Merge remote-tracking branch 'pleroma/develop' into bugfix/apc2s_upload_activity

[akkoma] / test / web / twitter_api / remote_follow_controller_test.exs

diff --git a/test/web/twitter_api/remote_follow_controller_test.exs b/test/web/twitter_api/remote_follow_controller_test.exs
index 3f26a889db0a539ebcee96eedc3f7893104bc767..73062f18fee0c1f726dfde99690ed24f6f7653fd 100644 (file)
--- a/test/web/twitter_api/remote_follow_controller_test.exs
+++ b/test/web/twitter_api/remote_follow_controller_test.exs
@@ -1,12 +1,14 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.TwitterAPI.RemoteFollowControllerTest do
   use Pleroma.Web.ConnCase
 
+  alias Pleroma.Config
   alias Pleroma.User
   alias Pleroma.Web.CommonAPI
+
   import ExUnit.CaptureLog
   import Pleroma.Factory
 
@@ -15,6 +17,10 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowControllerTest do
     :ok
   end
 
+  clear_config_all([:instance, :federating]) do
+    Config.put([:instance, :federating], true)
+  end
+
   clear_config([:instance])
   clear_config([:frontend_configurations, :pleroma_fe])
   clear_config([:user, :deny_follow_blocked])
@@ -70,19 +76,35 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowControllerTest do
     end
   end
 
-  describe "POST /ostatus_subscribe - do_remote_follow/2 with assigned user " do
+  describe "POST /ostatus_subscribe - do_follow/2 with assigned user " do
+    test "required `follow | write:follows` scope", %{conn: conn} do
+      user = insert(:user)
+      user2 = insert(:user)
+      read_token = insert(:oauth_token, user: user, scopes: ["read"])
+
+      assert capture_log(fn ->
+               response =
+                 conn
+                 |> assign(:user, user)
+                 |> assign(:token, read_token)
+                 |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => user2.id}})
+                 |> response(200)
+
+               assert response =~ "Error following account"
+             end) =~ "Insufficient permissions: follow | write:follows."
+    end
+
     test "follows user", %{conn: conn} do
       user = insert(:user)
       user2 = insert(:user)
 
-      response =
+      conn =
         conn
         |> assign(:user, user)
+        |> assign(:token, insert(:oauth_token, user: user, scopes: ["write:follows"]))
         |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => user2.id}})
-        |> response(200)
 
-      assert response =~ "Account followed!"
-      assert user2.follower_address in User.following(user)
+      assert redirected_to(conn) == "/users/#{user2.id}"
     end
 
     test "returns error when user is deactivated", %{conn: conn} do
@@ -131,29 +153,28 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowControllerTest do
       user2 = insert(:user)
       {:ok, _, _, _} = CommonAPI.follow(user, user2)
 
-      response =
+      conn =
         conn
         |> assign(:user, refresh_record(user))
+        |> assign(:token, insert(:oauth_token, user: user, scopes: ["write:follows"]))
         |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => user2.id}})
-        |> response(200)
 
-      assert response =~ "Account followed!"
+      assert redirected_to(conn) == "/users/#{user2.id}"
     end
   end
 
-  describe "POST /ostatus_subscribe - do_remote_follow/2 without assigned user " do
+  describe "POST /ostatus_subscribe - follow/2 without assigned user " do
     test "follows", %{conn: conn} do
       user = insert(:user)
       user2 = insert(:user)
 
-      response =
+      conn =
         conn
         |> post(remote_follow_path(conn, :do_follow), %{
           "authorization" => %{"name" => user.nickname, "password" => "test", "id" => user2.id}
         })
-        |> response(200)
 
-      assert response =~ "Account followed!"
+      assert redirected_to(conn) == "/users/#{user2.id}"
       assert user2.follower_address in User.following(user)
     end