diff options
| author | Ivan Tashkinov <ivantashkinov@gmail.com> | 2019-02-20 12:27:28 +0300 |
|---|---|---|
| committer | Ivan Tashkinov <ivantashkinov@gmail.com> | 2019-02-20 12:27:28 +0300 |
| commit | 337367d764dda8947eb0369f31da641c045dd3b0 (patch) | |
| tree | d3761a81ad29e531005d3c43514baf0d8e2099f4 /test/web/twitter_api | |
| parent | 04ee877a20a849db53a307a1736e635229129b7a (diff) | |
| download | pleroma-337367d764dda8947eb0369f31da641c045dd3b0.tar.gz | |
[#468] More OAuth scopes-specific tests.
Diffstat (limited to 'test/web/twitter_api')
| -rw-r--r-- | test/web/twitter_api/twitter_api_controller_test.exs | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index 27b1e878c..05a832967 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -14,6 +14,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do alias Pleroma.Notification alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.OAuth.Token + alias Pleroma.Web.TwitterAPI.Controller alias Pleroma.Web.TwitterAPI.UserView alias Pleroma.Web.TwitterAPI.NotificationView alias Pleroma.Web.CommonAPI @@ -22,6 +23,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do alias Ecto.Changeset import Pleroma.Factory + import Mock @banner "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7" @@ -187,6 +189,20 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do |> get("/api/statuses/public_timeline.json") |> json_response(200) end + + test_with_mock "treats user as unauthenticated if `assigns[:token]` is present but lacks `read` permission", + Controller, + [:passthrough], + [] do + token = insert(:oauth_token, scopes: ["write"]) + + build_conn() + |> put_req_header("authorization", "Bearer #{token.token}") + |> get("/api/statuses/public_timeline.json") + |> json_response(200) + + assert called(Controller.public_timeline(%{assigns: %{user: nil}}, :_)) + end end describe "GET /statuses/public_and_external_timeline.json" do |