Add proper error message when accessing followers/followings w/ auth

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2020-11-02 18:11:27 +01:00
parent c5e7abe3d4
commit 78e3bcb2f8
No known key found for this signature in database
GPG Key ID: A061B9DDE0CA0773
2 changed files with 159 additions and 33 deletions

View File

@ -274,6 +274,14 @@ defmodule Mobilizon.GraphQL.Resolvers.Admin do
end end
end end
def list_relay_followers(_parent, _args, %{context: %{current_user: %User{}}}) do
{:error, :unauthorized}
end
def list_relay_followers(_parent, _args, _resolution) do
{:error, :unauthenticated}
end
def list_relay_followings( def list_relay_followings(
_parent, _parent,
%{page: page, limit: limit}, %{page: page, limit: limit},
@ -288,6 +296,14 @@ defmodule Mobilizon.GraphQL.Resolvers.Admin do
end end
end end
def list_relay_followings(_parent, _args, %{context: %{current_user: %User{}}}) do
{:error, :unauthorized}
end
def list_relay_followings(_parent, _args, _resolution) do
{:error, :unauthenticated}
end
def create_relay(_parent, %{address: address}, %{context: %{current_user: %User{role: role}}}) def create_relay(_parent, %{address: address}, %{context: %{current_user: %User{role: role}}})
when is_admin(role) do when is_admin(role) do
case Relay.follow(address) do case Relay.follow(address) do

View File

@ -124,6 +124,90 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
end end
describe "Resolver: Get the list of relay followers" do describe "Resolver: Get the list of relay followers" do
@relay_followers_query """
{
relayFollowers {
elements {
actor {
preferredUsername,
domain,
},
approved
},
total
}
}
"""
@relay_followings_query """
{
relayFollowings {
elements {
targetActor {
preferredUsername,
domain,
},
approved
},
total
}
}
"""
test "test list_relay_followers/3 returns nothing when not logged-in", %{conn: conn} do
follower_actor =
insert(:actor,
domain: "localhost",
user: nil,
url: "http://localhost:8080/actor",
preferred_username: "instance_actor",
name: "I am an instance actor"
)
%Actor{} = relay_actor = Relay.get_actor()
insert(:follower, actor: follower_actor, target_actor: relay_actor)
res =
conn
|> AbsintheHelpers.graphql_query(query: @relay_followers_query)
assert hd(res["errors"])["message"] == "You need to be logged in"
assert hd(res["errors"])["status_code"] == 401
end
test "test list_relay_followers/3 returns nothing when not an admin", %{conn: conn} do
%User{} = user_moderator = insert(:user, role: :moderator)
%User{} = user = insert(:user)
follower_actor =
insert(:actor,
domain: "localhost",
user: nil,
url: "http://localhost:8080/actor",
preferred_username: "instance_actor",
name: "I am an instance actor"
)
%Actor{} = relay_actor = Relay.get_actor()
insert(:follower, actor: follower_actor, target_actor: relay_actor)
res =
conn
|> auth_conn(user_moderator)
|> AbsintheHelpers.graphql_query(query: @relay_followers_query)
assert hd(res["errors"])["message"] == "You don't have permission to do this"
assert hd(res["errors"])["status_code"] == 403
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(query: @relay_followers_query)
assert hd(res["errors"])["message"] == "You don't have permission to do this"
assert hd(res["errors"])["status_code"] == 403
end
test "test list_relay_followers/3 returns relay followers", %{conn: conn} do test "test list_relay_followers/3 returns relay followers", %{conn: conn} do
%User{} = user_admin = insert(:user, role: :administrator) %User{} = user_admin = insert(:user, role: :administrator)
@ -139,25 +223,10 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
%Actor{} = relay_actor = Relay.get_actor() %Actor{} = relay_actor = Relay.get_actor()
insert(:follower, actor: follower_actor, target_actor: relay_actor) insert(:follower, actor: follower_actor, target_actor: relay_actor)
query = """
{
relayFollowers {
elements {
actor {
preferredUsername,
domain,
},
approved
},
total
}
}
"""
res = res =
conn conn
|> auth_conn(user_admin) |> auth_conn(user_admin)
|> AbsintheHelpers.graphql_query(query: query) |> AbsintheHelpers.graphql_query(query: @relay_followers_query)
assert is_nil(res["errors"]) assert is_nil(res["errors"])
@ -167,7 +236,63 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
} }
end end
test "test list_relay_followers/3 returns relay followings", %{conn: conn} do test "test list_relay_followings/3 returns nothing when not logged-in", %{conn: conn} do
%Actor{} =
following_actor =
insert(:actor,
domain: "localhost",
user: nil,
url: "http://localhost:8080/actor",
preferred_username: "instance_actor",
name: "I am an instance actor"
)
%Actor{} = relay_actor = Relay.get_actor()
insert(:follower, actor: relay_actor, target_actor: following_actor)
res =
conn
|> AbsintheHelpers.graphql_query(query: @relay_followings_query)
assert hd(res["errors"])["message"] == "You need to be logged in"
assert hd(res["errors"])["status_code"] == 401
end
test "test list_relay_followings/3 returns nothing when not an admin", %{conn: conn} do
%User{} = user_moderator = insert(:user, role: :moderator)
%User{} = user = insert(:user)
%Actor{} =
following_actor =
insert(:actor,
domain: "localhost",
user: nil,
url: "http://localhost:8080/actor",
preferred_username: "instance_actor",
name: "I am an instance actor"
)
%Actor{} = relay_actor = Relay.get_actor()
insert(:follower, actor: relay_actor, target_actor: following_actor)
res =
conn
|> auth_conn(user_moderator)
|> AbsintheHelpers.graphql_query(query: @relay_followings_query)
assert hd(res["errors"])["message"] == "You don't have permission to do this"
assert hd(res["errors"])["status_code"] == 403
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(query: @relay_followings_query)
assert hd(res["errors"])["message"] == "You don't have permission to do this"
assert hd(res["errors"])["status_code"] == 403
end
test "test list_relay_followings/3 returns relay followings", %{conn: conn} do
%User{} = user_admin = insert(:user, role: :administrator) %User{} = user_admin = insert(:user, role: :administrator)
%Actor{ %Actor{
@ -186,25 +311,10 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
%Actor{} = relay_actor = Relay.get_actor() %Actor{} = relay_actor = Relay.get_actor()
insert(:follower, actor: relay_actor, target_actor: following_actor) insert(:follower, actor: relay_actor, target_actor: following_actor)
query = """
{
relayFollowings {
elements {
targetActor {
preferredUsername,
domain,
},
approved
},
total
}
}
"""
res = res =
conn conn
|> auth_conn(user_admin) |> auth_conn(user_admin)
|> AbsintheHelpers.graphql_query(query: query) |> AbsintheHelpers.graphql_query(query: @relay_followings_query)
assert is_nil(res["errors"]) assert is_nil(res["errors"])