Merge branch 'fix/public-timeline-auth' into 'develop'

Fix Twitter timelines for private instances

See merge request !602

lib/pleroma/web/twitter_api/twitter_api_controller.ex

@@ -662,7 +662,7 @@ defp forbidden_json_reply(conn, error_message) do
     json_reply(conn, 403, json)
   end
 
-  def only_if_public_instance(conn = %{conn: %{assigns: %{user: _user}}}, _), do: conn
+  def only_if_public_instance(%{assigns: %{user: %User{}}} = conn, _), do: conn
 
   def only_if_public_instance(conn, _) do
     if Keyword.get(Application.get_env(:pleroma, :instance), :public) do

test/web/twitter_api/twitter_api_controller_test.exs

@@ -112,6 +112,8 @@ test "with credentials", %{conn: conn, user: user} do
   end
 
   describe "GET /statuses/public_timeline.json" do
+    setup [:valid_user]
+
     test "returns statuses", %{conn: conn} do
       user = insert(:user)
       activities = ActivityBuilder.insert_list(30, %{}, %{user: user})
@@ -145,14 +147,44 @@ test "returns 403 to unauthenticated request when the instance is not public", %
       Application.put_env(:pleroma, :instance, instance)
     end
 
+    test "returns 200 to authenticated request when the instance is not public",
+         %{conn: conn, user: user} do
+      instance =
+        Application.get_env(:pleroma, :instance)
+        |> Keyword.put(:public, false)
+
+      Application.put_env(:pleroma, :instance, instance)
+
+      conn
+      |> with_credentials(user.nickname, "test")
+      |> get("/api/statuses/public_timeline.json")
+      |> json_response(200)
+
+      instance =
+        Application.get_env(:pleroma, :instance)
+        |> Keyword.put(:public, true)
+
+      Application.put_env(:pleroma, :instance, instance)
+    end
+
     test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
       conn
       |> get("/api/statuses/public_timeline.json")
       |> json_response(200)
     end
+
+    test "returns 200 to authenticated request when the instance is public",
+         %{conn: conn, user: user} do
+      conn
+      |> with_credentials(user.nickname, "test")
+      |> get("/api/statuses/public_timeline.json")
+      |> json_response(200)
+    end
   end
 
   describe "GET /statuses/public_and_external_timeline.json" do
+    setup [:valid_user]
+
     test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
       instance =
         Application.get_env(:pleroma, :instance)
@@ -171,11 +203,39 @@ test "returns 403 to unauthenticated request when the instance is not public", %
       Application.put_env(:pleroma, :instance, instance)
     end
 
+    test "returns 200 to authenticated request when the instance is not public",
+         %{conn: conn, user: user} do
+      instance =
+        Application.get_env(:pleroma, :instance)
+        |> Keyword.put(:public, false)
+
+      Application.put_env(:pleroma, :instance, instance)
+
+      conn
+      |> with_credentials(user.nickname, "test")
+      |> get("/api/statuses/public_and_external_timeline.json")
+      |> json_response(200)
+
+      instance =
+        Application.get_env(:pleroma, :instance)
+        |> Keyword.put(:public, true)
+
+      Application.put_env(:pleroma, :instance, instance)
+    end
+
     test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
       conn
       |> get("/api/statuses/public_and_external_timeline.json")
       |> json_response(200)
     end
+
+    test "returns 200 to authenticated request when the instance is public",
+         %{conn: conn, user: user} do
+      conn
+      |> with_credentials(user.nickname, "test")
+      |> get("/api/statuses/public_and_external_timeline.json")
+      |> json_response(200)
+    end
   end
 
   describe "GET /statuses/show/:id.json" do