git.squeep.com Git - akkoma/blob - test/pleroma/web/auth/basic_auth_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.Auth.BasicAuthTest do
   6   use Pleroma.Web.ConnCase
   7
   8   import Pleroma.Factory
   9
  10   test "with HTTP Basic Auth used, grants access to OAuth scope-restricted endpoints", %{
  11     conn: conn
  12   } do
  13     user = insert(:user)
  14     assert Pbkdf2.verify_pass("test", user.password_hash)
  15
  16     basic_auth_contents =
  17       (URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test"))
  18       |> Base.encode64()
  19
  20     # Succeeds with HTTP Basic Auth
  21     response =
  22       conn
  23       |> put_req_header("authorization", "Basic " <> basic_auth_contents)
  24       |> get("/api/v1/accounts/verify_credentials")
  25       |> json_response(200)
  26
  27     user_nickname = user.nickname
  28     assert %{"username" => ^user_nickname} = response
  29
  30     # Succeeds with a properly scoped OAuth token
  31     valid_token = insert(:oauth_token, scopes: ["read:accounts"])
  32
  33     conn
  34     |> put_req_header("authorization", "Bearer #{valid_token.token}")
  35     |> get("/api/v1/accounts/verify_credentials")
  36     |> json_response(200)
  37
  38     # Fails with a wrong-scoped OAuth token (proof of restriction)
  39     invalid_token = insert(:oauth_token, scopes: ["read:something"])
  40
  41     conn
  42     |> put_req_header("authorization", "Bearer #{invalid_token.token}")
  43     |> get("/api/v1/accounts/verify_credentials")
  44     |> json_response(403)
  45   end
  46 end