.CommonAPI
|
||||
|
||||
setup do
|
||||
defp admin_setup do
|
||||
admin = insert(:user, is_admin: true)
|
||||
token = insert(:oauth_admin_token, user: admin)
|
||||
|
||||
|
@ -28,6 +28,8 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
|
|||
end
|
||||
|
||||
describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do
|
||||
setup do: admin_setup()
|
||||
|
||||
test "it deletes a message from the chat", %{conn: conn, admin: admin} do
|
||||
user = insert(:user)
|
||||
recipient = insert(:user)
|
||||
|
@ -59,6 +61,8 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
|
|||
end
|
||||
|
||||
describe "GET /api/pleroma/admin/chats/:id/messages" do
|
||||
setup do: admin_setup()
|
||||
|
||||
test "it paginates", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
recipient = insert(:user)
|
||||
|
@ -111,6 +115,8 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
|
|||
end
|
||||
|
||||
describe "GET /api/pleroma/admin/chats/:id" do
|
||||
setup do: admin_setup()
|
||||
|
||||
test "it returns a chat", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
other_user = insert(:user)
|
||||
|
@ -128,4 +134,76 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
|
|||
refute result["account"]
|
||||
end
|
||||
end
|
||||
|
||||
describe "unauthorized chat moderation" do
|
||||
setup do
|
||||
user = insert(:user)
|
||||
recipient = insert(:user)
|
||||
|
||||
{:ok, message} = CommonAPI.post_chat_message(user, recipient, "Yo")
|
||||
object = Object.normalize(message, false)
|
||||
chat = Chat.get(user.id, recipient.ap_id)
|
||||
cm_ref = MessageReference.for_chat_and_object(chat, object)
|
||||
|
||||
%{conn: conn} = oauth_access(["read:chats", "write:chats"])
|
||||
%{conn: conn, chat: chat, cm_ref: cm_ref}
|
||||
end
|
||||
|
||||
test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{conn: conn, chat: chat, cm_ref: cm_ref} do
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}")
|
||||
|> json_response(403)
|
||||
|
||||
assert MessageReference.get_by_id(cm_ref.id) == cm_ref
|
||||
end
|
||||
|
||||
test "GET /api/pleroma/admin/chats/:id/messages", %{conn: conn, chat: chat} do
|
||||
conn
|
||||
|> get("/api/pleroma/admin/chats/#{chat.id}/messages")
|
||||
|> json_response(403)
|
||||
end
|
||||
|
||||
test "GET /api/pleroma/admin/chats/:id", %{conn: conn, chat: chat} do
|
||||
conn
|
||||
|> get("/api/pleroma/admin/chats/#{chat.id}")
|
||||
|> json_response(403)
|
||||
end
|
||||
end
|
||||
|
||||
describe "unauthenticated chat moderation" do
|
||||
setup do
|
||||
user = insert(:user)
|
||||
recipient = insert(:user)
|
||||
|
||||
{:ok, message} = CommonAPI.post_chat_message(user, recipient, "Yo")
|
||||
object = Object.normalize(message, false)
|
||||
chat = Chat.get(user.id, recipient.ap_id)
|
||||
cm_ref = MessageReference.for_chat_and_object(chat, object)
|
||||
|
||||
%{conn: build_conn(), chat: chat, cm_ref: cm_ref}
|
||||
end
|
||||
|
||||
test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{conn: conn, chat: chat, cm_ref: cm_ref} do
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}")
|
||||
|> json_response(403)
|
||||
|
||||
assert MessageReference.get_by_id(cm_ref.id) == cm_ref
|
||||
end
|
||||
|
||||
test "GET /api/pleroma/admin/chats/:id/messages", %{conn: conn, chat: chat} do
|
||||
conn
|
||||
|> get("/api/pleroma/admin/chats/#{chat.id}/messages")
|
||||
|> json_response(403)
|
||||
end
|
||||
|
||||
test "GET /api/pleroma/admin/chats/:id", %{conn: conn, chat: chat} do
|
||||
conn
|
||||
|> get("/api/pleroma/admin/chats/#{chat.id}")
|
||||
|> json_response(403)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue