[#468] Added OAuth scopes-specific tests.

2019-02-19 22:28:21 +03:00 · 2019-02-19 22:28:21 +03:00 · 04ee877a20
commit 04ee877a20
parent c0ecbf6669
6 changed files with 162 additions and 47 deletions
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@ -1536,6 +1536,24 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
      assert user_response = json_response(conn, 200)
      assert user_response["header"] != User.banner_url(user)
    end
+
+    test "requires 'write' permission", %{conn: conn} do
+      token1 = insert(:oauth_token, scopes: ["read"])
+      token2 = insert(:oauth_token, scopes: ["write", "follow"])
+
+      for token <- [token1, token2] do
+        conn =
+          conn
+          |> put_req_header("authorization", "Bearer #{token.token}")
+          |> patch("/api/v1/accounts/update_credentials", %{})
+
+        if token == token1 do
+          assert %{"error" => "Insufficient permissions: write."} == json_response(conn, 403)
+        else
+          assert json_response(conn, 200)
+        end
+      end
+    end
  end

  test "get instance information", %{conn: conn} do