diff options
| author | Ivan Tashkinov <ivantashkinov@gmail.com> | 2020-10-17 13:12:39 +0300 |
|---|---|---|
| committer | Ivan Tashkinov <ivantashkinov@gmail.com> | 2020-10-17 13:12:39 +0300 |
| commit | 049ece1ef38f1aeb656a88ed1d15bf3d4a364e01 (patch) | |
| tree | 16d4a05e533685e8b8385f886e58addb05a90d7d /test/web/auth/basic_auth_test.exs | |
| parent | 2498e569f12694439b6f99d0730f6fb36301c454 (diff) | |
| parent | 023f726d7f497705d766adee8874b94efb08a0aa (diff) | |
| download | pleroma-049ece1ef38f1aeb656a88ed1d15bf3d4a364e01.tar.gz pleroma-049ece1ef38f1aeb656a88ed1d15bf3d4a364e01.zip | |
Merge remote-tracking branch 'remotes/origin/develop' into ostatus-controller-no-auth-check-on-non-federating-instances
# Conflicts:
# lib/pleroma/web/feed/user_controller.ex
# lib/pleroma/web/o_status/o_status_controller.ex
# lib/pleroma/web/router.ex
# lib/pleroma/web/static_fe/static_fe_controller.ex
Diffstat (limited to 'test/web/auth/basic_auth_test.exs')
| -rw-r--r-- | test/web/auth/basic_auth_test.exs | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/test/web/auth/basic_auth_test.exs b/test/web/auth/basic_auth_test.exs deleted file mode 100644 index bf6e3d2fc..000000000 --- a/test/web/auth/basic_auth_test.exs +++ /dev/null @@ -1,46 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.Auth.BasicAuthTest do - use Pleroma.Web.ConnCase - - import Pleroma.Factory - - test "with HTTP Basic Auth used, grants access to OAuth scope-restricted endpoints", %{ - conn: conn - } do - user = insert(:user) - assert Pbkdf2.verify_pass("test", user.password_hash) - - basic_auth_contents = - (URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test")) - |> Base.encode64() - - # Succeeds with HTTP Basic Auth - response = - conn - |> put_req_header("authorization", "Basic " <> basic_auth_contents) - |> get("/api/v1/accounts/verify_credentials") - |> json_response(200) - - user_nickname = user.nickname - assert %{"username" => ^user_nickname} = response - - # Succeeds with a properly scoped OAuth token - valid_token = insert(:oauth_token, scopes: ["read:accounts"]) - - conn - |> put_req_header("authorization", "Bearer #{valid_token.token}") - |> get("/api/v1/accounts/verify_credentials") - |> json_response(200) - - # Fails with a wrong-scoped OAuth token (proof of restriction) - invalid_token = insert(:oauth_token, scopes: ["read:something"]) - - conn - |> put_req_header("authorization", "Bearer #{invalid_token.token}") - |> get("/api/v1/accounts/verify_credentials") - |> json_response(403) - end -end |