pleroma/test/pleroma/web/mastodon_api/controllers/app_controller_test.exs

# Pleroma: A lightweight social networking server
# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.MastodonAPI.AppControllerTest do
  use Pleroma.Web.ConnCase, async: true

  alias Pleroma.Repo
  alias Pleroma.Web.OAuth.App
  alias Pleroma.Web.Push

  import Pleroma.Factory

  test "apps/verify_credentials", %{conn: conn} do
    user_bound_token = insert(:oauth_token)
    app_bound_token = insert(:oauth_token, user: nil)
    refute app_bound_token.user

    for token <- [app_bound_token, user_bound_token] do
      conn =
        conn
        |> put_req_header("authorization", "Bearer #{token.token}")
        |> get("/api/v1/apps/verify_credentials")

      app = Repo.preload(token, :app).app

      expected = %{
        "name" => app.client_name,
        "website" => app.website,
        "vapid_key" => Push.vapid_config() |> Keyword.get(:public_key)
      }

      assert expected == json_response_and_validate_schema(conn, 200)
    end
  end

  test "creates an oauth app", %{conn: conn} do
    app_attrs = build(:oauth_app)

    conn =
      conn
      |> put_req_header("content-type", "application/json")
      |> post("/api/v1/apps", %{
        client_name: app_attrs.client_name,
        redirect_uris: app_attrs.redirect_uris
      })

    [app] = Repo.all(App)

    expected = %{
      "name" => app.client_name,
      "website" => app.website,
      "client_id" => app.client_id,
      "client_secret" => app.client_secret,
      "id" => app.id |> to_string(),
      "redirect_uri" => app.redirect_uris,
      "vapid_key" => Push.vapid_config() |> Keyword.get(:public_key)
    }

    assert expected == json_response_and_validate_schema(conn, 200)
    assert app.user_id == nil
  end

  test "creates an oauth app with a user", %{conn: conn} do
    user = insert(:user)
    app_attrs = build(:oauth_app)

    conn =
      conn
      |> put_req_header("content-type", "application/json")
      |> assign(:user, user)
      |> post("/api/v1/apps", %{
        client_name: app_attrs.client_name,
        redirect_uris: app_attrs.redirect_uris
      })

    [app] = Repo.all(App)

    expected = %{
      "name" => app.client_name,
      "website" => app.website,
      "client_id" => app.client_id,
      "client_secret" => app.client_secret,
      "id" => app.id |> to_string(),
      "redirect_uri" => app.redirect_uris,
      "vapid_key" => Push.vapid_config() |> Keyword.get(:public_key)
    }

    assert expected == json_response_and_validate_schema(conn, 200)
    assert app.user_id == user.id
  end

  test "creates an oauth app without a user", %{conn: conn} do
    app_attrs = build(:oauth_app)

    conn =
      conn
      |> put_req_header("content-type", "application/json")
      |> post("/api/v1/apps", %{
        client_name: app_attrs.client_name,
        redirect_uris: app_attrs.redirect_uris
      })

    [app] = Repo.all(App)

    expected = %{
      "name" => app.client_name,
      "website" => app.website,
      "client_id" => app.client_id,
      "client_secret" => app.client_secret,
      "id" => app.id |> to_string(),
      "redirect_uri" => app.redirect_uris,
      "vapid_key" => Push.vapid_config() |> Keyword.get(:public_key)
    }

    assert expected == json_response_and_validate_schema(conn, 200)
  end

  test "does not duplicate apps with the same client name", %{conn: conn} do
    client_name = "BleromaSE"
    redirect_uris = "https://bleroma.app/oauth-callback"

    for _i <- 1..3 do
      conn
      |> put_req_header("content-type", "application/json")
      |> post("/api/v1/apps", %{
        client_name: client_name,
        redirect_uris: redirect_uris
      })
      |> json_response_and_validate_schema(200)
    end

    apps = Repo.all(App)

    assert length(apps) == 1
    assert List.first(apps).client_name == client_name
    assert List.first(apps).redirect_uris == redirect_uris
  end

  test "app scopes can be updated", %{conn: conn} do
    client_name = "BleromaSE"
    redirect_uris = "https://bleroma.app/oauth-callback"
    website = "https://bleromase.com"
    scopes = "read write"

    conn
    |> put_req_header("content-type", "application/json")
    |> post("/api/v1/apps", %{
      client_name: client_name,
      redirect_uris: redirect_uris,
      website: website,
      scopes: scopes
    })
    |> json_response_and_validate_schema(200)

    assert List.first(Repo.all(App)).scopes == String.split(scopes, " ")

    updated_scopes = "read write push"

    conn
    |> put_req_header("content-type", "application/json")
    |> post("/api/v1/apps", %{
      client_name: client_name,
      redirect_uris: redirect_uris,
      website: website,
      scopes: updated_scopes
    })
    |> json_response_and_validate_schema(200)

    assert List.first(Repo.all(App)).scopes == String.split(updated_scopes, " ")
  end
end