forked from AkkomaGang/akkoma
FloatingGhost
98cb255d12
OTP builds to 1.15
Changelog entry
Ensure policies are fully loaded
Fix :warn
use main branch for linkify
Fix warn in tests
Migrations for phoenix 1.17
Revert "Migrations for phoenix 1.17"
This reverts commit 6a3b2f15b7
.
Oban upgrade
Add default empty whitelist
mix format
limit test to amd64
OTP 26 tests for 1.15
use OTP_VERSION tag
baka
just 1.15
Massive deps update
Update locale, deps
Mix format
shell????
multiline???
?
max cases 1
use assert_recieve
don't put_env in async tests
don't async conn/fs tests
mix format
FIx some uploader issues
Fix tests
46 lines
1.5 KiB
Elixir
46 lines
1.5 KiB
Elixir
# Pleroma: A lightweight social networking server
|
|
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
defmodule Pleroma.Web.Auth.BasicAuthTest do
|
|
use Pleroma.Web.ConnCase, async: false
|
|
|
|
import Pleroma.Factory
|
|
|
|
test "with HTTP Basic Auth used, grants access to OAuth scope-restricted endpoints", %{
|
|
conn: conn
|
|
} do
|
|
user = insert(:user)
|
|
assert Pleroma.Password.checkpw("test", user.password_hash)
|
|
|
|
basic_auth_contents =
|
|
(URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test"))
|
|
|> Base.encode64()
|
|
|
|
# Succeeds with HTTP Basic Auth
|
|
response =
|
|
conn
|
|
|> put_req_header("authorization", "Basic " <> basic_auth_contents)
|
|
|> get("/api/v1/accounts/verify_credentials")
|
|
|> json_response(200)
|
|
|
|
user_nickname = user.nickname
|
|
assert %{"username" => ^user_nickname} = response
|
|
|
|
# Succeeds with a properly scoped OAuth token
|
|
valid_token = insert(:oauth_token, scopes: ["read:accounts"])
|
|
|
|
conn
|
|
|> put_req_header("authorization", "Bearer #{valid_token.token}")
|
|
|> get("/api/v1/accounts/verify_credentials")
|
|
|> json_response(200)
|
|
|
|
# Fails with a wrong-scoped OAuth token (proof of restriction)
|
|
invalid_token = insert(:oauth_token, scopes: ["read:something"])
|
|
|
|
conn
|
|
|> put_req_header("authorization", "Bearer #{invalid_token.token}")
|
|
|> get("/api/v1/accounts/verify_credentials")
|
|
|> json_response(403)
|
|
end
|
|
end
|