Merge branch 'fix/public-option-not-working' into 'develop'

Fix public option not working Closes #873 See merge request pleroma/pleroma!1143
2019-05-15 15:42:21 +00:00 · 2019-05-15 15:42:21 +00:00 · 62516be9c4
parent 4440e23547 70c81b95d0
commit 62516be9c4
4 changed files with 108 additions and 7 deletions
--- a/lib/pleroma/plugs/ensure_public_or_authenticated_plug.ex
+++ b/lib/pleroma/plugs/ensure_public_or_authenticated_plug.ex
@ -0,0 +1,31 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug do
+  import Plug.Conn
+  alias Pleroma.Config
+  alias Pleroma.User
+
+  def init(options) do
+    options
+  end
+
+  def call(conn, _) do
+    public? = Config.get!([:instance, :public])
+
+    case {public?, conn} do
+      {true, _} ->
+        conn
+
+      {false, %{assigns: %{user: %User{}}}} ->
+        conn
+
+      {false, _} ->
+        conn
+        |> put_resp_content_type("application/json")
+        |> send_resp(403, Jason.encode!(%{error: "This resource requires authentication."}))
+        |> halt
+    end
+  end
+end
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -84,11 +84,13 @@ defmodule Pleroma.Web.Router do
    plug(Pleroma.Plugs.EnsureUserKeyPlug)
  end

-  pipeline :oauth_read_or_unauthenticated do
+  pipeline :oauth_read_or_public do
    plug(Pleroma.Plugs.OAuthScopesPlug, %{
      scopes: ["read"],
      fallback: :proceed_unauthenticated
    })
+
+    plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
  end

  pipeline :oauth_read do
@ -404,7 +406,7 @@ defmodule Pleroma.Web.Router do
    get("/accounts/search", MastodonAPIController, :account_search)

    scope [] do
-      pipe_through(:oauth_read_or_unauthenticated)
+      pipe_through(:oauth_read_or_public)

      get("/timelines/public", MastodonAPIController, :public_timeline)
      get("/timelines/tag/:tag", MastodonAPIController, :hashtag_timeline)
@ -425,7 +427,7 @@ defmodule Pleroma.Web.Router do
  end

  scope "/api/v2", Pleroma.Web.MastodonAPI do
-    pipe_through([:api, :oauth_read_or_unauthenticated])
+    pipe_through([:api, :oauth_read_or_public])
    get("/search", MastodonAPIController, :search2)
  end

@ -455,7 +457,7 @@ defmodule Pleroma.Web.Router do
    )

    scope [] do
-      pipe_through(:oauth_read_or_unauthenticated)
+      pipe_through(:oauth_read_or_public)

      get("/statuses/user_timeline", TwitterAPI.Controller, :user_timeline)
      get("/qvitter/statuses/user_timeline", TwitterAPI.Controller, :user_timeline)
@ -473,7 +475,7 @@ defmodule Pleroma.Web.Router do
  end

  scope "/api", Pleroma.Web do
-    pipe_through([:api, :oauth_read_or_unauthenticated])
+    pipe_through([:api, :oauth_read_or_public])

    get("/statuses/public_timeline", TwitterAPI.Controller, :public_timeline)

@ -487,7 +489,7 @@ defmodule Pleroma.Web.Router do
  end

  scope "/api", Pleroma.Web, as: :twitter_api_search do
-    pipe_through([:api, :oauth_read_or_unauthenticated])
+    pipe_through([:api, :oauth_read_or_public])
    get("/pleroma/search_user", TwitterAPI.Controller, :search_user)
  end

@ -671,7 +673,7 @@ defmodule Pleroma.Web.Router do
    delete("/auth/sign_out", MastodonAPIController, :logout)

    scope [] do
-      pipe_through(:oauth_read_or_unauthenticated)
+      pipe_through(:oauth_read_or_public)
      get("/web/*path", MastodonAPIController, :index)
    end
  end
--- a/test/plugs/ensure_public_or_authenticated_plug_test.exs
+++ b/test/plugs/ensure_public_or_authenticated_plug_test.exs
@ -0,0 +1,55 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Plugs.EnsurePublicOrAuthenticatedPlugTest do
+  use Pleroma.Web.ConnCase, async: true
+
+  alias Pleroma.Config
+  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
+  alias Pleroma.User
+
+  test "it halts if not public and no user is assigned", %{conn: conn} do
+    set_public_to(false)
+
+    conn =
+      conn
+      |> EnsurePublicOrAuthenticatedPlug.call(%{})
+
+    assert conn.status == 403
+    assert conn.halted == true
+  end
+
+  test "it continues if public", %{conn: conn} do
+    set_public_to(true)
+
+    ret_conn =
+      conn
+      |> EnsurePublicOrAuthenticatedPlug.call(%{})
+
+    assert ret_conn == conn
+  end
+
+  test "it continues if a user is assigned, even if not public", %{conn: conn} do
+    set_public_to(false)
+
+    conn =
+      conn
+      |> assign(:user, %User{})
+
+    ret_conn =
+      conn
+      |> EnsurePublicOrAuthenticatedPlug.call(%{})
+
+    assert ret_conn == conn
+  end
+
+  defp set_public_to(value) do
+    orig = Config.get!([:instance, :public])
+    Config.put([:instance, :public], value)
+
+    on_exit(fn ->
+      Config.put([:instance, :public], orig)
+    end)
+  end
+end
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@ -81,6 +81,19 @@ test "the public timeline", %{conn: conn} do
    end)
  end

+  test "the public timeline when public is set to false", %{conn: conn} do
+    public = Pleroma.Config.get([:instance, :public])
+    Pleroma.Config.put([:instance, :public], false)
+
+    on_exit(fn ->
+      Pleroma.Config.put([:instance, :public], public)
+    end)
+
+    assert conn
+           |> get("/api/v1/timelines/public", %{"local" => "False"})
+           |> json_response(403) == %{"error" => "This resource requires authentication."}
+  end
+
  test "posting a status", %{conn: conn} do
    user = insert(:user)