+ refute conn.halted
+ refute conn.assigns[:user]
+
+ assert called(EnsurePublicOrAuthenticatedPlug.call(conn, :_))
+ end
+
+ test "if `token.scopes` doesn't fulfill specified 'all of' conditions, " <>
+ "clears `assigns[:user] and calls EnsurePublicOrAuthenticatedPlug",
+ %{conn: conn} do
+ token = insert(:oauth_token, scopes: ["read", "write"]) |> Repo.preload(:user)
+
+ conn =
+ conn
+ |> assign(:user, token.user)
+ |> assign(:token, token)
+ |> OAuthScopesPlug.call(%{
+ scopes: ["read", "follow"],
+ op: :&,
+ fallback: :proceed_unauthenticated
+ })
+
+ refute conn.halted
+ refute conn.assigns[:user]
+
+ assert called(EnsurePublicOrAuthenticatedPlug.call(conn, :_))
+ end
+
+ test "with :skip_instance_privacy_check option, " <>
+ "if `token.scopes` doesn't fulfill specified conditions, " <>
+ "clears `assigns[:user]` and does not call EnsurePublicOrAuthenticatedPlug",
+ %{conn: conn} do
+ token = insert(:oauth_token, scopes: ["read:statuses", "write"]) |> Repo.preload(:user)
+
+ conn =
+ conn
+ |> assign(:user, token.user)
+ |> assign(:token, token)
+ |> OAuthScopesPlug.call(%{
+ scopes: ["read"],
+ fallback: :proceed_unauthenticated,
+ skip_instance_privacy_check: true
+ })
+
+ refute conn.halted
+ refute conn.assigns[:user]
+
+ refute called(EnsurePublicOrAuthenticatedPlug.call(conn, :_))
+ end