diff options
| author | Maksim Pechnikov <parallel588@gmail.com> | 2019-12-25 15:12:43 +0300 |
|---|---|---|
| committer | Maksim Pechnikov <parallel588@gmail.com> | 2019-12-25 15:12:43 +0300 |
| commit | 933dc120438d14502e4bc4c29db904114fb6e438 (patch) | |
| tree | 93dc4677692660924cccd2dfb984145708d6192f /lib/pleroma/web/twitter_api | |
| parent | bdd71669da43698716be6494528b6e1813d0cd3d (diff) | |
| download | pleroma-933dc120438d14502e4bc4c29db904114fb6e438.tar.gz | |
added code of mr#2067
Diffstat (limited to 'lib/pleroma/web/twitter_api')
| -rw-r--r-- | lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex b/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex index e5e52a7e8..e0d4d5632 100644 --- a/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex @@ -16,7 +16,12 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do @status_types ["Article", "Event", "Note", "Video", "Page", "Question"] - plug(OAuthScopesPlug, %{scopes: ["follow", "write:follows"]} when action in [:do_follow]) + # Note: follower can submit the form (with password auth) not being signed in (having no token) + plug( + OAuthScopesPlug, + %{fallback: :proceed_unauthenticated, scopes: ["follow", "write:follows"]} + when action in [:do_follow] + ) # GET /ostatus_subscribe # @@ -61,9 +66,8 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do # POST /ostatus_subscribe # - def do_follow(conn, %{"authorization" => %{"name" => _, "password" => _, "id" => id}}) do + def do_follow(%{assigns: %{user: %User{} = user}} = conn, %{"user" => %{"id" => id}}) do with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)}, - {_, {:ok, user}, _} <- {:auth, Authenticator.get_user(conn), followee}, {:ok, _, _, _} <- CommonAPI.follow(user, followee) do render(conn, "followed.html", %{error: false}) else @@ -72,8 +76,9 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do end end - def do_follow(%{assigns: %{user: user}} = conn, %{"user" => %{"id" => id}}) do + def do_follow(conn, %{"authorization" => %{"name" => _, "password" => _, "id" => id}}) do with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)}, + {_, {:ok, user}, _} <- {:auth, Authenticator.get_user(conn), followee}, {:ok, _, _, _} <- CommonAPI.follow(user, followee) do render(conn, "followed.html", %{error: false}) else @@ -82,6 +87,11 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do end end + def do_follow(%{assigns: %{user: nil}} = conn, _) do + Logger.debug("Insufficient permissions: follow | write:follows.") + render(conn, "followed.html", %{error: "Insufficient permissions: follow | write:follows."}) + end + defp handle_follow_error(conn, {:auth, _, followee} = _) do render(conn, "follow_login.html", %{error: "Wrong username or password", followee: followee}) end |