logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma

basic_auth_test.exs (1469B)


  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  4. defmodule Pleroma.Web.Auth.BasicAuthTest do
  5. use Pleroma.Web.ConnCase
  6. import Pleroma.Factory
  7. test "with HTTP Basic Auth used, grants access to OAuth scope-restricted endpoints", %{
  8. conn: conn
  9. } do
  10. user = insert(:user)
  11. assert Pbkdf2.verify_pass("test", user.password_hash)
  12. basic_auth_contents =
  13. (URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test"))
  14. |> Base.encode64()
  15. # Succeeds with HTTP Basic Auth
  16. response =
  17. conn
  18. |> put_req_header("authorization", "Basic " <> basic_auth_contents)
  19. |> get("/api/v1/accounts/verify_credentials")
  20. |> json_response(200)
  21. user_nickname = user.nickname
  22. assert %{"username" => ^user_nickname} = response
  23. # Succeeds with a properly scoped OAuth token
  24. valid_token = insert(:oauth_token, scopes: ["read:accounts"])
  25. conn
  26. |> put_req_header("authorization", "Bearer #{valid_token.token}")
  27. |> get("/api/v1/accounts/verify_credentials")
  28. |> json_response(200)
  29. # Fails with a wrong-scoped OAuth token (proof of restriction)
  30. invalid_token = insert(:oauth_token, scopes: ["read:something"])
  31. conn
  32. |> put_req_header("authorization", "Bearer #{invalid_token.token}")
  33. |> get("/api/v1/accounts/verify_credentials")
  34. |> json_response(403)
  35. end
  36. end