logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git

basic_auth_test.exs (1499B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Web.Auth.BasicAuthTest do
  6.   use Pleroma.Web.ConnCase, async: true
  8.   import Pleroma.Factory
  10.   test "with HTTP Basic Auth used, grants access to OAuth scope-restricted endpoints", %{
  11.     conn: conn
  12.   } do
  13.     user = insert(:user)
  14.     assert Pleroma.Password.Pbkdf2.verify_pass("test", user.password_hash)
  16.     basic_auth_contents =
  17.       (URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test"))
  18.       |> Base.encode64()
  20.     # Succeeds with HTTP Basic Auth
  21.     response =
  22.       conn
  23.       |> put_req_header("authorization", "Basic " <> basic_auth_contents)
  24.       |> get("/api/v1/accounts/verify_credentials")
  25.       |> json_response(200)
  27.     user_nickname = user.nickname
  28.     assert %{"username" => ^user_nickname} = response
  30.     # Succeeds with a properly scoped OAuth token
  31.     valid_token = insert(:oauth_token, scopes: ["read:accounts"])
  33.     conn
  34.     |> put_req_header("authorization", "Bearer #{valid_token.token}")
  35.     |> get("/api/v1/accounts/verify_credentials")
  36.     |> json_response(200)
  38.     # Fails with a wrong-scoped OAuth token (proof of restriction)
  39.     invalid_token = insert(:oauth_token, scopes: ["read:something"])
  41.     conn
  42.     |> put_req_header("authorization", "Bearer #{invalid_token.token}")
  43.     |> get("/api/v1/accounts/verify_credentials")
  44.     |> json_response(403)
  45.   end
  46. end