diff options
| author | rinpatch <rinpatch@sdf.org> | 2019-09-14 12:34:21 +0000 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2019-09-14 12:34:21 +0000 |
| commit | 90b0bd3984c15b25fde5ae29e23b97a38071fb36 (patch) | |
| tree | 32d6ba80629b8a6731c4bf290839f9ac4606d887 /test | |
| parent | 53a3ad60435d4f7eab2dbf1235e5974bac275aa0 (diff) | |
| parent | dca545bb0d375601f0b5c355bc2320dacd001363 (diff) | |
| download | pleroma-90b0bd3984c15b25fde5ae29e23b97a38071fb36.tar.gz | |
Merge branch 'backport/fav-reblog-access-control' into 'maint/1.1'
Backport/fav reblog access control
See merge request pleroma/pleroma!1669
Diffstat (limited to 'test')
| -rw-r--r-- | test/web/mastodon_api/mastodon_api_controller_test.exs | 53 |
1 files changed, 51 insertions, 2 deletions
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index f4902d043..24e5785c0 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -3698,7 +3698,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do build_conn() |> assign(:user, user) - [conn: conn, activity: activity] + [conn: conn, activity: activity, user: user] end test "returns users who have favorited the status", %{conn: conn, activity: activity} do @@ -3758,6 +3758,32 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do [%{"id" => id}] = response assert id == other_user.id end + + test "requires authentification for private posts", %{conn: conn, user: user} do + other_user = insert(:user) + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => "@#{other_user.nickname} wanna get some #cofe together?", + "visibility" => "direct" + }) + + {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) + + conn + |> assign(:user, nil) + |> get("/api/v1/statuses/#{activity.id}/favourited_by") + |> json_response(404) + + response = + build_conn() + |> assign(:user, other_user) + |> get("/api/v1/statuses/#{activity.id}/favourited_by") + |> json_response(200) + + [%{"id" => id}] = response + assert id == other_user.id + end end describe "GET /api/v1/statuses/:id/reblogged_by" do @@ -3769,7 +3795,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do build_conn() |> assign(:user, user) - [conn: conn, activity: activity] + [conn: conn, activity: activity, user: user] end test "returns users who have reblogged the status", %{conn: conn, activity: activity} do @@ -3829,6 +3855,29 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do [%{"id" => id}] = response assert id == other_user.id end + + test "requires authentification for private posts", %{conn: conn, user: user} do + other_user = insert(:user) + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => "@#{other_user.nickname} wanna get some #cofe together?", + "visibility" => "direct" + }) + + conn + |> assign(:user, nil) + |> get("/api/v1/statuses/#{activity.id}/reblogged_by") + |> json_response(404) + + response = + build_conn() + |> assign(:user, other_user) + |> get("/api/v1/statuses/#{activity.id}/reblogged_by") + |> json_response(200) + + assert [] == response + end end describe "POST /auth/password, with valid parameters" do |