Test [lack of] BasicAuth

I’ve taken on a small contract where there is no need for anything more than basic auth.

Thanks to this very nice tutorial—which is slightly outdated but trivially adaptable since basic_auth is now a part of Plug—I’ve been able to get my basic-auth-protected-LiveView tests running.

My problem came about when I went to write a test to ensure that basic auth was doing its job. Calling live(conn, ~p"/admin") in a test that doesn’t authorize results in:

** (FunctionClauseError) no function clause matching in Phoenix.LiveViewTest.connect_from_static_token/2

I started spelunking through LiveView’s source to figure out a sane way to test this, but instead I decided to move on and came up with this janky-ass solution which relies on live/2 throwing that FunctionClauseError:

# Implicitly left out here is that there is no setup that performs
# basic auth as per the linked blog post.  This is made clear by
# the rest of the tests calling a `setup :login`.

test "needs basic auth to view the page", %{conn: conn} do
  try do
    live(conn, ~p"/admin")

    refute "Admin page is not protected"
    e in FunctionClauseError ->
      assert e.function == :connect_from_static_token
      assert e.arity == 2

Not my finest moment but it also gets the job done. Still, I’m wondering if anyone has come across this before and came up with something better.

Thanks for reading!

I thought the Auth code generated by the phoenix auth generator is the most basic!

And it even generates the tests for it.



Hey @derpycoder, thanks for the response but I am very well-versed in phx_gen_auth. There will be literally one person using this app so Basic Auth is all I want or need.

1 Like

I would test as if it isn’t a liveview and do something like:

  test "GET /", %{conn: conn} do
    conn = get(conn, ~p"/")

    {_header_name, header_value} = List.keyfind(conn.resp_headers, "www-authenticate", 0)
    assert conn.status == 401
    assert header_value =~ "Basic"

It’s perfect! Thank you :smiley: