diff options
| author | eugenijm <eugenijm@protonmail.com> | 2019-09-20 17:54:38 +0300 |
|---|---|---|
| committer | Ariadne Conill <ariadne@dereferenced.org> | 2019-10-07 11:28:51 +0000 |
| commit | 790ae8e18963487f6e63fbd12407acd9a0ef1c76 (patch) | |
| tree | 5a9c3f753fc7604368039ea2f446d2f969f50ee8 | |
| parent | f6ff19e0745a2362406ea2b073e7ca85f2121d41 (diff) | |
| download | pleroma-790ae8e18963487f6e63fbd12407acd9a0ef1c76.tar.gz | |
Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`)
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | lib/pleroma/web/activity_pub/activity_pub.ex | 5 | ||||
| -rw-r--r-- | lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex | 1 | ||||
| -rw-r--r-- | test/web/mastodon_api/mastodon_api_controller_test.exs | 16 |
4 files changed, 20 insertions, 3 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 43f2935d9..9d7203164 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - ActivityPub: Polls are now refreshed when necessary. - Mastodon API: Ensure the `account` field is not empty when rendering Notification entities. - Report emails now include functional links to profiles of remote user accounts +- Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`) ### Removed - ActivityPub: The `/objects/:uuid/likes` endpoint. diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 319cd69df..58b002d3c 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -527,9 +527,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end def fetch_public_activities(opts \\ %{}) do - q = fetch_activities_query([Pleroma.Constants.as_public()], opts) + opts = Map.drop(opts, ["user"]) - q + [Pleroma.Constants.as_public()] + |> fetch_activities_query(opts) |> restrict_unlisted() |> Pagination.fetch_paginated(opts) |> Enum.reverse() diff --git a/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex index fcca6858d..863d673ea 100644 --- a/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex @@ -398,7 +398,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> Map.put("local_only", local_only) |> Map.put("blocking_user", user) |> Map.put("muting_user", user) - |> Map.put("user", user) |> ActivityPub.fetch_public_activities() |> Enum.reverse() diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 24e5785c0..dad832a66 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -96,6 +96,22 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do |> json_response(403) == %{"error" => "This resource requires authentication."} end + test "the public timeline includes only public statuses for an authenticated user" do + user = insert(:user) + + conn = + build_conn() + |> assign(:user, user) + + {:ok, _activity} = CommonAPI.post(user, %{"status" => "test"}) + {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "private"}) + {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "unlisted"}) + {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "direct"}) + + res_conn = get(conn, "/api/v1/timelines/public") + assert length(json_response(res_conn, 200)) == 1 + end + describe "posting statuses" do setup do user = insert(:user) |