Merge branch 'bugfix/unauthed-liked-by' into 'develop'

Bugfix: don't error out on unauthorized request to liked/favourited_by

See merge request pleroma/pleroma!1474
This commit is contained in:
kaniini 2019-07-23 19:14:43 +00:00
commit 8d3cf7e519
2 changed files with 30 additions and 0 deletions

View File

@ -882,6 +882,8 @@ def blocks?(%User{info: info} = _user, %{ap_id: ap_id}) do
Pleroma.Web.ActivityPub.MRF.subdomain_match?(domain_blocks, host) Pleroma.Web.ActivityPub.MRF.subdomain_match?(domain_blocks, host)
end end
def blocks?(nil, _), do: false
def subscribed_to?(user, %{ap_id: ap_id}) do def subscribed_to?(user, %{ap_id: ap_id}) do
with %User{} = target <- get_cached_by_ap_id(ap_id) do with %User{} = target <- get_cached_by_ap_id(ap_id) do
Enum.member?(target.info.subscribers, user.ap_id) Enum.member?(target.info.subscribers, user.ap_id)

View File

@ -3786,6 +3786,20 @@ test "does not return users who have favorited the status but are blocked", %{
assert Enum.empty?(response) assert Enum.empty?(response)
end end
test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do
other_user = insert(:user)
{:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
response =
conn
|> assign(:user, nil)
|> get("/api/v1/statuses/#{activity.id}/favourited_by")
|> json_response(:ok)
[%{"id" => id}] = response
assert id == other_user.id
end
end end
describe "GET /api/v1/statuses/:id/reblogged_by" do describe "GET /api/v1/statuses/:id/reblogged_by" do
@ -3843,6 +3857,20 @@ test "does not return users who have reblogged the status but are blocked", %{
assert Enum.empty?(response) assert Enum.empty?(response)
end end
test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do
other_user = insert(:user)
{:ok, _, _} = CommonAPI.repeat(activity.id, other_user)
response =
conn
|> assign(:user, nil)
|> get("/api/v1/statuses/#{activity.id}/reblogged_by")
|> json_response(:ok)
[%{"id" => id}] = response
assert id == other_user.id
end
end end
describe "POST /auth/password, with valid parameters" do describe "POST /auth/password, with valid parameters" do