X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=test%2Fweb%2Ftwitter_api%2Ftwitter_api_controller_test.exs;h=b64f416e32a75449f52ccd9ba89044081904a35b;hb=0f3e78addb4a88106120737f2eb603ec136d99f9;hp=3a035e298783024276f4e9abd9c5a09179486e06;hpb=8dc715b30bf310d040f72c0c01a5c668c3696b2a;p=akkoma

diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
index 3a035e298..b64f416e3 100644
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -77,7 +77,8 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
       conn = conn_with_creds |> post(request_path, %{status: " "})
       assert json_response(conn, 400) == error_response
 
-      conn = conn_with_creds |> post(request_path, %{status: "Nice meme."})
+      # we post with visibility private in order to avoid triggering relay
+      conn = conn_with_creds |> post(request_path, %{status: "Nice meme.", visibility: "private"})
 
       assert json_response(conn, 200) ==
                ActivityRepresenter.to_map(Repo.one(Activity), %{user: user})
@@ -99,6 +100,56 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
 
       assert length(response) == 10
     end
+
+    test "returns 403 to unauthenticated request when the instance is not public" do
+      instance =
+        Application.get_env(:pleroma, :instance)
+        |> Keyword.put(:public, false)
+
+      Application.put_env(:pleroma, :instance, instance)
+
+      conn
+      |> get("/api/statuses/public_timeline.json")
+      |> json_response(403)
+
+      instance =
+        Application.get_env(:pleroma, :instance)
+        |> Keyword.put(:public, true)
+
+      Application.put_env(:pleroma, :instance, instance)
+    end
+
+    test "returns 200 to unauthenticated request when the instance is public" do
+      conn
+      |> get("/api/statuses/public_timeline.json")
+      |> json_response(200)
+    end
+  end
+
+  describe "GET /statuses/public_and_external_timeline.json" do
+    test "returns 403 to unauthenticated request when the instance is not public" do
+      instance =
+        Application.get_env(:pleroma, :instance)
+        |> Keyword.put(:public, false)
+
+      Application.put_env(:pleroma, :instance, instance)
+
+      conn
+      |> get("/api/statuses/public_and_external_timeline.json")
+      |> json_response(403)
+
+      instance =
+        Application.get_env(:pleroma, :instance)
+        |> Keyword.put(:public, true)
+
+      Application.put_env(:pleroma, :instance, instance)
+    end
+
+    test "returns 200 to unauthenticated request when the instance is public" do
+      conn
+      |> get("/api/statuses/public_and_external_timeline.json")
+      |> json_response(200)
+    end
   end
 
   describe "GET /statuses/show/:id.json" do