[#468] More OAuth scopes-specific tests.

2019-02-20 12:27:28 +03:00 · 2019-02-20 12:27:28 +03:00 · 337367d764
commit 337367d764
parent 04ee877a20
2 changed files with 138 additions and 0 deletions
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@ -14,6 +14,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
  alias Pleroma.Notification
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.OAuth.Token
+  alias Pleroma.Web.TwitterAPI.Controller
  alias Pleroma.Web.TwitterAPI.UserView
  alias Pleroma.Web.TwitterAPI.NotificationView
  alias Pleroma.Web.CommonAPI
@ -22,6 +23,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
  alias Ecto.Changeset

  import Pleroma.Factory
+  import Mock

  @banner "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"

@ -187,6 +189,20 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
      |> get("/api/statuses/public_timeline.json")
      |> json_response(200)
    end
+
+    test_with_mock "treats user as unauthenticated if `assigns[:token]` is present but lacks `read` permission",
+                   Controller,
+                   [:passthrough],
+                   [] do
+      token = insert(:oauth_token, scopes: ["write"])
+
+      build_conn()
+      |> put_req_header("authorization", "Bearer #{token.token}")
+      |> get("/api/statuses/public_timeline.json")
+      |> json_response(200)
+
+      assert called(Controller.public_timeline(%{assigns: %{user: nil}}, :_))
+    end
  end

  describe "GET /statuses/public_and_external_timeline.json" do