From eacf61d823f8bc4398dee883aa86171ec4757fe9 Mon Sep 17 00:00:00 2001
From: Sadposter <hannah+pleroma@coffee-and-dreams.uk>
Date: Tue, 23 Jul 2019 15:02:18 +0100
Subject: [PATCH 1/7] fix unauthenticated req to favourited/rebloggd_by
---
.../mastodon_api/mastodon_api_controller.ex | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index d660f3f05..ccebcd415 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -884,9 +884,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
%Object{data: %{"likes" => likes}} <- Object.normalize(object) do
q = from(u in User, where: u.ap_id in ^likes)
- users =
- Repo.all(q)
- |> Enum.filter(&(not User.blocks?(user, &1)))
+ users = Repo.all(q)
+ users = if is_nil(user) do
+ users
+ else
+ Enum.filter(users, &(not User.blocks?(user, &1)))
+ end
conn
|> put_view(AccountView)
@@ -901,9 +904,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
%Object{data: %{"announcements" => announces}} <- Object.normalize(object) do
q = from(u in User, where: u.ap_id in ^announces)
- users =
- Repo.all(q)
- |> Enum.filter(&(not User.blocks?(user, &1)))
+ users = Repo.all(q)
+ users = if is_nil(user) do
+ users
+ else
+ Enum.filter(users, &(not User.blocks?(user, &1)))
+ end
conn
|> put_view(AccountView)
From fd1fa5a2ec922575bc8b75dabe224337977c8e3e Mon Sep 17 00:00:00 2001
From: Sadposter <hannah+pleroma@coffee-and-dreams.uk>
Date: Tue, 23 Jul 2019 15:05:19 +0100
Subject: [PATCH 2/7] add tests for unauthed reqs to liked/reblogged_by
---
.../mastodon_api_controller_test.exs | 28 +++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index a3e4c4136..00ca320d3 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -3786,6 +3786,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
assert Enum.empty?(response)
end
+
+ test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do
+ other_user = insert(:user)
+ {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
+
+ response =
+ conn
+ |> assign(:user, nil)
+ |> get("/api/v1/#{activity.id}/favourited_by")
+ |> json_response(:ok)
+
+ [%{"id" => id}] = response
+ assert id == other_user.id
+ end
end
describe "GET /api/v1/statuses/:id/reblogged_by" do
@@ -3843,6 +3857,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
assert Enum.empty?(response)
end
+
+ test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do
+ other_user = insert(:user)
+ {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
+
+ response =
+ conn
+ |> assign(:user, nil)
+ |> get("/api/v1/#{activity.id}/reblogged_by")
+ |> json_response(:ok)
+
+ [%{"id" => id}] = response
+ assert id == other_user.id
+ end
end
describe "POST /auth/password, with valid parameters" do
From 452980652dc749d71e96b1cbb17d68d393121a78 Mon Sep 17 00:00:00 2001
From: Sadposter <hannah+pleroma@coffee-and-dreams.uk>
Date: Tue, 23 Jul 2019 15:13:05 +0100
Subject: [PATCH 3/7] Mix format
---
.../mastodon_api/mastodon_api_controller.ex | 24 +++++++------
.../mastodon_api_controller_test.exs | 36 +++++++++----------
2 files changed, 32 insertions(+), 28 deletions(-)
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index ccebcd415..9269a5a29 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -885,11 +885,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
q = from(u in User, where: u.ap_id in ^likes)
users = Repo.all(q)
- users = if is_nil(user) do
- users
- else
- Enum.filter(users, &(not User.blocks?(user, &1)))
- end
+
+ users =
+ if is_nil(user) do
+ users
+ else
+ Enum.filter(users, &(not User.blocks?(user, &1)))
+ end
conn
|> put_view(AccountView)
@@ -905,11 +907,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
q = from(u in User, where: u.ap_id in ^announces)
users = Repo.all(q)
- users = if is_nil(user) do
- users
- else
- Enum.filter(users, &(not User.blocks?(user, &1)))
- end
+
+ users =
+ if is_nil(user) do
+ users
+ else
+ Enum.filter(users, &(not User.blocks?(user, &1)))
+ end
conn
|> put_view(AccountView)
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index 00ca320d3..49650b1de 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -3788,17 +3788,17 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
end
test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do
- other_user = insert(:user)
- {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
+ other_user = insert(:user)
+ {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
- response =
- conn
- |> assign(:user, nil)
- |> get("/api/v1/#{activity.id}/favourited_by")
- |> json_response(:ok)
+ response =
+ conn
+ |> assign(:user, nil)
+ |> get("/api/v1/#{activity.id}/favourited_by")
+ |> json_response(:ok)
- [%{"id" => id}] = response
- assert id == other_user.id
+ [%{"id" => id}] = response
+ assert id == other_user.id
end
end
@@ -3859,17 +3859,17 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
end
test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do
- other_user = insert(:user)
- {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
+ other_user = insert(:user)
+ {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
- response =
- conn
- |> assign(:user, nil)
- |> get("/api/v1/#{activity.id}/reblogged_by")
- |> json_response(:ok)
+ response =
+ conn
+ |> assign(:user, nil)
+ |> get("/api/v1/#{activity.id}/reblogged_by")
+ |> json_response(:ok)
- [%{"id" => id}] = response
- assert id == other_user.id
+ [%{"id" => id}] = response
+ assert id == other_user.id
end
end
From 7026018c8c604ce9e077b13e14c35bd8d7052e2c Mon Sep 17 00:00:00 2001
From: Sadposter <hannah+pleroma@coffee-and-dreams.uk>
Date: Tue, 23 Jul 2019 15:31:35 +0100
Subject: [PATCH 4/7] Use correct URL for tests
---
test/web/mastodon_api/mastodon_api_controller_test.exs | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index 49650b1de..28d3f4117 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -3794,7 +3794,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
response =
conn
|> assign(:user, nil)
- |> get("/api/v1/#{activity.id}/favourited_by")
+ |> get("/api/v1/statuses/#{activity.id}/favourited_by")
|> json_response(:ok)
[%{"id" => id}] = response
@@ -3865,7 +3865,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
response =
conn
|> assign(:user, nil)
- |> get("/api/v1/#{activity.id}/reblogged_by")
+ |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
|> json_response(:ok)
[%{"id" => id}] = response
From 299c0e965b4b0d917a9daf696dd39ee546b33185 Mon Sep 17 00:00:00 2001
From: Sadposter <hannah+pleroma@coffee-and-dreams.uk>
Date: Tue, 23 Jul 2019 15:38:19 +0100
Subject: [PATCH 5/7] actually reblog on the reblog test
---
test/web/mastodon_api/mastodon_api_controller_test.exs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index 28d3f4117..bd756c467 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -3860,7 +3860,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do
other_user = insert(:user)
- {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
+ {:ok, _, _} = CommonAPI.repeat(activity.id, other_user)
response =
conn
From c4005654279fe45213a3d11b6e4767e8afd24850 Mon Sep 17 00:00:00 2001
From: Sadposter <hannah+pleroma@coffee-and-dreams.uk>
Date: Tue, 23 Jul 2019 15:47:17 +0100
Subject: [PATCH 6/7] fix test names because i cannot type
---
test/web/mastodon_api/mastodon_api_controller_test.exs | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index bd756c467..bc3213e0c 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -3787,7 +3787,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
assert Enum.empty?(response)
end
- test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do
+ test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do
other_user = insert(:user)
{:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
@@ -3858,7 +3858,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
assert Enum.empty?(response)
end
- test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do
+ test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do
other_user = insert(:user)
{:ok, _, _} = CommonAPI.repeat(activity.id, other_user)
From 54a161cb7ad58da05ced24daaf0c16964f76fa4c Mon Sep 17 00:00:00 2001
From: Sadposter <hannah+pleroma@coffee-and-dreams.uk>
Date: Tue, 23 Jul 2019 19:44:47 +0100
Subject: [PATCH 7/7] move unauth'd user blocks?/2 check
---
lib/pleroma/user.ex | 2 ++
.../mastodon_api/mastodon_api_controller.ex | 18 ++++--------------
2 files changed, 6 insertions(+), 14 deletions(-)
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index a3f6add28..e017efad6 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -882,6 +882,8 @@ defmodule Pleroma.User do
Pleroma.Web.ActivityPub.MRF.subdomain_match?(domain_blocks, host)
end
+ def blocks?(nil, _), do: false
+
def subscribed_to?(user, %{ap_id: ap_id}) do
with %User{} = target <- get_cached_by_ap_id(ap_id) do
Enum.member?(target.info.subscribers, user.ap_id)
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index 9269a5a29..d660f3f05 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -884,14 +884,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
%Object{data: %{"likes" => likes}} <- Object.normalize(object) do
q = from(u in User, where: u.ap_id in ^likes)
- users = Repo.all(q)
-
users =
- if is_nil(user) do
- users
- else
- Enum.filter(users, &(not User.blocks?(user, &1)))
- end
+ Repo.all(q)
+ |> Enum.filter(&(not User.blocks?(user, &1)))
conn
|> put_view(AccountView)
@@ -906,14 +901,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
%Object{data: %{"announcements" => announces}} <- Object.normalize(object) do
q = from(u in User, where: u.ap_id in ^announces)
- users = Repo.all(q)
-
users =
- if is_nil(user) do
- users
- else
- Enum.filter(users, &(not User.blocks?(user, &1)))
- end
+ Repo.all(q)
+ |> Enum.filter(&(not User.blocks?(user, &1)))
conn
|> put_view(AccountView)