hamlab/mobilizon-frontend
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Introduce authorizations with Rajska

Browse Source 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel
2023-03-17 18:10:59 +01:00
parent b6875f6a4b
commit 8984bd7636
95 changed files with 4560 additions and 1505 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
test/graphql/resolvers/activity_test.exs
View File

@@ -125,7 +125,8 @@ defmodule Mobilizon.GraphQL.Resolvers.ActivityTest do
variables: %{preferredUsername: preferred_username}
)
assert hd(res["errors"])["message"] == "unauthenticated"
assert "Not authorized to access object paginated_activity_list" ==
hd(res["errors"])["message"]
end
test "without being a member", %{

107
test/graphql/resolvers/admin_test.exs
View File

@@ -12,6 +12,29 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
alias Mobilizon.GraphQL.{AbsintheHelpers, API}
describe "Resolver: List the action logs" do
@action_logs_query """
query ActionLogs {
actionLogs {
total
elements {
action,
actor {
preferredUsername
},
object {
... on Report {
id,
status
},
... on ReportNote {
content
}
}
}
}
}
"""
@note_content "This a note on a report"
test "list_action_logs/3 list action logs", %{conn: conn} do
%User{} = user_moderator = insert(:user, role: :moderator)
@@ -26,48 +49,22 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
{:ok, %Note{} = note} = API.Reports.create_report_note(report, moderator_2, @note_content)
API.Reports.delete_report_note(note, moderator_2)
res = AbsintheHelpers.graphql_query(conn, query: @action_logs_query)
query = """
{
actionLogs {
total
elements {
action,
actor {
preferredUsername
},
object {
... on Report {
id,
status
},
... on ReportNote {
content
}
}
}
}
}
"""
res =
conn
|> get("/api", AbsintheHelpers.query_skeleton(query, "actionLogs"))
assert json_response(res, 200)["errors"] |> hd |> Map.get("message") ==
"You need to be logged-in and a moderator to list action logs"
assert res["errors"] |> hd |> Map.get("message") ==
"You need to be logged in"
res =
conn
|> auth_conn(user_moderator)
|> get("/api", AbsintheHelpers.query_skeleton(query, "actionLogs"))
|> AbsintheHelpers.graphql_query(query: @action_logs_query)
assert json_response(res, 200)["errors"] == nil
assert is_nil(res["errors"])
assert json_response(res, 200)["data"]["actionLogs"]["total"] == 3
assert json_response(res, 200)["data"]["actionLogs"]["elements"] |> length == 3
assert res["data"]["actionLogs"]["total"] == 3
assert res["data"]["actionLogs"]["elements"] |> length == 3
assert json_response(res, 200)["data"]["actionLogs"]["elements"] == [
assert res["data"]["actionLogs"]["elements"] == [
%{
"action" => "NOTE_DELETION",
"actor" => %{"preferredUsername" => moderator_2.preferred_username},
@@ -88,13 +85,8 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
end
describe "Resolver: Get the dashboard statistics" do
test "get_dashboard/3 gets dashboard information", %{conn: conn} do
%Event{title: title} = insert(:event)
%User{} = user_admin = insert(:user, role: :administrator)
query = """
{
@dashbord_information_query """
query Dashboard {
dashboard {
lastPublicEventPublished {
title
@@ -105,24 +97,25 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
numberOfReports
}
}
"""
"""
res =
conn
|> get("/api", AbsintheHelpers.query_skeleton(query, "actionLogs"))
test "get_dashboard/3 gets dashboard information", %{conn: conn} do
%Event{title: title} = insert(:event)
assert json_response(res, 200)["errors"] |> hd |> Map.get("message") ==
"You need to be logged-in and an administrator to access dashboard statistics"
%User{} = user_admin = insert(:user, role: :administrator)
res = AbsintheHelpers.graphql_query(conn, query: @dashbord_information_query)
assert res["errors"] |> hd |> Map.get("message") == "You need to be logged in"
res =
conn
|> auth_conn(user_admin)
|> get("/api", AbsintheHelpers.query_skeleton(query, "actionLogs"))
|> AbsintheHelpers.graphql_query(query: @dashbord_information_query)
assert json_response(res, 200)["errors"] == nil
assert is_nil(res["errors"])
assert json_response(res, 200)["data"]["dashboard"]["lastPublicEventPublished"]["title"] ==
title
assert title == res["data"]["dashboard"]["lastPublicEventPublished"]["title"]
end
end
@@ -175,7 +168,6 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
|> AbsintheHelpers.graphql_query(query: @relay_followers_query)
assert hd(res["errors"])["message"] == "You need to be logged in"
assert hd(res["errors"])["status_code"] == 401
end
test "test list_relay_followers/3 returns nothing when not an admin", %{conn: conn} do
@@ -200,7 +192,6 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
|> AbsintheHelpers.graphql_query(query: @relay_followers_query)
assert hd(res["errors"])["message"] == "You don't have permission to do this"
assert hd(res["errors"])["status_code"] == 403
res =
conn
@@ -208,7 +199,6 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
|> AbsintheHelpers.graphql_query(query: @relay_followers_query)
assert hd(res["errors"])["message"] == "You don't have permission to do this"
assert hd(res["errors"])["status_code"] == 403
end
test "test list_relay_followers/3 returns relay followers", %{conn: conn} do
@@ -258,7 +248,6 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
|> AbsintheHelpers.graphql_query(query: @relay_followings_query)
assert hd(res["errors"])["message"] == "You need to be logged in"
assert hd(res["errors"])["status_code"] == 401
end
test "test list_relay_followings/3 returns nothing when not an admin", %{conn: conn} do
@@ -284,7 +273,6 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
|> AbsintheHelpers.graphql_query(query: @relay_followings_query)
assert hd(res["errors"])["message"] == "You don't have permission to do this"
assert hd(res["errors"])["status_code"] == 403
res =
conn
@@ -292,7 +280,6 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
|> AbsintheHelpers.graphql_query(query: @relay_followings_query)
assert hd(res["errors"])["message"] == "You don't have permission to do this"
assert hd(res["errors"])["status_code"] == 403
end
test "test list_relay_followings/3 returns relay followings", %{conn: conn} do
@@ -403,7 +390,7 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
|> AbsintheHelpers.graphql_query(query: @admin_settings_query)
assert hd(res["errors"])["message"] ==
"You need to be logged-in and an administrator to access admin settings"
"You don't have permission to do this"
end
end
@@ -490,7 +477,7 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
)
assert hd(res["errors"])["message"] ==
"You need to be logged-in and an administrator to save admin settings"
"You don't have permission to do this"
end
end
@@ -524,7 +511,7 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
)
assert hd(res["errors"])["message"] ==
"You need to be logged-in and an administrator to edit an user's details"
"You don't have permission to do this"
end
test "when putting same email", %{conn: conn, user: user, admin: admin} do

533
test/graphql/resolvers/application_test.exs Normal file
View File

@@ -0,0 +1,533 @@
defmodule Mobilizon.GraphQL.Resolvers.ApplicationTest do
use Mobilizon.Web.ConnCase
import Mobilizon.Factory
require Logger
alias Mobilizon.Applications.{Application, ApplicationDeviceActivation}
alias Mobilizon.GraphQL.AbsintheHelpers
@identities_query """
query LoggedUser {
loggedUser {
actors {
id
}
}
}
"""
describe "Authorize an application" do
@authorize_mutation """
mutation AuthorizeApplication(
$applicationClientId: String!
$redirectURI: String!
$state: String
$scope: String!
) {
authorizeApplication(
clientId: $applicationClientId
redirectURI: $redirectURI
state: $state
scope: $scope
) {
code
state
clientId
scope
}
}
"""
test "while being not logged-in", %{conn: conn} do
res =
conn
|> AbsintheHelpers.graphql_query(
query: @authorize_mutation,
variables: [
applicationClientId: "an invalid client_id",
redirectURI: "doesn't matter",
state: "hello",
scope: "read"
]
)
assert "You need to be logged in" = hd(res["errors"])["message"]
end
test "with incorrect client_id", %{conn: conn} do
user = insert(:user)
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @authorize_mutation,
variables: [
applicationClientId: "an invalid client_id",
redirectURI: "doesn't matter",
state: "hello",
scope: "read"
]
)
assert "No application with this client_id was found" = hd(res["errors"])["message"]
end
test "with incorrect redirect_uri", %{conn: conn} do
user = insert(:user)
app = insert(:auth_application)
client_id = app.client_id
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @authorize_mutation,
variables: [
applicationClientId: client_id,
redirectURI: "something not in app's redirect URIs",
state: "hello",
scope: "read"
]
)
assert "The given redirect_uri is not in the list of allowed redirect URIs" =
hd(res["errors"])["message"]
end
test "with correct params", %{conn: conn} do
user = insert(:user)
app = insert(:auth_application)
client_id = app.client_id
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @authorize_mutation,
variables: [
applicationClientId: client_id,
redirectURI: hd(app.redirect_uris),
state: "hello",
scope: "read"
]
)
assert %{
"scope" => "read",
"state" => "hello",
"clientId" => ^client_id,
"code" => _code
} = res["data"]["authorizeApplication"]
end
end
describe "Revoke an application token" do
@revoke_mutation """
mutation RevokeApplicationToken($appTokenId: String!) {
revokeApplicationToken(appTokenId: $appTokenId) {
id
}
}
"""
test "while not authenticated", %{conn: conn} do
res =
conn
|> AbsintheHelpers.graphql_query(
query: @revoke_mutation,
variables: [
appTokenId: "not an actual token ID"
]
)
assert "You need to be logged in" = hd(res["errors"])["message"]
end
test "with an invalid token", %{conn: conn} do
user = insert(:user)
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @revoke_mutation,
variables: [
appTokenId: "5846"
]
)
assert "Application token not found" == hd(res["errors"])["message"]
end
test "with valid token", %{conn: conn} do
user = insert(:user)
app_token = insert(:auth_application_token, user: user)
app_token_id = to_string(app_token.id)
authed_conn = auth_conn(conn, app_token)
res = AbsintheHelpers.graphql_query(authed_conn, query: @identities_query)
assert res["errors"] == nil
assert res["data"]["loggedUser"]["actors"]
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @revoke_mutation,
variables: [
appTokenId: app_token_id
]
)
assert app_token_id == res["data"]["revokeApplicationToken"]["id"]
# Asserting the token can't be used anymore
res = AbsintheHelpers.graphql_query(authed_conn, query: @identities_query)
assert "You need to be logged in" == hd(res["errors"])["message"]
end
end
describe "Get an application" do
@application_query """
query AuthApplication($clientId: String!) {
authApplication(clientId: $clientId) {
id
clientId
name
website
}
}
"""
test "while not authenticated", %{conn: conn} do
res =
conn
|> AbsintheHelpers.graphql_query(
query: @application_query,
variables: [
clientId: "not an actual client ID"
]
)
assert "You need to be logged in" = hd(res["errors"])["message"]
end
test "with incorrect client_id", %{conn: conn} do
user = insert(:user)
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @application_query,
variables: [
clientId: "nonsense"
]
)
assert "Application not found" = hd(res["errors"])["message"]
end
test "with valid client_id", %{conn: conn} do
user = insert(:user)
%Application{id: app_id, client_id: app_client_id, name: app_name, website: app_website} =
insert(:auth_application)
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @application_query,
variables: [
clientId: app_client_id
]
)
assert is_nil(res["errors"])
app_id = to_string(app_id)
assert %{
"id" => ^app_id,
"clientId" => ^app_client_id,
"name" => ^app_name,
"website" => ^app_website
} = res["data"]["authApplication"]
end
end
describe "Get user applications" do
@user_apps_query """
query AuthAuthorizedApplications {
loggedUser {
id
authAuthorizedApplications {
id
application {
name
website
}
lastUsedAt
insertedAt
}
}
}
"""
test "without being logged in", %{conn: conn} do
res =
conn
|> AbsintheHelpers.graphql_query(query: @user_apps_query)
assert "You need to be logged in" = hd(res["errors"])["message"]
end
test "with an app token", %{conn: conn} do
user = insert(:user)
app_token = insert(:auth_application_token, user: user)
insert(:auth_application_token, user: user, status: :success, authorization_code: nil)
insert(:auth_application_token, user: user, status: :success, authorization_code: nil)
res =
conn
|> auth_conn(app_token)
|> AbsintheHelpers.graphql_query(query: @user_apps_query)
assert is_nil(res["data"]["loggedUser"]["authAuthorizedApplications"])
refute is_nil(res["data"]["loggedUser"]["id"])
assert hd(res["errors"])["message"] =~ "Not authorized to access field"
assert hd(res["errors"])["path"] == ["loggedUser", "authAuthorizedApplications"]
end
test "with authorized applications", %{conn: conn} do
user = insert(:user)
app_token_1 =
insert(:auth_application_token, user: user, status: :success, authorization_code: nil)
app_token_2 =
insert(:auth_application_token, user: user, status: :success, authorization_code: nil)
# Someone else's app token
app_token_3 = insert(:auth_application_token, status: :success, authorization_code: nil)
# An app token not activated
app_token_4 = insert(:auth_application_token, user: user)
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(query: @user_apps_query)
assert is_nil(res["errors"])
assert 2 = length(res["data"]["loggedUser"]["authAuthorizedApplications"])
found_app_token_ids =
res["data"]["loggedUser"]["authAuthorizedApplications"]
|> Enum.map(&String.to_integer(&1["id"]))
|> MapSet.new()
assert MapSet.subset?(MapSet.new([app_token_1.id, app_token_2.id]), found_app_token_ids)
refute MapSet.member?(found_app_token_ids, app_token_3.id)
refute MapSet.member?(found_app_token_ids, app_token_4.id)
end
end
describe "Device activation" do
@device_activation_mutation """
mutation DeviceActivation($userCode: String!) {
deviceActivation(userCode: $userCode) {
id
application {
id
clientId
name
website
}
scope
}
}
"""
test "without being logged-in", %{conn: conn} do
res =
conn
|> AbsintheHelpers.graphql_query(
query: @device_activation_mutation,
variables: [userCode: "hi"]
)
assert "You need to be logged in" = hd(res["errors"])["message"]
end
test "with a bad code", %{conn: conn} do
user = insert(:user)
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @device_activation_mutation,
variables: [userCode: "hi"]
)
assert "The given user code is invalid" = hd(res["errors"])["message"]
end
test "with an expired code", %{conn: conn} do
user = insert(:user)
auth_application_device_activation =
insert(:auth_application_device_activation, user: user, expires_in: -100)
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @device_activation_mutation,
variables: [userCode: auth_application_device_activation.user_code]
)
assert "The given user code has expired" = hd(res["errors"])["message"]
end
test "with a valid code", %{conn: conn} do
user = insert(:user)
auth_application_device_activation = insert(:auth_application_device_activation, user: nil)
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @device_activation_mutation,
variables: [userCode: auth_application_device_activation.user_code]
)
assert is_nil(res["errors"])
assert res["data"]["deviceActivation"]["application"]["id"] ==
to_string(auth_application_device_activation.application.id)
end
end
describe "Device authorization" do
@device_authorization_mutation """
mutation AuthorizeDeviceApplication(
$applicationClientId: String!
$userCode: String!
) {
authorizeDeviceApplication(
clientId: $applicationClientId
userCode: $userCode
) {
clientId
scope
}
}
"""
test "without being logged in", %{conn: conn} do
res =
conn
|> AbsintheHelpers.graphql_query(
query: @device_authorization_mutation,
variables: [applicationClientId: "something", userCode: "wrong"]
)
assert "You need to be logged in" = hd(res["errors"])["message"]
end
test "with a bad code", %{conn: conn} do
user = insert(:user)
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @device_authorization_mutation,
variables: [applicationClientId: "something", userCode: "wrong"]
)
assert "The given user code is invalid" = hd(res["errors"])["message"]
end
test "with some code that isn't approved", %{conn: conn} do
user = insert(:user)
auth_application_device_activation =
insert(:auth_application_device_activation, user: user, status: :pending)
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @device_authorization_mutation,
variables: [
applicationClientId: auth_application_device_activation.application.client_id,
userCode: auth_application_device_activation.user_code
]
)
assert "The device user code was not provided before approving the application" =
hd(res["errors"])["message"]
end
test "with some expired code", %{conn: conn} do
user = insert(:user)
auth_application_device_activation =
insert(:auth_application_device_activation,
user: user,
status: :confirmed,
expires_in: -100
)
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @device_authorization_mutation,
variables: [
applicationClientId: auth_application_device_activation.application.client_id,
userCode: auth_application_device_activation.user_code
]
)
assert "The given user code has expired" = hd(res["errors"])["message"]
end
test "with a valid code", %{conn: conn} do
user = insert(:user)
%ApplicationDeviceActivation{
application: %Application{client_id: client_id},
user_code: user_code
} = insert(:auth_application_device_activation, user: user, status: :confirmed)
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @device_authorization_mutation,
variables: [
applicationClientId: client_id,
userCode: user_code
]
)
assert is_nil(res["errors"])
assert %{
"clientId" => ^client_id,
"scope" => _scope
} = res["data"]["authorizeDeviceApplication"]
end
end
end

13
test/graphql/resolvers/comment_test.exs
View File

@@ -99,7 +99,7 @@ defmodule Mobilizon.GraphQL.Resolvers.CommentTest do
)
assert hd(res["errors"])["message"] ==
"You are not allowed to create a comment if not connected"
"You need to be logged in"
end
test "create_comment/3 creates a reply to a comment", %{
@@ -166,7 +166,7 @@ defmodule Mobilizon.GraphQL.Resolvers.CommentTest do
)
assert hd(res["errors"])["message"] ==
"You are not allowed to delete a comment if not connected"
"You need to be logged in"
# Change the current actor for user
actor2 = insert(:actor, user: user)
@@ -218,10 +218,11 @@ defmodule Mobilizon.GraphQL.Resolvers.CommentTest do
variables: %{commentId: comment.id}
)
assert res["errors"] == nil
assert res["data"]["deleteComment"]["id"] == to_string(comment.id)
query = """
{
query ActionLogs {
actionLogs {
total
elements {
@@ -254,11 +255,11 @@ defmodule Mobilizon.GraphQL.Resolvers.CommentTest do
res =
conn
|> auth_conn(user_moderator)
|> get("/api", AbsintheHelpers.query_skeleton(query, "actionLogs"))
|> AbsintheHelpers.graphql_query(query: query)
refute json_response(res, 200)["errors"]
refute res["errors"]
assert hd(json_response(res, 200)["data"]["actionLogs"]["elements"]) == %{
assert hd(res["data"]["actionLogs"]["elements"]) == %{
"action" => "COMMENT_DELETION",
"actor" => %{"preferredUsername" => actor_moderator.preferred_username},
"object" => %{"text" => comment.text, "id" => to_string(comment.id)}

97
test/graphql/resolvers/event_test.exs
View File

@@ -1510,53 +1510,51 @@ defmodule Mobilizon.Web.Resolvers.EventTest do
end
describe "delete_event/3" do
@delete_event_mutation """
mutation DeleteEvent($eventId: ID!) {
deleteEvent(
eventId: $eventId
) {
id
}
}
"""
test "delete_event/3 deletes an event", %{conn: conn, user: user, actor: actor} do
event = insert(:event, organizer_actor: actor)
mutation = """
mutation {
deleteEvent(
event_id: #{event.id}
) {
id
}
}
"""
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @delete_event_mutation,
variables: [eventId: event.id]
)
assert res["errors"] == nil
assert res["data"]["deleteEvent"]["id"] == to_string(event.id)
res =
conn
|> auth_conn(user)
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
|> AbsintheHelpers.graphql_query(
query: @delete_event_mutation,
variables: [eventId: event.id]
)
assert json_response(res, 200)["errors"] == nil
assert json_response(res, 200)["data"]["deleteEvent"]["id"] == to_string(event.id)
res =
conn
|> auth_conn(user)
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
assert hd(json_response(res, 200)["errors"])["message"] =~ "not found"
assert hd(res["errors"])["message"] =~ "not found"
end
test "delete_event/3 should check the user is authenticated", %{conn: conn, actor: actor} do
event = insert(:event, organizer_actor: actor)
mutation = """
mutation {
deleteEvent(
event_id: #{event.id}
) {
id
}
}
"""
res =
conn
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
AbsintheHelpers.graphql_query(conn,
query: @delete_event_mutation,
variables: [eventId: event.id]
)
assert hd(json_response(res, 200)["errors"])["message"] =~ "logged-in"
assert hd(res["errors"])["message"] =~ "logged in"
end
test "delete_event/3 should check the event can be deleted by the user", %{
@@ -1567,22 +1565,15 @@ defmodule Mobilizon.Web.Resolvers.EventTest do
actor2 = insert(:actor)
event = insert(:event, organizer_actor: actor2)
mutation = """
mutation {
deleteEvent(
event_id: #{event.id}
) {
id
}
}
"""
res =
conn
|> auth_conn(user)
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
|> AbsintheHelpers.graphql_query(
query: @delete_event_mutation,
variables: [eventId: event.id]
)
assert hd(json_response(res, 200)["errors"])["message"] =~ "cannot delete"
assert hd(res["errors"])["message"] =~ "cannot delete"
end
test "delete_event/3 allows a event being deleted by a moderator and creates a entry in actionLogs",
@@ -1597,22 +1588,16 @@ defmodule Mobilizon.Web.Resolvers.EventTest do
actor2 = insert(:actor)
event = insert(:event, organizer_actor: actor2)
mutation = """
mutation {
deleteEvent(
event_id: #{event.id}
) {
id
}
}
"""
res =
conn
|> auth_conn(user_moderator)
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
|> AbsintheHelpers.graphql_query(
query: @delete_event_mutation,
variables: [eventId: event.id]
)
assert json_response(res, 200)["data"]["deleteEvent"]["id"] == to_string(event.id)
assert res["errors"] == nil
assert res["data"]["deleteEvent"]["id"] == to_string(event.id)
query = """
{

176
test/graphql/resolvers/feed_token_test.exs
View File

@@ -13,124 +13,115 @@ defmodule Mobilizon.GraphQL.Resolvers.FeedTokenTest do
{:ok, conn: conn, actor: actor, user: user}
end
@user_feed_tokens_query """
query LoggedUserFeedTokens {
loggedUser {
feedTokens {
token
}
}
}
"""
@logged_person_feed_tokens_query """
query LoggedPersonFeedTokens {
loggedPerson {
feedTokens {
token
}
}
}
"""
describe "Feed Token Resolver" do
test "create_feed_token/3 should create a feed token", %{conn: conn, user: user} do
actor2 = insert(:actor, user: user)
mutation = """
mutation {
createFeedToken(
actor_id: #{actor2.id},
) {
token,
actor {
id
},
user {
id
}
}
}
"""
res =
conn
|> auth_conn(user)
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
assert json_response(res, 200)["errors"] == nil
token = json_response(res, 200)["data"]["createFeedToken"]["token"]
assert is_binary(token)
# TODO: Investigate why user id is a string when actor id is a number
assert json_response(res, 200)["data"]["createFeedToken"]["user"]["id"] ==
to_string(user.id)
assert json_response(res, 200)["data"]["createFeedToken"]["actor"]["id"] ==
to_string(actor2.id)
# The token is present for the user
query = """
{
loggedUser {
feedTokens {
token
@create_feed_token_for_actor_mutation """
mutation CreatePersonFeedToken($actorId: ID!) {
createFeedToken(actorId: $actorId) {
token
actor {
id
}
user {
id
}
}
}
"""
"""
@create_feed_token_for_user_mutation """
mutation CreateFeedToken {
createFeedToken {
token
user {
id
}
}
}
"""
test "create_feed_token/3 should create a feed token", %{conn: conn, user: user} do
actor2 = insert(:actor, user: user)
res =
conn
|> auth_conn(user)
|> get("/api", AbsintheHelpers.query_skeleton(query, "loggedUser"))
|> AbsintheHelpers.graphql_query(
query: @create_feed_token_for_actor_mutation,
variables: [actorId: actor2.id]
)
assert json_response(res, 200)["data"]["loggedUser"] ==
assert res["errors"] == nil
token = res["data"]["createFeedToken"]["token"]
assert is_binary(token)
assert res["data"]["createFeedToken"]["user"]["id"] ==
to_string(user.id)
assert res["data"]["createFeedToken"]["actor"]["id"] ==
to_string(actor2.id)
# The token is present for the user
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(query: @user_feed_tokens_query)
assert res["data"]["loggedUser"] ==
%{
"feedTokens" => [%{"token" => token}]
}
# But not for this identity
query = """
{
loggedPerson {
feedTokens {
token
}
}
}
"""
res =
conn
|> auth_conn(user)
|> get("/api", AbsintheHelpers.query_skeleton(query, "loggedPerson"))
|> AbsintheHelpers.graphql_query(query: @logged_person_feed_tokens_query)
assert json_response(res, 200)["data"]["loggedPerson"] ==
assert res["data"]["loggedPerson"] ==
%{
"feedTokens" => []
}
mutation = """
mutation {
createFeedToken {
token,
user {
id
}
}
}
"""
res =
conn
|> auth_conn(user)
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
|> AbsintheHelpers.graphql_query(query: @create_feed_token_for_user_mutation)
assert json_response(res, 200)["errors"] == nil
token2 = json_response(res, 200)["data"]["createFeedToken"]["token"]
assert res["errors"] == nil
token2 = res["data"]["createFeedToken"]["token"]
assert is_binary(token2)
assert is_nil(json_response(res, 200)["data"]["createFeedToken"]["actor"])
assert is_nil(res["data"]["createFeedToken"]["actor"])
assert json_response(res, 200)["data"]["createFeedToken"]["user"]["id"] ==
assert res["data"]["createFeedToken"]["user"]["id"] ==
to_string(user.id)
# The token is present for the user
query = """
{
loggedUser {
feedTokens {
token
}
}
}
"""
res =
conn
|> auth_conn(user)
|> get("/api", AbsintheHelpers.query_skeleton(query, "loggedUser"))
|> AbsintheHelpers.graphql_query(query: @user_feed_tokens_query)
assert json_response(res, 200)["data"]["loggedUser"] ==
assert res["data"]["loggedUser"] ==
%{
"feedTokens" => [%{"token" => token}, %{"token" => token2}]
}
@@ -142,22 +133,15 @@ defmodule Mobilizon.GraphQL.Resolvers.FeedTokenTest do
} do
actor = insert(:actor)
mutation = """
mutation {
createFeedToken(
actor_id: #{actor.id}
) {
token
}
}
"""
res =
conn
|> auth_conn(user)
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
|> AbsintheHelpers.graphql_query(
query: @create_feed_token_for_actor_mutation,
variables: [actorId: actor.id]
)
assert hd(json_response(res, 200)["errors"])["message"] =~ "not owned"
assert hd(res["errors"])["message"] =~ "not owned"
end
test "delete_feed_token/3 should delete a feed token", %{
@@ -257,7 +241,7 @@ defmodule Mobilizon.GraphQL.Resolvers.FeedTokenTest do
conn
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
assert hd(json_response(res, 200)["errors"])["message"] =~ "if not connected"
assert "You need to be logged in" == hd(json_response(res, 200)["errors"])["message"]
end
test "delete_feed_token/3 should check the correct user is logged in", %{

5
test/graphql/resolvers/follower_test.exs
View File

@@ -70,9 +70,8 @@ defmodule Mobilizon.Web.Resolvers.FollowerTest do
variables: %{name: preferred_username}
)
assert res["errors"] == nil
assert res["data"]["group"]["followers"]["total"] == 1
assert res["data"]["group"]["followers"]["elements"] == []
assert hd(res["errors"])["message"] ==
"Not authorized to access object paginated_follower_list"
end
test "without being a member", %{

48
test/graphql/resolvers/group_test.exs
View File

@@ -107,7 +107,7 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
res = AbsintheHelpers.graphql_query(conn, query: @list_groups_query)
assert hd(res["errors"])["message"] == "You may not list groups unless moderator."
assert hd(res["errors"])["message"] == "You need to be logged in"
end
test "list_groups/3 doesn't return all groups if not a moderator", %{conn: conn} do
@@ -121,7 +121,7 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(query: @list_groups_query)
assert hd(res["errors"])["message"] == "You may not list groups unless moderator."
assert hd(res["errors"])["message"] == "You don't have permission to do this"
end
test "list_groups/3 returns all groups if a moderator", %{conn: conn} do
@@ -146,6 +146,14 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
describe "find a group" do
@group_query """
query Group($preferredUsername: String!) {
group(preferredUsername: $preferredUsername) {
preferredUsername
}
}
"""
@group_with_member_query """
query Group($preferredUsername: String!) {
group(preferredUsername: $preferredUsername) {
preferredUsername,
@@ -173,19 +181,14 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
res =
conn
|> AbsintheHelpers.graphql_query(
query: @group_query,
query: @group_with_member_query,
variables: %{
preferredUsername: group.preferred_username
}
)
assert res["errors"] == nil
assert res["data"]["group"]["preferredUsername"] ==
group.preferred_username
assert res["data"]["group"]["members"]["total"] == 2
assert res["data"]["group"]["members"]["elements"] == []
assert hd(res["errors"])["message"] ==
"Not authorized to access object paginated_member_list"
# Login with non-member
res =
@@ -203,15 +206,12 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
assert res["data"]["group"]["preferredUsername"] ==
group.preferred_username
assert res["data"]["group"]["members"]["total"] == 2
assert res["data"]["group"]["members"]["elements"] == []
# Login with member
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @group_query,
query: @group_with_member_query,
variables: %{
preferredUsername: group.preferred_username,
actorId: actor.id
@@ -252,18 +252,14 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
res =
conn
|> AbsintheHelpers.graphql_query(
query: @group_query,
query: @group_with_member_query,
variables: %{
preferredUsername: group.preferred_username
}
)
assert res["errors"] == nil
assert res["data"]["group"]["preferredUsername"] ==
group.preferred_username
assert res["data"]["group"]["members"] == %{"elements" => [], "total" => 1}
assert hd(res["errors"])["message"] ==
"Not authorized to access object paginated_member_list"
end
end
@@ -334,7 +330,7 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
variables: %{id: group.id, name: @new_group_name}
)
assert hd(res["errors"])["message"] == "You need to be logged-in to update a group"
assert hd(res["errors"])["message"] == "You need to be logged in"
end
test "update_group/3 requires to be an admin of the group to update a group", %{
@@ -436,7 +432,7 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
variables: %{groupId: group.id}
)
assert hd(res["errors"])["message"] =~ "logged-in"
assert hd(res["errors"])["message"] == "You need to be logged in"
end
test "delete_group/3 should check the actor is owned by the user", %{
@@ -515,7 +511,7 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
variables: %{groupId: group.id}
)
assert hd(res["errors"])["message"] == "You need to be logged-in to follow a group"
assert hd(res["errors"])["message"] == "You need to be logged in"
end
test "when group doesn't exist", %{conn: conn, user: user} do
@@ -564,7 +560,7 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
variables: %{groupId: group.id}
)
assert hd(res["errors"])["message"] == "You need to be logged-in to unfollow a group"
assert hd(res["errors"])["message"] == "You need to be logged in"
end
test "when group doesn't exist", %{conn: conn, user: user} do
@@ -631,7 +627,7 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
variables: %{followId: follow.id}
)
assert hd(res["errors"])["message"] == "You need to be logged-in to update a group follow"
assert hd(res["errors"])["message"] == "You need to be logged in"
end
test "when follow doesn't exist", %{conn: conn, user: user} do

2
test/graphql/resolvers/media_test.exs
View File

@@ -434,7 +434,7 @@ defmodule Mobilizon.GraphQL.Resolvers.MediaTest do
variables: %{email: user.email}
)
assert is_nil(res["errors"])
assert res["errors"] == nil
assert hd(res["data"]["users"]["elements"])["mediaSize"] == 0
res = upload_media(conn, user)

6
test/graphql/resolvers/member_test.exs
View File

@@ -152,7 +152,7 @@ defmodule Mobilizon.GraphQL.Resolvers.MemberTest do
variables: %{groupId: group.id}
)
assert hd(res["errors"])["message"] =~ "logged-in"
assert hd(res["errors"])["message"] == "You need to be logged in"
end
test "leave_group/3 should check the group exists", %{
@@ -432,7 +432,7 @@ defmodule Mobilizon.GraphQL.Resolvers.MemberTest do
}
)
assert hd(res["errors"])["message"] == "You must be logged-in to update a member"
assert hd(res["errors"])["message"] == "You need to be logged in"
end
test "update_member/3 fails when not a member of the group", %{
@@ -575,7 +575,7 @@ defmodule Mobilizon.GraphQL.Resolvers.MemberTest do
}
)
assert hd(res["errors"])["message"] == "You must be logged-in to remove a member"
assert hd(res["errors"])["message"] == "You need to be logged in"
end
test "remove_member/3 fails when not a member of the group", %{

3
test/graphql/resolvers/person_test.exs
View File

@@ -29,6 +29,7 @@ defmodule Mobilizon.GraphQL.Resolvers.PersonTest do
}
"""
# TODO: Remove this
@fetch_identities_query """
{
identities {
@@ -824,7 +825,7 @@ defmodule Mobilizon.GraphQL.Resolvers.PersonTest do
)
assert hd(res["errors"])["message"] ==
"Only moderators and administrators can suspend a profile"
"You don't have permission to do this"
end
end
end

8
test/graphql/resolvers/report_test.exs
View File

@@ -165,7 +165,7 @@ defmodule Mobilizon.GraphQL.Resolvers.ReportTest do
)
assert res["errors"] |> hd |> Map.get("message") ==
"You need to be logged-in and a moderator to update a report"
"You need to be logged in"
end
test "update_report/3 without being a moderator doesn't update any report", %{conn: conn} do
@@ -181,7 +181,7 @@ defmodule Mobilizon.GraphQL.Resolvers.ReportTest do
)
assert res["errors"] |> hd |> Map.get("message") ==
"You need to be logged-in and a moderator to update a report"
"You don't have permission to do this"
end
end
@@ -209,7 +209,7 @@ defmodule Mobilizon.GraphQL.Resolvers.ReportTest do
res = AbsintheHelpers.graphql_query(conn, query: @reports_query)
assert hd(res["errors"])["message"] ==
"You need to be logged-in and a moderator to list reports"
"You need to be logged in"
res =
conn
@@ -296,7 +296,7 @@ defmodule Mobilizon.GraphQL.Resolvers.ReportTest do
|> get("/api", AbsintheHelpers.query_skeleton(query, "report"))
assert json_response(res, 200)["errors"] |> hd |> Map.get("message") ==
"You need to be logged-in and a moderator to view a report"
"You need to be logged in"
res =
conn

8
test/graphql/resolvers/resource_test.exs
View File

@@ -260,10 +260,8 @@ defmodule Mobilizon.GraphQL.Resolvers.ResourceTest do
}
)
assert is_nil(res["errors"])
assert res["data"]["group"]["resources"]["total"] == 0
assert res["data"]["group"]["resources"]["elements"] == []
assert hd(res["errors"])["message"] ==
"Not authorized to access object paginated_resource_list"
end
end
@@ -380,7 +378,7 @@ defmodule Mobilizon.GraphQL.Resolvers.ResourceTest do
}
)
assert hd(res["errors"])["message"] == "You need to be logged-in to access resources"
assert hd(res["errors"])["message"] == "You need to be logged in"
end
end

49
test/graphql/resolvers/search_test.exs
View File

@@ -239,21 +239,44 @@ defmodule Mobilizon.GraphQL.Resolvers.SearchTest do
}
"""
test "finds persons with basic search", %{
conn: conn,
user: user
test "without being logged-in", %{
conn: conn
} do
actor = insert(:actor, user: user, preferred_username: "test_person")
insert(:actor, type: :Group, preferred_username: "test_group")
event = insert(:event, title: "test_event")
Workers.BuildSearch.insert_search_event(event)
res =
AbsintheHelpers.graphql_query(conn,
query: @search_persons_query,
variables: %{term: "test"}
)
assert hd(res["errors"])["message"] == "You need to be logged in"
end
test "without being a moderator", %{
conn: conn,
user: user
} do
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(query: @search_persons_query, variables: %{term: "test"})
assert hd(res["errors"])["message"] == "You don't have permission to do this"
end
test "finds persons with basic search", %{
conn: conn
} do
user = insert(:user, role: :moderator)
actor = insert(:actor, preferred_username: "test_person")
insert(:actor, type: :Group, preferred_username: "test_group")
event = insert(:event, title: "test_event")
Workers.BuildSearch.insert_search_event(event)
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(query: @search_persons_query, variables: %{term: "test"})
assert res["errors"] == nil
assert res["data"]["searchPersons"]["total"] == 1
assert res["data"]["searchPersons"]["elements"] |> length == 1
@@ -263,10 +286,10 @@ defmodule Mobilizon.GraphQL.Resolvers.SearchTest do
end
test "finds persons with word search", %{
conn: conn,
user: user
conn: conn
} do
actor = insert(:actor, user: user, preferred_username: "person", name: "I like pineapples")
user = insert(:user, role: :moderator)
actor = insert(:actor, preferred_username: "person", name: "I like pineapples")
insert(:actor, preferred_username: "group", type: :Group, name: "pineapple group")
event1 = insert(:event, title: "Pineapple fashion week")
event2 = insert(:event, title: "I love pineAPPLE")
@@ -276,7 +299,9 @@ defmodule Mobilizon.GraphQL.Resolvers.SearchTest do
Workers.BuildSearch.insert_search_event(event3)
res =
AbsintheHelpers.graphql_query(conn,
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @search_persons_query,
variables: %{term: "pineapple"}
)

24
test/graphql/resolvers/tag_test.exs
View File

@@ -5,7 +5,12 @@ defmodule Mobilizon.GraphQL.Resolvers.TagTest do
alias Mobilizon.GraphQL.AbsintheHelpers
describe "Tag Resolver" do
setup do
user = insert(:user)
{:ok, user: user}
end
describe "list_tags/3" do
@tags_query """
query Tags($filter: String) {
tags(filter: $filter) {
@@ -21,7 +26,16 @@ defmodule Mobilizon.GraphQL.Resolvers.TagTest do
}
"""
test "list_tags/3 returns the list of tags", %{conn: conn} do
test "requires being logged-in", %{conn: conn, user: user} do
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(query: @tags_query)
assert res["errors"] == nil
end
test "returns the list of tags", %{conn: conn, user: user} do
tag1 = insert(:tag)
tag2 = insert(:tag)
tag3 = insert(:tag)
@@ -30,8 +44,10 @@ defmodule Mobilizon.GraphQL.Resolvers.TagTest do
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(query: @tags_query)
assert res["errors"] == nil
tags = res["data"]["tags"]
assert tags |> length == 3
@@ -46,15 +62,17 @@ defmodule Mobilizon.GraphQL.Resolvers.TagTest do
|> MapSet.new()
end
test "list_tags/3 returns tags for a filter", %{conn: conn} do
test "returns tags for a filter", %{conn: conn, user: user} do
tag1 = insert(:tag, title: "PineApple", slug: "pineapple")
tag2 = insert(:tag, title: "sexy pineapple", slug: "sexy-pineapple")
_tag3 = insert(:tag)
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(query: @tags_query, variables: %{filter: "apple"})
assert res["errors"] == nil
tags = res["data"]["tags"]
assert tags |> length == 2
assert [tag1.id, tag2.id] == tags |> Enum.map(&String.to_integer(&1["id"]))

78
test/graphql/resolvers/user_test.exs
View File

@@ -949,63 +949,57 @@ defmodule Mobilizon.GraphQL.Resolvers.UserTest do
end
describe "Resolver: Refresh a token" do
test "test refresh_token/3 with a bad token", context do
mutation = """
mutation {
refreshToken(
refreshToken: "bad_token"
) {
accessToken
}
}
"""
@refresh_token_mutation """
mutation RefreshToken($refreshToken: String!) {
refreshToken(
refreshToken: $refreshToken
) {
accessToken
}
}
"""
@logged_person_query """
query LoggedPerson {
loggedPerson {
preferredUsername,
}
}
"""
test "test refresh_token/3 with a bad token", %{conn: conn} do
res =
context.conn
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
AbsintheHelpers.graphql_query(conn,
query: @refresh_token_mutation,
variables: [refreshToken: "bad_token"]
)
assert hd(json_response(res, 200)["errors"])["message"] ==
assert hd(res["errors"])["message"] ==
"Cannot refresh the token"
end
test "test refresh_token/3 with an appropriate token", context do
test "test refresh_token/3 with an appropriate token", %{conn: conn} do
user = insert(:user)
insert(:actor, user: user)
{:ok, refresh_token} = Authenticator.generate_refresh_token(user)
mutation = """
mutation {
refreshToken(
refreshToken: "#{refresh_token}"
) {
accessToken
}
}
"""
res =
context.conn
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
AbsintheHelpers.graphql_query(conn,
query: @refresh_token_mutation,
variables: [refreshToken: refresh_token]
)
assert json_response(res, 200)["errors"] == nil
assert res["errors"] == nil
access_token = json_response(res, 200)["data"]["refreshToken"]["accessToken"]
access_token = res["data"]["refreshToken"]["accessToken"]
assert String.length(access_token) > 10
query = """
{
loggedPerson {
preferredUsername,
}
}
"""
res =
context.conn
conn
|> Plug.Conn.put_req_header("authorization", "Bearer #{access_token}")
|> post("/api", AbsintheHelpers.query_skeleton(query, "logged_person"))
|> AbsintheHelpers.graphql_query(query: @logged_person_query)
assert json_response(res, 200)["errors"] == nil
assert res["errors"] == nil
end
end
@@ -1246,7 +1240,7 @@ defmodule Mobilizon.GraphQL.Resolvers.UserTest do
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
assert hd(json_response(res, 200)["errors"])["message"] ==
"You need to be logged-in to change your password"
"You need to be logged in"
end
end
@@ -1443,7 +1437,7 @@ defmodule Mobilizon.GraphQL.Resolvers.UserTest do
)
assert hd(res["errors"])["message"] ==
"You need to be logged-in to change your email"
"You need to be logged in"
end
end
@@ -1566,7 +1560,7 @@ defmodule Mobilizon.GraphQL.Resolvers.UserTest do
)
assert hd(res["errors"])["message"] ==
"You need to be logged-in to delete your account"
"You need to be logged in"
end
end
end