271 lines
8.8 KiB
Elixir
271 lines
8.8 KiB
Elixir
# ----------------------------------------------------------------------
|
|
#
|
|
# ejabberd, Copyright (C) 2002-2017 ProcessOne
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License as
|
|
# published by the Free Software Foundation; either version 2 of the
|
|
# License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License along
|
|
# with this program; if not, write to the Free Software Foundation, Inc.,
|
|
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
#
|
|
# ----------------------------------------------------------------------
|
|
|
|
defmodule ModHttpApiMockTest do
|
|
use ExUnit.Case, async: false
|
|
|
|
@author "jsautret@process-one.net"
|
|
|
|
# Admin user
|
|
@admin "admin"
|
|
@adminpass "adminpass"
|
|
# Non admin user
|
|
@user "user"
|
|
@userpass "userpass"
|
|
# XMPP domain
|
|
@domain "domain"
|
|
# mocked command
|
|
@command "command_test"
|
|
@acommand String.to_atom(@command)
|
|
# default API version
|
|
@version 0
|
|
|
|
require Record
|
|
Record.defrecord :request, Record.extract(:request, from_lib: "ejabberd/include/ejabberd_http.hrl")
|
|
|
|
setup_all do
|
|
try do
|
|
:jid.start
|
|
:mnesia.start
|
|
:ejabberd_mnesia.start
|
|
:stringprep.start
|
|
:ejabberd_hooks.start_link
|
|
:ejabberd_config.start([@domain], [])
|
|
{:ok, _} = :ejabberd_access_permissions.start_link()
|
|
:ejabberd_commands.start_link
|
|
rescue
|
|
_ -> :ok
|
|
end
|
|
:mod_http_api.start(@domain, [])
|
|
EjabberdOauthMock.init
|
|
:ok
|
|
end
|
|
|
|
setup do
|
|
:meck.unload
|
|
:meck.new :ejabberd_commands
|
|
:meck.new(:acl, [:passthrough]) # Need to fake acl to allow oauth
|
|
EjabberdAuthMock.init
|
|
:ok
|
|
end
|
|
|
|
test "HTTP GET simple command call with Basic Auth" do
|
|
EjabberdAuthMock.create_user @user, @domain, @userpass
|
|
|
|
# Mock a simple command() -> :ok
|
|
:meck.expect(:ejabberd_commands, :get_command_format,
|
|
fn (@acommand, %{usr: {@user, @domain, _}}, @version) ->
|
|
{[], {:res, :rescode}}
|
|
end)
|
|
:meck.expect(:ejabberd_commands, :get_exposed_commands,
|
|
fn () -> [@acommand] end)
|
|
:meck.expect(:ejabberd_commands, :execute_command2,
|
|
fn (@acommand, [], %{usr: {@user, @domain, _}}, @version) ->
|
|
:ok
|
|
end)
|
|
|
|
:ejabberd_config.add_local_option(:commands, [[{:add_commands, [@acommand]}]])
|
|
|
|
# Correct Basic Auth call
|
|
req = request(method: :GET,
|
|
path: ["api", @command],
|
|
q: [nokey: ""],
|
|
# Basic auth
|
|
auth: {@user<>"@"<>@domain, @userpass},
|
|
ip: {{127,0,0,1},60000},
|
|
host: @domain)
|
|
result = :mod_http_api.process([@command], req)
|
|
|
|
# history = :meck.history(:ejabberd_commands)
|
|
|
|
assert 200 == elem(result, 0) # HTTP code
|
|
assert "0" == elem(result, 2) # command result
|
|
|
|
# Bad password
|
|
req = request(method: :GET,
|
|
path: ["api", @command],
|
|
q: [nokey: ""],
|
|
# Basic auth
|
|
auth: {@user<>"@"<>@domain, @userpass<>"bad"},
|
|
ip: {{127,0,0,1},60000},
|
|
host: @domain)
|
|
result = :mod_http_api.process([@command], req)
|
|
assert 401 == elem(result, 0) # HTTP code
|
|
|
|
# Check that the command was executed only once
|
|
assert 1 ==
|
|
:meck.num_calls(:ejabberd_commands, :execute_command2, :_)
|
|
|
|
assert :meck.validate :ejabberd_auth
|
|
assert :meck.validate :ejabberd_commands
|
|
end
|
|
|
|
test "HTTP GET simple command call with OAuth" do
|
|
EjabberdAuthMock.create_user @user, @domain, @userpass
|
|
|
|
# Mock a simple command() -> :ok
|
|
:meck.expect(:ejabberd_commands, :get_command_format,
|
|
fn (@acommand, %{usr: {@user, @domain, _}}, @version) ->
|
|
{[], {:res, :rescode}}
|
|
end)
|
|
:meck.expect(:ejabberd_commands, :get_exposed_commands,
|
|
fn () -> [@acommand] end)
|
|
:meck.expect(:ejabberd_commands, :execute_command2,
|
|
fn (@acommand, [], %{usr: {@user, @domain, _}, oauth_scope: ["ejabberd:user"]}, @version) ->
|
|
:ok
|
|
(@acommand, [], %{usr: {@user, @domain, _}, oauth_scope: [@command]}, @version) ->
|
|
:ok
|
|
(@acommand, [], %{usr: {@user, @domain, _}, oauth_scope: _}, @version) ->
|
|
throw({:error, :access_rules_unauthorized})
|
|
end)
|
|
|
|
|
|
# Correct OAuth call using specific scope
|
|
token = EjabberdOauthMock.get_token @user, @domain, @command
|
|
req = request(method: :GET,
|
|
path: ["api", @command],
|
|
q: [nokey: ""],
|
|
# OAuth
|
|
auth: {:oauth, token, []},
|
|
ip: {{127,0,0,1},60000},
|
|
host: @domain)
|
|
result = :mod_http_api.process([@command], req)
|
|
assert 200 == elem(result, 0) # HTTP code
|
|
assert "0" == elem(result, 2) # command result
|
|
|
|
# Correct OAuth call using specific ejabberd:user scope
|
|
token = EjabberdOauthMock.get_token @user, @domain, "ejabberd:user"
|
|
req = request(method: :GET,
|
|
path: ["api", @command],
|
|
q: [nokey: ""],
|
|
# OAuth
|
|
auth: {:oauth, token, []},
|
|
ip: {{127,0,0,1},60000},
|
|
host: @domain)
|
|
result = :mod_http_api.process([@command], req)
|
|
assert 200 == elem(result, 0) # HTTP code
|
|
assert "0" == elem(result, 2) # command result
|
|
|
|
# Wrong OAuth token
|
|
req = request(method: :GET,
|
|
path: ["api", @command],
|
|
q: [nokey: ""],
|
|
# OAuth
|
|
auth: {:oauth, "bad"<>token, []},
|
|
ip: {{127,0,0,1},60000},
|
|
host: @domain)
|
|
result = :mod_http_api.process([@command], req)
|
|
assert 401 == elem(result, 0) # HTTP code
|
|
|
|
# Expired OAuth token
|
|
token = EjabberdOauthMock.get_token @user, @domain, @command, 1
|
|
:timer.sleep 1500
|
|
req = request(method: :GET,
|
|
path: ["api", @command],
|
|
q: [nokey: ""],
|
|
# OAuth
|
|
auth: {:oauth, token, []},
|
|
ip: {{127,0,0,1},60000},
|
|
host: @domain)
|
|
result = :mod_http_api.process([@command], req)
|
|
assert 401 == elem(result, 0) # HTTP code
|
|
|
|
# Wrong OAuth scope
|
|
token = EjabberdOauthMock.get_token @user, @domain, "bad_command"
|
|
:timer.sleep 1500
|
|
req = request(method: :GET,
|
|
path: ["api", @command],
|
|
q: [nokey: ""],
|
|
# OAuth
|
|
auth: {:oauth, token, []},
|
|
ip: {{127,0,0,1},60000},
|
|
host: @domain)
|
|
result = :mod_http_api.process([@command], req)
|
|
assert 403 == elem(result, 0) # HTTP code
|
|
|
|
# Check that the command was executed twice
|
|
assert 3 ==
|
|
:meck.num_calls(:ejabberd_commands, :execute_command2, :_)
|
|
|
|
assert :meck.validate :ejabberd_auth
|
|
#assert :meck.validate :ejabberd_commands
|
|
#assert :ok = :meck.history(:ejabberd_commands)
|
|
end
|
|
|
|
test "Request oauth token, resource owner password credentials" do
|
|
EjabberdAuthMock.create_user @user, @domain, @userpass
|
|
:application.set_env(:oauth2, :backend, :ejabberd_oauth)
|
|
:application.start(:oauth2)
|
|
|
|
# Mock a simple command() -> :ok
|
|
:meck.expect(:ejabberd_commands, :get_command_format,
|
|
fn (@acommand, {@user, @domain, {:oauth, _token}, false}, @version) ->
|
|
{[], {:res, :rescode}}
|
|
end)
|
|
:meck.expect(:ejabberd_commands, :get_exposed_commands,
|
|
fn () -> [@acommand] end)
|
|
|
|
#Mock acl to allow oauth authorizations
|
|
:meck.expect(:acl, :match_rule, fn(_Server, _Access, _Jid) -> :allow end)
|
|
|
|
|
|
# Correct password
|
|
req = request(method: :POST,
|
|
path: ["oauth", "token"],
|
|
q: [{"grant_type", "password"}, {"scope", @command}, {"username", @user<>"@"<>@domain}, {"ttl", "4000"}, {"password", @userpass}],
|
|
ip: {{127,0,0,1},60000},
|
|
host: @domain)
|
|
result = :ejabberd_oauth.process([], req)
|
|
assert 200 = elem(result, 0) #http code
|
|
{kv} = :jiffy.decode(elem(result,2))
|
|
assert {_, "bearer"} = List.keyfind(kv, "token_type", 0)
|
|
assert {_, @command} = List.keyfind(kv, "scope", 0)
|
|
assert {_, 4000} = List.keyfind(kv, "expires_in", 0)
|
|
{"access_token", _token} = List.keyfind(kv, "access_token", 0)
|
|
|
|
#missing grant_type
|
|
req = request(method: :POST,
|
|
path: ["oauth", "token"],
|
|
q: [{"scope", @command}, {"username", @user<>"@"<>@domain}, {"password", @userpass}],
|
|
ip: {{127,0,0,1},60000},
|
|
host: @domain)
|
|
result = :ejabberd_oauth.process([], req)
|
|
assert 400 = elem(result, 0) #http code
|
|
{kv} = :jiffy.decode(elem(result,2))
|
|
assert {_, "unsupported_grant_type"} = List.keyfind(kv, "error", 0)
|
|
|
|
|
|
# incorrect user/pass
|
|
req = request(method: :POST,
|
|
path: ["oauth", "token"],
|
|
q: [{"grant_type", "password"}, {"scope", @command}, {"username", @user<>"@"<>@domain}, {"password", @userpass<>"aa"}],
|
|
ip: {{127,0,0,1},60000},
|
|
host: @domain)
|
|
result = :ejabberd_oauth.process([], req)
|
|
assert 400 = elem(result, 0) #http code
|
|
{kv} = :jiffy.decode(elem(result,2))
|
|
assert {_, "invalid_grant"} = List.keyfind(kv, "error", 0)
|
|
|
|
assert :meck.validate :ejabberd_auth
|
|
assert :meck.validate :ejabberd_commands
|
|
end
|
|
|
|
end
|