From eacf61d823f8bc4398dee883aa86171ec4757fe9 Mon Sep 17 00:00:00 2001 From: Sadposter Date: Tue, 23 Jul 2019 15:02:18 +0100 Subject: [PATCH 1/7] fix unauthenticated req to favourited/rebloggd_by --- .../mastodon_api/mastodon_api_controller.ex | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index d660f3f05..ccebcd415 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -884,9 +884,12 @@ def favourited_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do %Object{data: %{"likes" => likes}} <- Object.normalize(object) do q = from(u in User, where: u.ap_id in ^likes) - users = - Repo.all(q) - |> Enum.filter(&(not User.blocks?(user, &1))) + users = Repo.all(q) + users = if is_nil(user) do + users + else + Enum.filter(users, &(not User.blocks?(user, &1))) + end conn |> put_view(AccountView) @@ -901,9 +904,12 @@ def reblogged_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do %Object{data: %{"announcements" => announces}} <- Object.normalize(object) do q = from(u in User, where: u.ap_id in ^announces) - users = - Repo.all(q) - |> Enum.filter(&(not User.blocks?(user, &1))) + users = Repo.all(q) + users = if is_nil(user) do + users + else + Enum.filter(users, &(not User.blocks?(user, &1))) + end conn |> put_view(AccountView) From fd1fa5a2ec922575bc8b75dabe224337977c8e3e Mon Sep 17 00:00:00 2001 From: Sadposter Date: Tue, 23 Jul 2019 15:05:19 +0100 Subject: [PATCH 2/7] add tests for unauthed reqs to liked/reblogged_by --- .../mastodon_api_controller_test.exs | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index a3e4c4136..00ca320d3 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -3786,6 +3786,20 @@ test "does not return users who have favorited the status but are blocked", %{ assert Enum.empty?(response) end + + test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do + other_user = insert(:user) + {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) + + response = + conn + |> assign(:user, nil) + |> get("/api/v1/#{activity.id}/favourited_by") + |> json_response(:ok) + + [%{"id" => id}] = response + assert id == other_user.id + end end describe "GET /api/v1/statuses/:id/reblogged_by" do @@ -3843,6 +3857,20 @@ test "does not return users who have reblogged the status but are blocked", %{ assert Enum.empty?(response) end + + test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do + other_user = insert(:user) + {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) + + response = + conn + |> assign(:user, nil) + |> get("/api/v1/#{activity.id}/reblogged_by") + |> json_response(:ok) + + [%{"id" => id}] = response + assert id == other_user.id + end end describe "POST /auth/password, with valid parameters" do From 452980652dc749d71e96b1cbb17d68d393121a78 Mon Sep 17 00:00:00 2001 From: Sadposter Date: Tue, 23 Jul 2019 15:13:05 +0100 Subject: [PATCH 3/7] Mix format --- .../mastodon_api/mastodon_api_controller.ex | 24 +++++++------ .../mastodon_api_controller_test.exs | 36 +++++++++---------- 2 files changed, 32 insertions(+), 28 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index ccebcd415..9269a5a29 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -885,11 +885,13 @@ def favourited_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do q = from(u in User, where: u.ap_id in ^likes) users = Repo.all(q) - users = if is_nil(user) do - users - else - Enum.filter(users, &(not User.blocks?(user, &1))) - end + + users = + if is_nil(user) do + users + else + Enum.filter(users, &(not User.blocks?(user, &1))) + end conn |> put_view(AccountView) @@ -905,11 +907,13 @@ def reblogged_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do q = from(u in User, where: u.ap_id in ^announces) users = Repo.all(q) - users = if is_nil(user) do - users - else - Enum.filter(users, &(not User.blocks?(user, &1))) - end + + users = + if is_nil(user) do + users + else + Enum.filter(users, &(not User.blocks?(user, &1))) + end conn |> put_view(AccountView) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 00ca320d3..49650b1de 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -3788,17 +3788,17 @@ test "does not return users who have favorited the status but are blocked", %{ end test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do - other_user = insert(:user) - {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) + other_user = insert(:user) + {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) - response = - conn - |> assign(:user, nil) - |> get("/api/v1/#{activity.id}/favourited_by") - |> json_response(:ok) + response = + conn + |> assign(:user, nil) + |> get("/api/v1/#{activity.id}/favourited_by") + |> json_response(:ok) - [%{"id" => id}] = response - assert id == other_user.id + [%{"id" => id}] = response + assert id == other_user.id end end @@ -3859,17 +3859,17 @@ test "does not return users who have reblogged the status but are blocked", %{ end test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do - other_user = insert(:user) - {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) + other_user = insert(:user) + {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) - response = - conn - |> assign(:user, nil) - |> get("/api/v1/#{activity.id}/reblogged_by") - |> json_response(:ok) + response = + conn + |> assign(:user, nil) + |> get("/api/v1/#{activity.id}/reblogged_by") + |> json_response(:ok) - [%{"id" => id}] = response - assert id == other_user.id + [%{"id" => id}] = response + assert id == other_user.id end end From 7026018c8c604ce9e077b13e14c35bd8d7052e2c Mon Sep 17 00:00:00 2001 From: Sadposter Date: Tue, 23 Jul 2019 15:31:35 +0100 Subject: [PATCH 4/7] Use correct URL for tests --- test/web/mastodon_api/mastodon_api_controller_test.exs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 49650b1de..28d3f4117 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -3794,7 +3794,7 @@ test "does not fail on an unauthententicated request", %{conn: conn, activity: a response = conn |> assign(:user, nil) - |> get("/api/v1/#{activity.id}/favourited_by") + |> get("/api/v1/statuses/#{activity.id}/favourited_by") |> json_response(:ok) [%{"id" => id}] = response @@ -3865,7 +3865,7 @@ test "does not fail on an unauthententicated request", %{conn: conn, activity: a response = conn |> assign(:user, nil) - |> get("/api/v1/#{activity.id}/reblogged_by") + |> get("/api/v1/statuses/#{activity.id}/reblogged_by") |> json_response(:ok) [%{"id" => id}] = response From 299c0e965b4b0d917a9daf696dd39ee546b33185 Mon Sep 17 00:00:00 2001 From: Sadposter Date: Tue, 23 Jul 2019 15:38:19 +0100 Subject: [PATCH 5/7] actually reblog on the reblog test --- test/web/mastodon_api/mastodon_api_controller_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 28d3f4117..bd756c467 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -3860,7 +3860,7 @@ test "does not return users who have reblogged the status but are blocked", %{ test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do other_user = insert(:user) - {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) + {:ok, _, _} = CommonAPI.repeat(activity.id, other_user) response = conn From c4005654279fe45213a3d11b6e4767e8afd24850 Mon Sep 17 00:00:00 2001 From: Sadposter Date: Tue, 23 Jul 2019 15:47:17 +0100 Subject: [PATCH 6/7] fix test names because i cannot type --- test/web/mastodon_api/mastodon_api_controller_test.exs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index bd756c467..bc3213e0c 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -3787,7 +3787,7 @@ test "does not return users who have favorited the status but are blocked", %{ assert Enum.empty?(response) end - test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do + test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do other_user = insert(:user) {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) @@ -3858,7 +3858,7 @@ test "does not return users who have reblogged the status but are blocked", %{ assert Enum.empty?(response) end - test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do + test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do other_user = insert(:user) {:ok, _, _} = CommonAPI.repeat(activity.id, other_user) From 54a161cb7ad58da05ced24daaf0c16964f76fa4c Mon Sep 17 00:00:00 2001 From: Sadposter Date: Tue, 23 Jul 2019 19:44:47 +0100 Subject: [PATCH 7/7] move unauth'd user blocks?/2 check --- lib/pleroma/user.ex | 2 ++ .../mastodon_api/mastodon_api_controller.ex | 18 ++++-------------- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index a3f6add28..e017efad6 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -882,6 +882,8 @@ def blocks?(%User{info: info} = _user, %{ap_id: ap_id}) do Pleroma.Web.ActivityPub.MRF.subdomain_match?(domain_blocks, host) end + def blocks?(nil, _), do: false + def subscribed_to?(user, %{ap_id: ap_id}) do with %User{} = target <- get_cached_by_ap_id(ap_id) do Enum.member?(target.info.subscribers, user.ap_id) diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 9269a5a29..d660f3f05 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -884,14 +884,9 @@ def favourited_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do %Object{data: %{"likes" => likes}} <- Object.normalize(object) do q = from(u in User, where: u.ap_id in ^likes) - users = Repo.all(q) - users = - if is_nil(user) do - users - else - Enum.filter(users, &(not User.blocks?(user, &1))) - end + Repo.all(q) + |> Enum.filter(&(not User.blocks?(user, &1))) conn |> put_view(AccountView) @@ -906,14 +901,9 @@ def reblogged_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do %Object{data: %{"announcements" => announces}} <- Object.normalize(object) do q = from(u in User, where: u.ap_id in ^announces) - users = Repo.all(q) - users = - if is_nil(user) do - users - else - Enum.filter(users, &(not User.blocks?(user, &1))) - end + Repo.all(q) + |> Enum.filter(&(not User.blocks?(user, &1))) conn |> put_view(AccountView)