From 3e7f2bfc2f4769af3cedea3126fa0b3cab3f2b7b Mon Sep 17 00:00:00 2001
From: Ivan Tashkinov <ivant.business@gmail.com>
Date: Fri, 5 Apr 2019 09:19:17 +0300
Subject: [PATCH] [#923] OAuthController#callback adjustments (with tests).

---
 lib/pleroma/web/oauth/oauth_controller.ex |  8 +------
 test/web/oauth/oauth_controller_test.exs  | 27 +++++++++++------------
 2 files changed, 14 insertions(+), 21 deletions(-)

diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex
index 2dcaaabc1..404728899 100644
--- a/lib/pleroma/web/oauth/oauth_controller.ex
+++ b/lib/pleroma/web/oauth/oauth_controller.ex
@@ -249,13 +249,7 @@ def callback(conn, params) do
 
     with {:ok, registration} <- Authenticator.get_registration(conn, params) do
       user = Repo.preload(registration, :user).user
-
-      auth_params = %{
-        "client_id" => params["client_id"],
-        "redirect_uri" => params["redirect_uri"],
-        "state" => params["state"],
-        "scopes" => oauth_scopes(params, nil)
-      }
+      auth_params = Map.take(params, ~w(client_id redirect_uri scope scopes state))
 
       if user do
         create_authorization(
diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs
index e13f4700d..75333f2d5 100644
--- a/test/web/oauth/oauth_controller_test.exs
+++ b/test/web/oauth/oauth_controller_test.exs
@@ -73,7 +73,7 @@ test "GET /oauth/prepare_request encodes parameters as `state` and redirects", %
           "/oauth/prepare_request",
           %{
             "provider" => "twitter",
-            "scope" => app.scopes,
+            "scope" => "read follow",
             "client_id" => app.client_id,
             "redirect_uri" => app.redirect_uris,
             "state" => "a_state"
@@ -81,21 +81,20 @@ test "GET /oauth/prepare_request encodes parameters as `state` and redirects", %
         )
 
       assert response = html_response(conn, 302)
-      redirected_to = redirected_to(conn)
-      [state] = Regex.run(~r/(?<=state=).*?(?=\Z|&)/, redirected_to)
-      state = URI.decode(state)
-      assert {:ok, state_params} = Poison.decode(state)
 
-      expected_scope_param = Enum.join(app.scopes, "+")
-      expected_client_id_param = app.client_id
-      expected_redirect_uri_param = app.redirect_uris
+      redirect_query = URI.parse(redirected_to(conn)).query
+      assert %{"state" => state_param} = URI.decode_query(redirect_query)
+      assert {:ok, state_components} = Poison.decode(state_param)
+
+      expected_client_id = app.client_id
+      expected_redirect_uri = app.redirect_uris
 
       assert %{
-               "scope" => ^expected_scope_param,
-               "client_id" => ^expected_client_id_param,
-               "redirect_uri" => ^expected_redirect_uri_param,
+               "scope" => "read follow",
+               "client_id" => ^expected_client_id,
+               "redirect_uri" => ^expected_redirect_uri,
                "state" => "a_state"
-             } = state_params
+             } = state_components
     end
 
     test "on authentication error, redirects to `redirect_uri`", %{app: app, conn: conn} do
@@ -158,7 +157,7 @@ test "with user-unbound registration, GET /oauth/<provider>/callback redirects t
       registration = insert(:registration, user: nil)
 
       state_params = %{
-        "scope" => "read",
+        "scope" => "read write",
         "client_id" => app.client_id,
         "redirect_uri" => app.redirect_uris,
         "state" => "a_state"
@@ -182,7 +181,7 @@ test "with user-unbound registration, GET /oauth/<provider>/callback redirects t
           state_params
           |> Map.delete("scope")
           |> Map.merge(%{
-            "scopes" => ["read"],
+            "scope" => "read write",
             "email" => Registration.email(registration),
             "nickname" => Registration.nickname(registration)
           })