mirror of
https://github.com/plausible/analytics.git
synced 2024-12-23 09:33:19 +03:00
6035618213
* Add `GET /capabilities` to Plugins API It aims to: - help the client verify the data-domain the token is associated with - list all the features available for the site's owner (and therefore determine availability of the subset of those for the current Plugins API caller) The endpoint does not require authentication, in the sense that it'll always respond with 200 OK. However when the token is provided, a verification lookup is made. * Remove IO.inspect() call * Credo * Aesthetics * s/send_resp/send_error/ * Call preload just once
99 lines
2.6 KiB
Elixir
99 lines
2.6 KiB
Elixir
defmodule PlausibleWeb.Plugs.AuthorizePluginsAPITest do
|
|
use PlausibleWeb.ConnCase, async: true
|
|
|
|
alias Plausible.Plugins.API.{Token, Tokens}
|
|
alias PlausibleWeb.Plugs.AuthorizePluginsAPI
|
|
alias Plausible.Repo
|
|
|
|
import Plug.Conn
|
|
|
|
test "plug passes when a token is found" do
|
|
%{id: site_id} = site = insert(:site, domain: "pass.example.com")
|
|
{:ok, _, raw} = Tokens.create(site, "Some token")
|
|
|
|
credentials = "Basic " <> Base.encode64("#{site.domain}:#{raw}")
|
|
|
|
conn =
|
|
build_conn()
|
|
|> put_req_header("authorization", credentials)
|
|
|> AuthorizePluginsAPI.call()
|
|
|
|
refute conn.halted
|
|
assert %Plausible.Site{id: ^site_id} = conn.assigns.authorized_site
|
|
end
|
|
|
|
test "plug passes when a token is found, no domain provided" do
|
|
%{id: site_id} = site = insert(:site, domain: "pass.example.com")
|
|
{:ok, _, raw} = Tokens.create(site, "Some token")
|
|
|
|
credentials = "Basic " <> Base.encode64(raw)
|
|
|
|
conn =
|
|
build_conn()
|
|
|> put_req_header("authorization", credentials)
|
|
|> AuthorizePluginsAPI.call()
|
|
|
|
refute conn.halted
|
|
assert %Plausible.Site{id: ^site_id} = conn.assigns.authorized_site
|
|
end
|
|
|
|
test "plug halts when a token is not found" do
|
|
site = insert(:site, domain: "pass.example.com")
|
|
|
|
credentials = "Basic " <> Base.encode64("#{site.domain}:invalid-token")
|
|
|
|
conn =
|
|
build_conn()
|
|
|> put_req_header("authorization", credentials)
|
|
|> AuthorizePluginsAPI.call()
|
|
|
|
assert conn.halted
|
|
|
|
assert json_response(conn, 401) == %{
|
|
"errors" => [
|
|
%{"detail" => "Plugins API: unauthorized"}
|
|
]
|
|
}
|
|
end
|
|
|
|
test "plug halts when no authorization header is passed" do
|
|
conn =
|
|
build_conn()
|
|
|> AuthorizePluginsAPI.call()
|
|
|
|
assert conn.halted
|
|
|
|
assert json_response(conn, 401) == %{
|
|
"errors" => [
|
|
%{"detail" => "Plugins API: unauthorized"}
|
|
]
|
|
}
|
|
end
|
|
|
|
test "plug optionally doesn't halt when no authorization header is passed" do
|
|
conn =
|
|
build_conn()
|
|
|> AuthorizePluginsAPI.call(send_error?: false)
|
|
|
|
refute conn.halted
|
|
end
|
|
|
|
test "plug updates last seen timestamp" do
|
|
site = insert(:site, domain: "pass.example.com")
|
|
{:ok, token, raw} = Tokens.create(site, "Some token")
|
|
|
|
refute token.last_used_at
|
|
assert Token.last_used_humanize(token) == "Not yet"
|
|
|
|
credentials = "Basic " <> Base.encode64(raw)
|
|
|
|
build_conn()
|
|
|> put_req_header("authorization", credentials)
|
|
|> AuthorizePluginsAPI.call()
|
|
|
|
token = Repo.reload!(token)
|
|
assert token.last_used_at
|
|
assert Token.last_used_humanize(token) == "Just recently"
|
|
end
|
|
end
|