From 1e3791877caa15cc6ef5873c747a4a466ba6cbd4 Mon Sep 17 00:00:00 2001 From: dtluna Date: Sun, 23 Apr 2017 19:08:25 +0300 Subject: [PATCH 1/3] Add error response on empty status --- .../web/twitter_api/twitter_api_controller.ex | 24 +++++++++++++++---- .../twitter_api_controller_test.exs | 16 +++++++++---- 2 files changed, 31 insertions(+), 9 deletions(-) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 8ea54852d..2ea45603a 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -12,13 +12,25 @@ def verify_credentials(%{assigns: %{user: user}} = conn, _params) do |> json_reply(200, response) end - def status_update(%{assigns: %{user: user}} = conn, status_data) do + def status_update(conn, %{"status" => ""} = _status_data) do + empty_status_reply(conn) + end + + def status_update(%{assigns: %{user: user}} = conn, %{"status" => _status_text} = status_data) do media_ids = extract_media_ids(status_data) {:ok, activity} = TwitterAPI.create_status(user, Map.put(status_data, "media_ids", media_ids )) conn |> json_reply(200, ActivityRepresenter.to_json(activity, %{user: user})) end + def status_update(conn, _status_data) do + empty_status_reply(conn) + end + + defp empty_status_reply(conn) do + bad_request_reply(conn, "Client must provide a 'status' parameter with a value.") + end + defp extract_media_ids(status_data) do with media_ids when not is_nil(media_ids) <- status_data["media_ids"], split_ids <- String.split(media_ids, ","), @@ -183,7 +195,7 @@ def update_avatar(%{assigns: %{user: user}} = conn, params) do end defp bad_request_reply(conn, error_message) do - json = Poison.encode!(%{"error" => error_message}) + json = error_json(conn, error_message) json_reply(conn, 400, json) end @@ -194,9 +206,11 @@ defp json_reply(conn, status, json) do end defp forbidden_json_reply(conn, error_message) do - json = %{"error" => error_message, "request" => conn.request_path} - |> Poison.encode! - + json = error_json(conn, error_message) json_reply(conn, 403, json) end + + defp error_json(conn, error_message) do + %{"error" => error_message, "request" => conn.request_path} |> Poison.encode! + end end diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index 0761d0566..0bd27c8c7 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -31,10 +31,18 @@ test "without valid credentials", %{conn: conn} do end test "with credentials", %{conn: conn, user: user} do - conn = conn - |> with_credentials(user.nickname, "test") - |> post("/api/statuses/update.json", %{ status: "Nice meme." }) + conn_with_creds = conn |> with_credentials(user.nickname, "test") + request_path = "/api/statuses/update.json" + error_response = %{"request" => request_path, + "error" => "Client must provide a 'status' parameter with a value."} + conn = conn_with_creds |> post(request_path) + assert json_response(conn, 400) == error_response + + conn = conn_with_creds |> post(request_path, %{ status: "" }) + assert json_response(conn, 400) == error_response + + conn = conn_with_creds |> post(request_path, %{ status: "Nice meme." }) assert json_response(conn, 200) == ActivityRepresenter.to_map(Repo.one(Activity), %{user: user}) end end @@ -139,7 +147,7 @@ test "with credentials", %{conn: conn, user: current_user} do setup [:valid_user] test "without any params", %{conn: conn} do conn = get(conn, "/api/statuses/user_timeline.json") - assert json_response(conn, 400) == %{"error" => "You need to specify screen_name or user_id"} + assert json_response(conn, 400) == %{"error" => "You need to specify screen_name or user_id", "request" => "/api/statuses/user_timeline.json"} end test "with user_id", %{conn: conn} do From 5b6070ec404f83055db8c9be083b6d3a2a30df75 Mon Sep 17 00:00:00 2001 From: dtluna Date: Mon, 24 Apr 2017 12:09:11 +0300 Subject: [PATCH 2/3] Deny whitespace statuses --- .../web/twitter_api/twitter_api_controller.ex | 14 +++++++++----- .../twitter_api/twitter_api_controller_test.exs | 3 +++ 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 2ea45603a..4740c3a4c 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -16,11 +16,15 @@ def status_update(conn, %{"status" => ""} = _status_data) do empty_status_reply(conn) end - def status_update(%{assigns: %{user: user}} = conn, %{"status" => _status_text} = status_data) do - media_ids = extract_media_ids(status_data) - {:ok, activity} = TwitterAPI.create_status(user, Map.put(status_data, "media_ids", media_ids )) - conn - |> json_reply(200, ActivityRepresenter.to_json(activity, %{user: user})) + def status_update(%{assigns: %{user: user}} = conn, %{"status" => status_text} = status_data) do + if status_text |> String.trim |> String.length != 0 do + media_ids = extract_media_ids(status_data) + {:ok, activity} = TwitterAPI.create_status(user, Map.put(status_data, "media_ids", media_ids )) + conn + |> json_reply(200, ActivityRepresenter.to_json(activity, %{user: user})) + else + empty_status_reply(conn) + end end def status_update(conn, _status_data) do diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index 0bd27c8c7..766268ce9 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -42,6 +42,9 @@ test "with credentials", %{conn: conn, user: user} do conn = conn_with_creds |> post(request_path, %{ status: "" }) assert json_response(conn, 400) == error_response + conn = conn_with_creds |> post(request_path, %{ status: " " }) + assert json_response(conn, 400) == error_response + conn = conn_with_creds |> post(request_path, %{ status: "Nice meme." }) assert json_response(conn, 200) == ActivityRepresenter.to_map(Repo.one(Activity), %{user: user}) end From a25adfbfeedb049f44bb05275ce1040ed00a4ad2 Mon Sep 17 00:00:00 2001 From: Roger Braun Date: Tue, 25 Apr 2017 11:33:32 +0200 Subject: [PATCH 3/3] Remove superflous function. --- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index f80b66858..d9ff7e530 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -12,10 +12,6 @@ def verify_credentials(%{assigns: %{user: user}} = conn, _params) do |> json_reply(200, response) end - def status_update(conn, %{"status" => ""} = _status_data) do - empty_status_reply(conn) - end - def status_update(%{assigns: %{user: user}} = conn, %{"status" => status_text} = status_data) do if status_text |> String.trim |> String.length != 0 do media_ids = extract_media_ids(status_data)