diff options
| author | Tusooa Zhu <tusooa@kazv.moe> | 2022-04-02 02:25:13 -0400 |
|---|---|---|
| committer | Tusooa Zhu <tusooa@kazv.moe> | 2022-04-02 02:25:13 -0400 |
| commit | 7d1dae3befbecbeeb72768afe4f5a23a59ba4f05 (patch) | |
| tree | 4d59e26cf8a3c8ca0e820a4a579aa2312e155412 /test | |
| parent | 0c78ab4a88d59358a0a5e24a76cbb4cdb2c2d402 (diff) | |
| download | pleroma-7d1dae3befbecbeeb72768afe4f5a23a59ba4f05.tar.gz pleroma-7d1dae3befbecbeeb72768afe4f5a23a59ba4f05.zip | |
Restrict mastodon api announcements to logged-in users only
Diffstat (limited to 'test')
| -rw-r--r-- | test/pleroma/web/mastodon_api/controllers/announcement_controller_test.exs | 43 |
1 files changed, 31 insertions, 12 deletions
diff --git a/test/pleroma/web/mastodon_api/controllers/announcement_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/announcement_controller_test.exs index 3957cc3ed..60c9978c2 100644 --- a/test/pleroma/web/mastodon_api/controllers/announcement_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/announcement_controller_test.exs @@ -11,19 +11,40 @@ defmodule Pleroma.Web.MastodonAPI.AnnouncementControllerTest do alias Pleroma.AnnouncementReadRelationship describe "GET /api/v1/announcements" do - test "it lists all announcements" do + setup do + %{conn: conn} = oauth_access([]) + {:ok, conn: conn} + end + + test "it does not allow guests", %{conn: conn} do + _response = + conn + |> assign(:token, nil) + |> get("/api/v1/announcements") + |> json_response_and_validate_schema(:forbidden) + end + + test "it allows users with scopes" do + %{conn: conn} = oauth_access(["read:accounts"]) + + _response = + conn + |> get("/api/v1/announcements") + |> json_response_and_validate_schema(:ok) + end + + test "it lists all announcements", %{conn: conn} do %{id: id} = insert(:announcement) response = - build_conn() + conn |> get("/api/v1/announcements") |> json_response_and_validate_schema(:ok) assert [%{"id" => ^id}] = response - refute Map.has_key?(Enum.at(response, 0), "read") end - test "it returns time with utc timezone" do + test "it returns time with utc timezone", %{conn: conn} do start_time = NaiveDateTime.utc_now() |> NaiveDateTime.add(-999_999, :second) @@ -37,7 +58,7 @@ defmodule Pleroma.Web.MastodonAPI.AnnouncementControllerTest do %{id: id} = insert(:announcement, %{starts_at: start_time, ends_at: end_time}) response = - build_conn() + conn |> get("/api/v1/announcements") |> json_response_and_validate_schema(:ok) @@ -47,35 +68,33 @@ defmodule Pleroma.Web.MastodonAPI.AnnouncementControllerTest do assert String.ends_with?(announcement["ends_at"], "Z") end - test "it does not list announcements starting after current time" do + test "it does not list announcements starting after current time", %{conn: conn} do time = NaiveDateTime.utc_now() |> NaiveDateTime.add(999_999, :second) insert(:announcement, starts_at: time) response = - build_conn() + conn |> get("/api/v1/announcements") |> json_response_and_validate_schema(:ok) assert [] = response end - test "it does not list announcements ending before current time" do + test "it does not list announcements ending before current time", %{conn: conn} do time = NaiveDateTime.utc_now() |> NaiveDateTime.add(-999_999, :second) insert(:announcement, ends_at: time) response = - build_conn() + conn |> get("/api/v1/announcements") |> json_response_and_validate_schema(:ok) assert [] = response end - test "when authenticated, also expose read property" do + test "when authenticated, also expose read property", %{conn: conn} do %{id: id} = insert(:announcement) - %{conn: conn} = oauth_access(["read:accounts"]) - response = conn |> get("/api/v1/announcements") |