1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Auth.BasicAuthTest do
6 use Pleroma.Web.ConnCase, async: true
10 test "with HTTP Basic Auth used, grants access to OAuth scope-restricted endpoints", %{
14 assert Pleroma.Password.Pbkdf2.verify_pass("test", user.password_hash)
17 (URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test"))
20 # Succeeds with HTTP Basic Auth
23 |> put_req_header("authorization", "Basic " <> basic_auth_contents)
24 |> get("/api/v1/accounts/verify_credentials")
27 user_nickname = user.nickname
28 assert %{"username" => ^user_nickname} = response
30 # Succeeds with a properly scoped OAuth token
31 valid_token = insert(:oauth_token, scopes: ["read:accounts"])
34 |> put_req_header("authorization", "Bearer #{valid_token.token}")
35 |> get("/api/v1/accounts/verify_credentials")
38 # Fails with a wrong-scoped OAuth token (proof of restriction)
39 invalid_token = insert(:oauth_token, scopes: ["read:something"])
42 |> put_req_header("authorization", "Bearer #{invalid_token.token}")
43 |> get("/api/v1/accounts/verify_credentials")