From eb720241da3d786c6ec79f2325277fa4af23846f Mon Sep 17 00:00:00 2001 From: tobi <31960611+tsmethurst@users.noreply.github.com> Date: Wed, 26 Feb 2025 13:04:55 +0100 Subject: [feature] Enforce OAuth token scopes (#3835) * move tokenauth to apiutil * enforce scopes * docs * update test models, remove deprecated "follow" * file header * tests * tweak scope matcher * simplify... * fix tests * log user out of settings panel in case of oauth error --- internal/api/util/scopes_test.go | 101 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 internal/api/util/scopes_test.go (limited to 'internal/api/util/scopes_test.go') diff --git a/internal/api/util/scopes_test.go b/internal/api/util/scopes_test.go new file mode 100644 index 000000000..bd533585b --- /dev/null +++ b/internal/api/util/scopes_test.go @@ -0,0 +1,101 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package util_test + +import ( + "testing" + + "github.com/superseriousbusiness/gotosocial/internal/api/util" +) + +func TestScopes(t *testing.T) { + for _, test := range []struct { + HasScope util.Scope + WantsScope util.Scope + Expect bool + }{ + { + HasScope: util.ScopeRead, + WantsScope: util.ScopeRead, + Expect: true, + }, + { + HasScope: util.ScopeRead, + WantsScope: util.ScopeWrite, + Expect: false, + }, + { + HasScope: util.ScopeWrite, + WantsScope: util.ScopeWrite, + Expect: true, + }, + { + HasScope: util.ScopeWrite, + WantsScope: util.ScopeRead, + Expect: false, + }, + { + HasScope: util.ScopePush, + WantsScope: util.ScopePush, + Expect: true, + }, + { + HasScope: util.ScopeAdmin, + WantsScope: util.ScopeAdmin, + Expect: true, + }, + { + HasScope: util.ScopeProfile, + WantsScope: util.ScopeProfile, + Expect: true, + }, + { + HasScope: util.ScopeReadAccounts, + WantsScope: util.ScopeWriteAccounts, + Expect: false, + }, + { + HasScope: util.ScopeWriteAccounts, + WantsScope: util.ScopeWriteAccounts, + Expect: true, + }, + { + HasScope: util.ScopeWrite, + WantsScope: util.ScopeWriteAccounts, + Expect: true, + }, + { + HasScope: util.ScopeRead, + WantsScope: util.ScopeWriteAccounts, + Expect: false, + }, + { + HasScope: util.ScopeWriteAccounts, + WantsScope: util.ScopeWrite, + Expect: false, + }, + } { + res := test.HasScope.Permits(test.WantsScope) + if res != test.Expect { + t.Errorf( + "did not get expected result %v for input: has %s, wants %s", + test.Expect, test.HasScope, test.WantsScope, + ) + } + } +} -- cgit v1.2.3