Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F41645397
basic_auth_test.exs
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Award Token
Flag For Later
Size
1 KB
Referenced Files
None
Subscribers
None
basic_auth_test.exs
View Options
# Pleroma: A lightweight social networking server
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule
Pleroma.Web.Auth.BasicAuthTest
do
use
Pleroma.Web.ConnCase
import
Pleroma.Factory
test
"with HTTP Basic Auth used, grants access to OAuth scope-restricted endpoints"
,
%{
conn
:
conn
}
do
user
=
insert
(
:user
)
assert
Comeonin.Pbkdf2
.
checkpw
(
"test"
,
user
.
password_hash
)
basic_auth_contents
=
(
URI
.
encode_www_form
(
user
.
nickname
)
<>
":"
<>
URI
.
encode_www_form
(
"test"
))
|>
Base
.
encode64
()
# Succeeds with HTTP Basic Auth
response
=
conn
|>
put_req_header
(
"authorization"
,
"Basic "
<>
basic_auth_contents
)
|>
get
(
"/api/v1/accounts/verify_credentials"
)
|>
json_response
(
200
)
user_nickname
=
user
.
nickname
assert
%{
"username"
=>
^
user_nickname
}
=
response
# Succeeds with a properly scoped OAuth token
valid_token
=
insert
(
:oauth_token
,
scopes
:
[
"read:accounts"
])
conn
|>
put_req_header
(
"authorization"
,
"Bearer
#{
valid_token
.
token
}
"
)
|>
get
(
"/api/v1/accounts/verify_credentials"
)
|>
json_response
(
200
)
# Fails with a wrong-scoped OAuth token (proof of restriction)
invalid_token
=
insert
(
:oauth_token
,
scopes
:
[
"read:something"
])
conn
|>
put_req_header
(
"authorization"
,
"Bearer
#{
invalid_token
.
token
}
"
)
|>
get
(
"/api/v1/accounts/verify_credentials"
)
|>
json_response
(
403
)
end
end
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sun, Feb 15, 4:33 AM (4 h, 8 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
985212
Default Alt Text
basic_auth_test.exs (1 KB)
Attached To
Mode
rPUBE pleroma-upstream
Attached
Detach File
Event Timeline
Log In to Comment