From eacf61d823f8bc4398dee883aa86171ec4757fe9 Mon Sep 17 00:00:00 2001
From: Sadposter <hannah+pleroma@coffee-and-dreams.uk>
Date: Tue, 23 Jul 2019 15:02:18 +0100
Subject: [PATCH 1/7] fix unauthenticated req to favourited/rebloggd_by

---
 .../mastodon_api/mastodon_api_controller.ex    | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index d660f3f05..ccebcd415 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -884,9 +884,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
          %Object{data: %{"likes" => likes}} <- Object.normalize(object) do
       q = from(u in User, where: u.ap_id in ^likes)
 
-      users =
-        Repo.all(q)
-        |> Enum.filter(&(not User.blocks?(user, &1)))
+      users = Repo.all(q)
+      users = if is_nil(user) do
+        users
+      else
+        Enum.filter(users, &(not User.blocks?(user, &1)))
+      end
 
       conn
       |> put_view(AccountView)
@@ -901,9 +904,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
          %Object{data: %{"announcements" => announces}} <- Object.normalize(object) do
       q = from(u in User, where: u.ap_id in ^announces)
 
-      users =
-        Repo.all(q)
-        |> Enum.filter(&(not User.blocks?(user, &1)))
+      users = Repo.all(q)
+      users = if is_nil(user) do
+        users
+      else
+        Enum.filter(users, &(not User.blocks?(user, &1)))
+      end
 
       conn
       |> put_view(AccountView)

From fd1fa5a2ec922575bc8b75dabe224337977c8e3e Mon Sep 17 00:00:00 2001
From: Sadposter <hannah+pleroma@coffee-and-dreams.uk>
Date: Tue, 23 Jul 2019 15:05:19 +0100
Subject: [PATCH 2/7] add tests for unauthed reqs to liked/reblogged_by

---
 .../mastodon_api_controller_test.exs          | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index a3e4c4136..00ca320d3 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -3786,6 +3786,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
 
       assert Enum.empty?(response)
     end
+
+    test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do
+        other_user = insert(:user)
+        {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
+
+        response =
+            conn
+            |> assign(:user, nil)
+            |> get("/api/v1/#{activity.id}/favourited_by")
+            |> json_response(:ok)
+
+        [%{"id" => id}] = response
+        assert id == other_user.id
+    end
   end
 
   describe "GET /api/v1/statuses/:id/reblogged_by" do
@@ -3843,6 +3857,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
 
       assert Enum.empty?(response)
     end
+
+    test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do
+        other_user = insert(:user)
+        {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
+
+        response =
+            conn
+            |> assign(:user, nil)
+            |> get("/api/v1/#{activity.id}/reblogged_by")
+            |> json_response(:ok)
+
+        [%{"id" => id}] = response
+        assert id == other_user.id
+    end
   end
 
   describe "POST /auth/password, with valid parameters" do

From 452980652dc749d71e96b1cbb17d68d393121a78 Mon Sep 17 00:00:00 2001
From: Sadposter <hannah+pleroma@coffee-and-dreams.uk>
Date: Tue, 23 Jul 2019 15:13:05 +0100
Subject: [PATCH 3/7] Mix format

---
 .../mastodon_api/mastodon_api_controller.ex   | 24 +++++++------
 .../mastodon_api_controller_test.exs          | 36 +++++++++----------
 2 files changed, 32 insertions(+), 28 deletions(-)

diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index ccebcd415..9269a5a29 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -885,11 +885,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
       q = from(u in User, where: u.ap_id in ^likes)
 
       users = Repo.all(q)
-      users = if is_nil(user) do
-        users
-      else
-        Enum.filter(users, &(not User.blocks?(user, &1)))
-      end
+
+      users =
+        if is_nil(user) do
+          users
+        else
+          Enum.filter(users, &(not User.blocks?(user, &1)))
+        end
 
       conn
       |> put_view(AccountView)
@@ -905,11 +907,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
       q = from(u in User, where: u.ap_id in ^announces)
 
       users = Repo.all(q)
-      users = if is_nil(user) do
-        users
-      else
-        Enum.filter(users, &(not User.blocks?(user, &1)))
-      end
+
+      users =
+        if is_nil(user) do
+          users
+        else
+          Enum.filter(users, &(not User.blocks?(user, &1)))
+        end
 
       conn
       |> put_view(AccountView)
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index 00ca320d3..49650b1de 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -3788,17 +3788,17 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
     end
 
     test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do
-        other_user = insert(:user)
-        {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
+      other_user = insert(:user)
+      {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
 
-        response =
-            conn
-            |> assign(:user, nil)
-            |> get("/api/v1/#{activity.id}/favourited_by")
-            |> json_response(:ok)
+      response =
+        conn
+        |> assign(:user, nil)
+        |> get("/api/v1/#{activity.id}/favourited_by")
+        |> json_response(:ok)
 
-        [%{"id" => id}] = response
-        assert id == other_user.id
+      [%{"id" => id}] = response
+      assert id == other_user.id
     end
   end
 
@@ -3859,17 +3859,17 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
     end
 
     test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do
-        other_user = insert(:user)
-        {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
+      other_user = insert(:user)
+      {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
 
-        response =
-            conn
-            |> assign(:user, nil)
-            |> get("/api/v1/#{activity.id}/reblogged_by")
-            |> json_response(:ok)
+      response =
+        conn
+        |> assign(:user, nil)
+        |> get("/api/v1/#{activity.id}/reblogged_by")
+        |> json_response(:ok)
 
-        [%{"id" => id}] = response
-        assert id == other_user.id
+      [%{"id" => id}] = response
+      assert id == other_user.id
     end
   end
 

From 7026018c8c604ce9e077b13e14c35bd8d7052e2c Mon Sep 17 00:00:00 2001
From: Sadposter <hannah+pleroma@coffee-and-dreams.uk>
Date: Tue, 23 Jul 2019 15:31:35 +0100
Subject: [PATCH 4/7] Use correct URL for tests

---
 test/web/mastodon_api/mastodon_api_controller_test.exs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index 49650b1de..28d3f4117 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -3794,7 +3794,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
       response =
         conn
         |> assign(:user, nil)
-        |> get("/api/v1/#{activity.id}/favourited_by")
+        |> get("/api/v1/statuses/#{activity.id}/favourited_by")
         |> json_response(:ok)
 
       [%{"id" => id}] = response
@@ -3865,7 +3865,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
       response =
         conn
         |> assign(:user, nil)
-        |> get("/api/v1/#{activity.id}/reblogged_by")
+        |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
         |> json_response(:ok)
 
       [%{"id" => id}] = response

From 299c0e965b4b0d917a9daf696dd39ee546b33185 Mon Sep 17 00:00:00 2001
From: Sadposter <hannah+pleroma@coffee-and-dreams.uk>
Date: Tue, 23 Jul 2019 15:38:19 +0100
Subject: [PATCH 5/7] actually reblog on the reblog test

---
 test/web/mastodon_api/mastodon_api_controller_test.exs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index 28d3f4117..bd756c467 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -3860,7 +3860,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
 
     test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do
       other_user = insert(:user)
-      {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
+      {:ok, _, _} = CommonAPI.repeat(activity.id, other_user)
 
       response =
         conn

From c4005654279fe45213a3d11b6e4767e8afd24850 Mon Sep 17 00:00:00 2001
From: Sadposter <hannah+pleroma@coffee-and-dreams.uk>
Date: Tue, 23 Jul 2019 15:47:17 +0100
Subject: [PATCH 6/7] fix test names because i cannot type

---
 test/web/mastodon_api/mastodon_api_controller_test.exs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index bd756c467..bc3213e0c 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -3787,7 +3787,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
       assert Enum.empty?(response)
     end
 
-    test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do
+    test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do
       other_user = insert(:user)
       {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
 
@@ -3858,7 +3858,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
       assert Enum.empty?(response)
     end
 
-    test "does not fail on an unauthententicated request", %{conn: conn, activity: activity} do
+    test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do
       other_user = insert(:user)
       {:ok, _, _} = CommonAPI.repeat(activity.id, other_user)
 

From 54a161cb7ad58da05ced24daaf0c16964f76fa4c Mon Sep 17 00:00:00 2001
From: Sadposter <hannah+pleroma@coffee-and-dreams.uk>
Date: Tue, 23 Jul 2019 19:44:47 +0100
Subject: [PATCH 7/7] move unauth'd user blocks?/2 check

---
 lib/pleroma/user.ex                            |  2 ++
 .../mastodon_api/mastodon_api_controller.ex    | 18 ++++--------------
 2 files changed, 6 insertions(+), 14 deletions(-)

diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index a3f6add28..e017efad6 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -882,6 +882,8 @@ defmodule Pleroma.User do
       Pleroma.Web.ActivityPub.MRF.subdomain_match?(domain_blocks, host)
   end
 
+  def blocks?(nil, _), do: false
+
   def subscribed_to?(user, %{ap_id: ap_id}) do
     with %User{} = target <- get_cached_by_ap_id(ap_id) do
       Enum.member?(target.info.subscribers, user.ap_id)
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index 9269a5a29..d660f3f05 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -884,14 +884,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
          %Object{data: %{"likes" => likes}} <- Object.normalize(object) do
       q = from(u in User, where: u.ap_id in ^likes)
 
-      users = Repo.all(q)
-
       users =
-        if is_nil(user) do
-          users
-        else
-          Enum.filter(users, &(not User.blocks?(user, &1)))
-        end
+        Repo.all(q)
+        |> Enum.filter(&(not User.blocks?(user, &1)))
 
       conn
       |> put_view(AccountView)
@@ -906,14 +901,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
          %Object{data: %{"announcements" => announces}} <- Object.normalize(object) do
       q = from(u in User, where: u.ap_id in ^announces)
 
-      users = Repo.all(q)
-
       users =
-        if is_nil(user) do
-          users
-        else
-          Enum.filter(users, &(not User.blocks?(user, &1)))
-        end
+        Repo.all(q)
+        |> Enum.filter(&(not User.blocks?(user, &1)))
 
       conn
       |> put_view(AccountView)