mirror of
https://github.com/plausible/analytics.git
synced 2024-12-26 02:55:02 +03:00
19b2239eb9
* Migration: track last seen usage for Plugins API Tokens * Track and interpret Token.last_seen_at * Display last used * Order tokens by inserted date, rather than UUID :clown: * s/Last seen/Last used in the UI * Test for "Last used" column presence * Fix table layout for very long descriptions * Update lib/plausible/plugins/api/tokens.ex Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com> * Update lib/plausible/plugins/api/token.ex Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com> * Update test/plausible/plugins/api/token_test.exs Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com> * s/last_seen_at/last_used_at * Update lib/plausible_web/live/plugins/api/settings.ex Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com> * fixup * Document reasoning behind 5m windows * s/last_seen/last_used * Mute credo --------- Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
91 lines
2.4 KiB
Elixir
91 lines
2.4 KiB
Elixir
defmodule PlausibleWeb.Plugs.AuthorizePluginsAPITest do
|
|
use PlausibleWeb.ConnCase, async: true
|
|
|
|
alias Plausible.Plugins.API.{Token, Tokens}
|
|
alias PlausibleWeb.Plugs.AuthorizePluginsAPI
|
|
alias Plausible.Repo
|
|
|
|
import Plug.Conn
|
|
|
|
test "plug passes when a token is found" do
|
|
%{id: site_id} = site = insert(:site, domain: "pass.example.com")
|
|
{:ok, _, raw} = Tokens.create(site, "Some token")
|
|
|
|
credentials = "Basic " <> Base.encode64("#{site.domain}:#{raw}")
|
|
|
|
conn =
|
|
build_conn()
|
|
|> put_req_header("authorization", credentials)
|
|
|> AuthorizePluginsAPI.call()
|
|
|
|
refute conn.halted
|
|
assert %Plausible.Site{id: ^site_id} = conn.assigns.authorized_site
|
|
end
|
|
|
|
test "plug passes when a token is found, no domain provided" do
|
|
%{id: site_id} = site = insert(:site, domain: "pass.example.com")
|
|
{:ok, _, raw} = Tokens.create(site, "Some token")
|
|
|
|
credentials = "Basic " <> Base.encode64(raw)
|
|
|
|
conn =
|
|
build_conn()
|
|
|> put_req_header("authorization", credentials)
|
|
|> AuthorizePluginsAPI.call()
|
|
|
|
refute conn.halted
|
|
assert %Plausible.Site{id: ^site_id} = conn.assigns.authorized_site
|
|
end
|
|
|
|
test "plug halts when a token is not found" do
|
|
site = insert(:site, domain: "pass.example.com")
|
|
|
|
credentials = "Basic " <> Base.encode64("#{site.domain}:invalid-token")
|
|
|
|
conn =
|
|
build_conn()
|
|
|> put_req_header("authorization", credentials)
|
|
|> AuthorizePluginsAPI.call()
|
|
|
|
assert conn.halted
|
|
|
|
assert json_response(conn, 401) == %{
|
|
"errors" => [
|
|
%{"detail" => "Plugins API: unauthorized"}
|
|
]
|
|
}
|
|
end
|
|
|
|
test "plug halts when no authorization header is passed" do
|
|
conn =
|
|
build_conn()
|
|
|> AuthorizePluginsAPI.call()
|
|
|
|
assert conn.halted
|
|
|
|
assert json_response(conn, 401) == %{
|
|
"errors" => [
|
|
%{"detail" => "Plugins API: unauthorized"}
|
|
]
|
|
}
|
|
end
|
|
|
|
test "plug updates last seen timestamp" do
|
|
site = insert(:site, domain: "pass.example.com")
|
|
{:ok, token, raw} = Tokens.create(site, "Some token")
|
|
|
|
refute token.last_used_at
|
|
assert Token.last_used_humanize(token) == "Not yet"
|
|
|
|
credentials = "Basic " <> Base.encode64(raw)
|
|
|
|
build_conn()
|
|
|> put_req_header("authorization", credentials)
|
|
|> AuthorizePluginsAPI.call()
|
|
|
|
token = Repo.reload!(token)
|
|
assert token.last_used_at
|
|
assert Token.last_used_humanize(token) == "Just recently"
|
|
end
|
|
end
|