+ describe "get_topic/_ (unauthenticated)" do
+ test "allows public" do
+ assert {:ok, "public"} = Streamer.get_topic("public", nil, nil)
+ assert {:ok, "public:local"} = Streamer.get_topic("public:local", nil, nil)
+ assert {:ok, "public:media"} = Streamer.get_topic("public:media", nil, nil)
+ assert {:ok, "public:local:media"} = Streamer.get_topic("public:local:media", nil, nil)
+ end
+
+ test "allows hashtag streams" do
+ assert {:ok, "hashtag:cofe"} = Streamer.get_topic("hashtag", nil, nil, %{"tag" => "cofe"})
+ end
+
+ test "disallows user streams" do
+ assert {:error, _} = Streamer.get_topic("user", nil, nil)
+ assert {:error, _} = Streamer.get_topic("user:notification", nil, nil)
+ assert {:error, _} = Streamer.get_topic("direct", nil, nil)
+ end
+
+ test "disallows list streams" do
+ assert {:error, _} = Streamer.get_topic("list", nil, nil, %{"list" => 42})
+ end
+ end
+
+ describe "get_topic/_ (authenticated)" do
+ setup do: oauth_access(["read"])
+
+ test "allows public streams (regardless of OAuth token scopes)", %{
+ user: user,
+ token: read_oauth_token
+ } do
+ with oauth_token <- [nil, read_oauth_token] do
+ assert {:ok, "public"} = Streamer.get_topic("public", user, oauth_token)
+ assert {:ok, "public:local"} = Streamer.get_topic("public:local", user, oauth_token)
+ assert {:ok, "public:media"} = Streamer.get_topic("public:media", user, oauth_token)
+
+ assert {:ok, "public:local:media"} =
+ Streamer.get_topic("public:local:media", user, oauth_token)
+ end
+ end
+
+ test "allows user streams (with proper OAuth token scopes)", %{
+ user: user,
+ token: read_oauth_token
+ } do
+ %{token: read_notifications_token} = oauth_access(["read:notifications"], user: user)
+ %{token: read_statuses_token} = oauth_access(["read:statuses"], user: user)
+ %{token: badly_scoped_token} = oauth_access(["irrelevant:scope"], user: user)
+
+ expected_user_topic = "user:#{user.id}"
+ expected_notification_topic = "user:notification:#{user.id}"
+ expected_direct_topic = "direct:#{user.id}"
+ expected_pleroma_chat_topic = "user:pleroma_chat:#{user.id}"
+
+ for valid_user_token <- [read_oauth_token, read_statuses_token] do
+ assert {:ok, ^expected_user_topic} = Streamer.get_topic("user", user, valid_user_token)
+
+ assert {:ok, ^expected_direct_topic} =
+ Streamer.get_topic("direct", user, valid_user_token)
+
+ assert {:ok, ^expected_pleroma_chat_topic} =
+ Streamer.get_topic("user:pleroma_chat", user, valid_user_token)
+ end
+
+ for invalid_user_token <- [read_notifications_token, badly_scoped_token],
+ user_topic <- ["user", "direct", "user:pleroma_chat"] do
+ assert {:error, :unauthorized} = Streamer.get_topic(user_topic, user, invalid_user_token)
+ end
+
+ for valid_notification_token <- [read_oauth_token, read_notifications_token] do
+ assert {:ok, ^expected_notification_topic} =
+ Streamer.get_topic("user:notification", user, valid_notification_token)
+ end
+
+ for invalid_notification_token <- [read_statuses_token, badly_scoped_token] do
+ assert {:error, :unauthorized} =
+ Streamer.get_topic("user:notification", user, invalid_notification_token)
+ end
+ end
+
+ test "allows hashtag streams (regardless of OAuth token scopes)", %{
+ user: user,
+ token: read_oauth_token
+ } do
+ for oauth_token <- [nil, read_oauth_token] do
+ assert {:ok, "hashtag:cofe"} =
+ Streamer.get_topic("hashtag", user, oauth_token, %{"tag" => "cofe"})
+ end
+ end
+
+ test "disallows registering to another user's stream", %{user: user, token: read_oauth_token} do
+ another_user = insert(:user)
+ assert {:error, _} = Streamer.get_topic("user:#{another_user.id}", user, read_oauth_token)
+
+ assert {:error, _} =
+ Streamer.get_topic("user:notification:#{another_user.id}", user, read_oauth_token)
+
+ assert {:error, _} = Streamer.get_topic("direct:#{another_user.id}", user, read_oauth_token)
+ end
+
+ test "allows list stream that are owned by the user (with `read` or `read:lists` scopes)", %{
+ user: user,
+ token: read_oauth_token
+ } do
+ %{token: read_lists_token} = oauth_access(["read:lists"], user: user)
+ %{token: invalid_token} = oauth_access(["irrelevant:scope"], user: user)
+ {:ok, list} = List.create("Test", user)
+
+ assert {:error, _} = Streamer.get_topic("list:#{list.id}", user, read_oauth_token)
+
+ for valid_token <- [read_oauth_token, read_lists_token] do
+ assert {:ok, _} = Streamer.get_topic("list", user, valid_token, %{"list" => list.id})
+ end
+
+ assert {:error, _} = Streamer.get_topic("list", user, invalid_token, %{"list" => list.id})
+ end
+
+ test "disallows list stream that are not owned by the user", %{user: user, token: oauth_token} do
+ another_user = insert(:user)
+ {:ok, list} = List.create("Test", another_user)
+
+ assert {:error, _} = Streamer.get_topic("list:#{list.id}", user, oauth_token)
+ assert {:error, _} = Streamer.get_topic("list", user, oauth_token, %{"list" => list.id})
+ end
+ end
+