diff options
| author | kaniini <ariadne@dereferenced.org> | 2019-07-23 19:14:43 +0000 |
|---|---|---|
| committer | kaniini <ariadne@dereferenced.org> | 2019-07-23 19:14:43 +0000 |
| commit | 8d3cf7e519ddc0b5e89729d305120d2810e1e3eb (patch) | |
| tree | e9da4fe2be6d45e0e8a77c45ee31fb9c469d97fc | |
| parent | ad608373005036a1181474ec446ed9d882385248 (diff) | |
| parent | 54a161cb7ad58da05ced24daaf0c16964f76fa4c (diff) | |
| download | pleroma-8d3cf7e519ddc0b5e89729d305120d2810e1e3eb.tar.gz | |
Merge branch 'bugfix/unauthed-liked-by' into 'develop'
Bugfix: don't error out on unauthorized request to liked/favourited_by
See merge request pleroma/pleroma!1474
| -rw-r--r-- | lib/pleroma/user.ex | 2 | ||||
| -rw-r--r-- | test/web/mastodon_api/mastodon_api_controller_test.exs | 28 |
2 files changed, 30 insertions, 0 deletions
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index a3f6add28..e017efad6 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -882,6 +882,8 @@ defmodule Pleroma.User do Pleroma.Web.ActivityPub.MRF.subdomain_match?(domain_blocks, host) end + def blocks?(nil, _), do: false + def subscribed_to?(user, %{ap_id: ap_id}) do with %User{} = target <- get_cached_by_ap_id(ap_id) do Enum.member?(target.info.subscribers, user.ap_id) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index a3e4c4136..bc3213e0c 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -3786,6 +3786,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert Enum.empty?(response) end + + test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do + other_user = insert(:user) + {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) + + response = + conn + |> assign(:user, nil) + |> get("/api/v1/statuses/#{activity.id}/favourited_by") + |> json_response(:ok) + + [%{"id" => id}] = response + assert id == other_user.id + end end describe "GET /api/v1/statuses/:id/reblogged_by" do @@ -3843,6 +3857,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert Enum.empty?(response) end + + test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do + other_user = insert(:user) + {:ok, _, _} = CommonAPI.repeat(activity.id, other_user) + + response = + conn + |> assign(:user, nil) + |> get("/api/v1/statuses/#{activity.id}/reblogged_by") + |> json_response(:ok) + + [%{"id" => id}] = response + assert id == other_user.id + end end describe "POST /auth/password, with valid parameters" do |