Tests to validate client disclosure obeys user setting

2021-02-18 17:23:17 -06:00 · 2021-02-18 17:23:17 -06:00 · 63739c5a58
commit 63739c5a58
parent 83301fe61a
2 changed files with 27 additions and 5 deletions
--- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
@ -420,9 +420,13 @@ def bookmarks(%{assigns: %{user: user}} = conn, params) do
    )
  end

-  defp put_application(params, %{assigns: %{token: %Token{} = token}} = _conn) do
-    %{client_name: client_name, website: website} = Repo.preload(token, :app).app
-    Map.put(params, :application, %{name: client_name, website: website})
+  defp put_application(params, %{assigns: %{token: %Token{user: %User{} = user} = token}} = _conn) do
+    if user.disclose_client do
+      %{client_name: client_name, website: website} = Repo.preload(token, :app).app
+      Map.put(params, :application, %{name: client_name, website: website})
+    else
+      Map.put(params, :application, nil)
+    end
  end

  defp put_application(params, _), do: Map.put(params, :application, nil)
--- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
@ -358,8 +358,9 @@ test "posting a direct status", %{conn: conn} do
      assert activity.data["cc"] == []
    end

-    test "preserves client application metadata" do
-      %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"])
+    test "discloses application metadata when enabled" do
+      user = insert(:user, disclose_client: true)
+      %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"], user: user)

      %Pleroma.Web.OAuth.Token{
        app: %Pleroma.Web.OAuth.App{
@ -383,6 +384,23 @@ test "preserves client application metadata" do
               }
             } = json_response_and_validate_schema(result, 200)
    end
+
+    test "hides application metadata when disabled" do
+      user = insert(:user, disclose_client: false)
+      %{user: _user, token: _token, conn: conn} = oauth_access(["write:statuses"], user: user)
+
+      result =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/statuses", %{
+          "status" => "club mate is my wingman"
+        })
+
+      assert %{
+               "content" => "club mate is my wingman",
+               "application" => nil
+             } = json_response_and_validate_schema(result, 200)
+    end
  end

  describe "posting scheduled statuses" do