diff options
| author | Ivan Tashkinov <ivantashkinov@gmail.com> | 2019-09-15 18:22:08 +0300 |
|---|---|---|
| committer | Ivan Tashkinov <ivantashkinov@gmail.com> | 2019-09-15 18:22:08 +0300 |
| commit | e6f43a831bdd2a381ed4de493344886f312f9a38 (patch) | |
| tree | a6d0614a5cfba0f9f28bfeff343158a7f658fbe2 /test | |
| parent | b63faf9819c2c49d2e9b63e7f37136eb03d8b4e8 (diff) | |
| download | pleroma-e6f43a831bdd2a381ed4de493344886f312f9a38.tar.gz | |
[#1234] Permissions-related fixes / new functionality (Masto 2.4.3 scopes).
Diffstat (limited to 'test')
| -rw-r--r-- | test/support/factory.ex | 1 | ||||
| -rw-r--r-- | test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs | 5 | ||||
| -rw-r--r-- | test/web/oauth/oauth_controller_test.exs | 6 |
3 files changed, 7 insertions, 5 deletions
diff --git a/test/support/factory.ex b/test/support/factory.ex index 719115003..c14c8ddb3 100644 --- a/test/support/factory.ex +++ b/test/support/factory.ex @@ -283,6 +283,7 @@ defmodule Pleroma.Factory do %Pleroma.Web.OAuth.Token{ token: :crypto.strong_rand_bytes(32) |> Base.url_encode64(), + scopes: ["read"], refresh_token: :crypto.strong_rand_bytes(32) |> Base.url_encode64(), user: build(:user), app_id: oauth_app.id, diff --git a/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs b/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs index 87ee82050..1680ec122 100644 --- a/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs +++ b/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs @@ -257,7 +257,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do assert user_response["pleroma"]["background_image"] end - test "requires 'write' permission", %{conn: conn} do + test "requires 'write:accounts' permission", %{conn: conn} do token1 = insert(:oauth_token, scopes: ["read"]) token2 = insert(:oauth_token, scopes: ["write", "follow"]) @@ -268,7 +268,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do |> patch("/api/v1/accounts/update_credentials", %{}) if token == token1 do - assert %{"error" => "Insufficient permissions: write."} == json_response(conn, 403) + assert %{"error" => "Insufficient permissions: write:accounts."} == + json_response(conn, 403) else assert json_response(conn, 200) end diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs index b492c7794..e919ea112 100644 --- a/test/web/oauth/oauth_controller_test.exs +++ b/test/web/oauth/oauth_controller_test.exs @@ -556,7 +556,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do "password" => "test", "client_id" => app.client_id, "redirect_uri" => redirect_uri, - "scope" => "read write", + "scope" => "read:subscope write", "state" => "statepassed" } }) @@ -569,7 +569,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do assert %{"state" => "statepassed", "code" => code} = query auth = Repo.get_by(Authorization, token: code) assert auth - assert auth.scopes == ["read", "write"] + assert auth.scopes == ["read:subscope", "write"] end test "returns 401 for wrong credentials", %{conn: conn} do @@ -626,7 +626,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do assert result =~ "This action is outside the authorized scopes" end - test "returns 401 for scopes beyond app scopes", %{conn: conn} do + test "returns 401 for scopes beyond app scopes hierarchy", %{conn: conn} do user = insert(:user) app = insert(:oauth_app, scopes: ["read", "write"]) redirect_uri = OAuthController.default_redirect_uri(app) |