diff options
| author | Roger Braun <roger@rogerbraun.net> | 2017-04-26 08:56:34 +0200 |
|---|---|---|
| committer | Roger Braun <roger@rogerbraun.net> | 2017-04-26 08:56:34 +0200 |
| commit | fb5cebc1b5dcfd6af7fa1a81bc5b26275714fa26 (patch) | |
| tree | 201760df860fbb95fd6e88f23d79c6ca3e597be5 | |
| parent | c8447998228e401784a7c94031064d963fad693f (diff) | |
| parent | 22e936372e12879e97beac5d886566b1c6c4d55e (diff) | |
| download | pleroma-fb5cebc1b5dcfd6af7fa1a81bc5b26275714fa26.tar.gz | |
Merge branch 'dtluna/pleroma-bugfix/deny-self-repeats' into develop
| -rw-r--r-- | lib/pleroma/web/twitter_api/twitter_api_controller.ex | 13 | ||||
| -rw-r--r-- | test/web/twitter_api/twitter_api_controller_test.exs | 18 |
2 files changed, 23 insertions, 8 deletions
diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index d9ff7e530..b5b829ca0 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -163,11 +163,16 @@ defmodule Pleroma.Web.TwitterAPI.Controller do def retweet(%{assigns: %{user: user}} = conn, %{"id" => id}) do activity = Repo.get(Activity, id) - {:ok, status} = TwitterAPI.retweet(user, activity) - response = Poison.encode!(status) + if activity.data["actor"] == user.ap_id do + bad_request_reply(conn, "You cannot repeat your own notice.") + else + {:ok, status} = TwitterAPI.retweet(user, activity) + response = Poison.encode!(status) - conn - |> json_reply(200, response) + conn + + |> json_reply(200, response) + end end def register(conn, params) do diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index 766268ce9..6c249be7d 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -331,11 +331,21 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do test "with credentials", %{conn: conn, user: current_user} do note_activity = insert(:note_activity) - conn = conn - |> with_credentials(current_user.nickname, "test") - |> post("/api/statuses/retweet/#{note_activity.id}.json") + request_path = "/api/statuses/retweet/#{note_activity.id}.json" - assert json_response(conn, 200) + user = Repo.get_by(User, ap_id: note_activity.data["actor"]) + response = conn + |> with_credentials(user.nickname, "test") + |> post(request_path) + assert json_response(response, 400) == %{"error" => "You cannot repeat your own notice.", + "request" => request_path} + + response = conn + |> with_credentials(current_user.nickname, "test") + |> post(request_path) + activity = Repo.get(Activity, note_activity.id) + activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"]) + assert json_response(response, 200) == ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user}) end end |