summaryrefslogtreecommitdiff
path: root/test/web/twitter_api/twitter_api_controller_test.exs
diff options
context:
space:
mode:
Diffstat (limited to 'test/web/twitter_api/twitter_api_controller_test.exs')
-rw-r--r--test/web/twitter_api/twitter_api_controller_test.exs61
1 files changed, 55 insertions, 6 deletions
diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
index 1571ab68e..d18b65876 100644
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -14,6 +14,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
alias Pleroma.Notification
alias Pleroma.Web.ActivityPub.ActivityPub
alias Pleroma.Web.OAuth.Token
+ alias Pleroma.Web.TwitterAPI.Controller
alias Pleroma.Web.TwitterAPI.UserView
alias Pleroma.Web.TwitterAPI.NotificationView
alias Pleroma.Web.CommonAPI
@@ -22,6 +23,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
alias Ecto.Changeset
import Pleroma.Factory
+ import Mock
@banner "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"
@@ -187,6 +189,20 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
|> get("/api/statuses/public_timeline.json")
|> json_response(200)
end
+
+ test_with_mock "treats user as unauthenticated if `assigns[:token]` is present but lacks `read` permission",
+ Controller,
+ [:passthrough],
+ [] do
+ token = insert(:oauth_token, scopes: ["write"])
+
+ build_conn()
+ |> put_req_header("authorization", "Bearer #{token.token}")
+ |> get("/api/statuses/public_timeline.json")
+ |> json_response(200)
+
+ assert called(Controller.public_timeline(%{assigns: %{user: nil}}, :_))
+ end
end
describe "GET /statuses/public_and_external_timeline.json" do
@@ -411,7 +427,10 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
test "with credentials", %{conn: conn, user: current_user} do
{:ok, activity} =
- ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: current_user})
+ CommonAPI.post(current_user, %{
+ "status" => "why is tenshi eating a corndog so cute?",
+ "visibility" => "public"
+ })
conn =
conn
@@ -429,6 +448,23 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
mentioned: [current_user]
})
end
+
+ test "does not show DMs in mentions timeline", %{conn: conn, user: current_user} do
+ {:ok, _activity} =
+ CommonAPI.post(current_user, %{
+ "status" => "Have you guys ever seen how cute tenshi eating a corndog is?",
+ "visibility" => "direct"
+ })
+
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> get("/api/statuses/mentions.json")
+
+ response = json_response(conn, 200)
+
+ assert length(response) == 0
+ end
end
describe "GET /api/qvitter/statuses/notifications.json" do
@@ -654,7 +690,6 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
followed = Repo.get(User, followed.id)
refute User.ap_followers(followed) in current_user.following
- assert followed.info.follow_request_count == 1
assert json_response(conn, 200) ==
UserView.render("show.json", %{user: followed, for: current_user})
@@ -1690,6 +1725,24 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
assert [relationship] = json_response(conn, 200)
assert other_user.id == relationship["id"]
end
+
+ test "requires 'read' permission", %{conn: conn} do
+ token1 = insert(:oauth_token, scopes: ["write"])
+ token2 = insert(:oauth_token, scopes: ["read"])
+
+ for token <- [token1, token2] do
+ conn =
+ conn
+ |> put_req_header("authorization", "Bearer #{token.token}")
+ |> get("/api/pleroma/friend_requests")
+
+ if token == token1 do
+ assert %{"error" => "Insufficient permissions: read."} == json_response(conn, 403)
+ else
+ assert json_response(conn, 200)
+ end
+ end
+ end
end
describe "POST /api/pleroma/friendships/approve" do
@@ -1703,7 +1756,6 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
other_user = Repo.get(User, other_user.id)
assert User.following?(other_user, user) == false
- assert user.info.follow_request_count == 1
conn =
build_conn()
@@ -1715,7 +1767,6 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
assert relationship = json_response(conn, 200)
assert other_user.id == relationship["id"]
assert relationship["follows_you"] == true
- assert user.info.follow_request_count == 0
end
end
@@ -1730,7 +1781,6 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
other_user = Repo.get(User, other_user.id)
assert User.following?(other_user, user) == false
- assert user.info.follow_request_count == 1
conn =
build_conn()
@@ -1742,7 +1792,6 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
assert relationship = json_response(conn, 200)
assert other_user.id == relationship["id"]
assert relationship["follows_you"] == false
- assert user.info.follow_request_count == 0
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-28 15:19:31 +0000