Fix `ActivityPubController.read_inbox/2`

author: Egor Kislitsyn <egor@kislitsyn.com> 2019-09-10 01:11:57 +0700
committer: Egor Kislitsyn <egor@kislitsyn.com> 2019-09-10 01:11:57 +0700
commit: e0f84d0043d922f7cc88875a0bc52f2db8972b76 (patch)
tree: d59bb21a3c20feb54ebe9b8f5311f0809f3fac18
parent: 896ffabe37406e85c2a3c2f30d2e882c68b5831e (diff)
download: pleroma-e0f84d0043d922f7cc88875a0bc52f2db8972b76.tar.gz
2 files changed, 40 insertions, 15 deletions
diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
index 08bf1c752..7b0075477 100644
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@@ -251,22 +251,36 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
 
   def whoami(_conn, _params), do: {:error, :not_found}
 
-  def read_inbox(%{assigns: %{user: user}} = conn, %{"nickname" => nickname} = params) do
-    if nickname == user.nickname do
-      conn
-      |> put_resp_content_type("application/activity+json")
-      |> json(UserView.render("inbox.json", %{user: user, max_id: params["max_id"]}))
-    else
-      err =
-        dgettext("errors", "can't read inbox of %{nickname} as %{as_nickname}",
-          nickname: nickname,
-          as_nickname: user.nickname
-        )
+  def read_inbox(
+        %{assigns: %{user: %{nickname: nickname} = user}} = conn,
+        %{"nickname" => nickname} = params
+      ) do
+    conn
+    |> put_resp_content_type("application/activity+json")
+    |> put_view(UserView)
+    |> render("inbox.json", user: user, max_id: params["max_id"])
+  end
 
-      conn
-      |> put_status(:forbidden)
-      |> json(err)
-    end
+  def read_inbox(%{assigns: %{user: nil}} = conn, %{"nickname" => nickname}) do
+    err = dgettext("errors", "can't read inbox of %{nickname}", nickname: nickname)
+
+    conn
+    |> put_status(:forbidden)
+    |> json(err)
+  end
+
+  def read_inbox(%{assigns: %{user: %{nickname: as_nickname}}} = conn, %{
+        "nickname" => nickname
+      }) do
+    err =
+      dgettext("errors", "can't read inbox of %{nickname} as %{as_nickname}",
+        nickname: nickname,
+        as_nickname: as_nickname
+      )
+
+    conn
+    |> put_status(:forbidden)
+    |> json(err)
   end
 
   def handle_user_activity(user, %{"type" => "Create"} = params) do
diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs
index 5192e734f..4388538c2 100644
--- a/test/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/web/activity_pub/activity_pub_controller_test.exs
@@ -365,6 +365,17 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       assert json_response(conn, 403)
     end
 
+    test "it doesn't crash without an authenticated user", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/users/#{user.nickname}/inbox")
+
+      assert json_response(conn, 403)
+    end
+
     test "it returns a note activity in a collection", %{conn: conn} do
       note_activity = insert(:direct_note_activity)
       note_object = Object.normalize(note_activity)
author	Egor Kislitsyn <egor@kislitsyn.com>	2019-09-10 01:11:57 +0700
committer	Egor Kislitsyn <egor@kislitsyn.com>	2019-09-10 01:11:57 +0700
commit	e0f84d0043d922f7cc88875a0bc52f2db8972b76 (patch)
tree	d59bb21a3c20feb54ebe9b8f5311f0809f3fac18
parent	896ffabe37406e85c2a3c2f30d2e882c68b5831e (diff)
download	pleroma-e0f84d0043d922f7cc88875a0bc52f2db8972b76.tar.gz