Merge branch 'iss-849' into 'develop'

Parse access_token from body parameters and URL parameters See merge request !1103

Merge branch 'iss-849' into 'develop'
Parse access_token from body parameters and URL parameters See merge request !1103
497d34b8 · lain · d107919b · a53a6c9d · 497d34b8 · 497d34b8
Commit 497d34b8 authored May 02, 2019 by lain
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -48,6 +48,7 @@ unit-testing:
  - name: postgres:9.6.2
    command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
  script:
+    - mix deps.get
    - mix ecto.create
    - mix ecto.migrate
    - mix test --trace --preload-modules
@@ -77,4 +78,4 @@ docs-deploy:
    - echo "${SSH_HOST_KEY}" > ~/.ssh/known_hosts
    - eval $(ssh-agent -s)
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
-    - rsync -hrvz --delete -e "ssh -p ${SSH_PORT}" priv/static/doc/ "${SSH_USER_HOST_LOCATION}/${CI_COMMIT_REF_NAME}" 
+    - rsync -hrvz --delete -e "ssh -p ${SSH_PORT}" priv/static/doc/ "${SSH_USER_HOST_LOCATION}/${CI_COMMIT_REF_NAME}"
--- a/lib/pleroma/plugs/oauth_plug.ex
+++ b/lib/pleroma/plugs/oauth_plug.ex
@@ -16,6 +16,16 @@ def init(options), do: options

  def call(%{assigns: %{user: %User{}}} = conn, _), do: conn

+  def call(%{params: %{"access_token" => access_token}} = conn, _) do
+    with {:ok, user, token_record} <- fetch_user_and_token(access_token) do
+      conn
+      |> assign(:token, token_record)
+      |> assign(:user, user)
+    else
+      _ -> conn
+    end
+  end
+
  def call(conn, _) do
    with {:ok, token_str} <- fetch_token_str(conn),
         {:ok, user, token_record} <- fetch_user_and_token(token_str) do

--- a/test/plugs/oauth_plug_test.exs
+++ b/test/plugs/oauth_plug_test.exs
@@ -38,6 +38,26 @@ test "with valid token(downcase), it assigns the user", %{conn: conn} = opts do
    assert conn.assigns[:user] == opts[:user]
  end

+  test "with valid token(downcase) in url parameters, it assings the user", opts do
+    conn =
+      :get
+      |> build_conn("/?access_token=#{opts[:token]}")
+      |> put_req_header("content-type", "application/json")
+      |> fetch_query_params()
+      |> OAuthPlug.call(%{})
+
+    assert conn.assigns[:user] == opts[:user]
+  end
+
+  test "with valid token(downcase) in body parameters, it assigns the user", opts do
+    conn =
+      :post
+      |> build_conn("/api/v1/statuses", access_token: opts[:token], status: "test")
+      |> OAuthPlug.call(%{})
+
+    assert conn.assigns[:user] == opts[:user]
+  end
+
  test "with invalid token, it not assigns the user", %{conn: conn} do
    conn =
      conn