commit: 1cd825519c34762490fa44e7aa0cccf2a72826b6
parent: e1de866f95c7740d64070ff023b4bdcc013decc4
Author: kaniini <nenolod@gmail.com>
Date: Fri, 28 Dec 2018 18:30:36 +0000
Merge branch 'fix/public-timeline-auth' into 'develop'
Fix Twitter timelines for private instances
See merge request pleroma/pleroma!602
Diffstat:
2 files changed, 61 insertions(+), 1 deletion(-)
diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
@@ -662,7 +662,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
json_reply(conn, 403, json)
end
- def only_if_public_instance(conn = %{conn: %{assigns: %{user: _user}}}, _), do: conn
+ def only_if_public_instance(%{assigns: %{user: %User{}}} = conn, _), do: conn
def only_if_public_instance(conn, _) do
if Keyword.get(Application.get_env(:pleroma, :instance), :public) do
diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -112,6 +112,8 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
end
describe "GET /statuses/public_timeline.json" do
+ setup [:valid_user]
+
test "returns statuses", %{conn: conn} do
user = insert(:user)
activities = ActivityBuilder.insert_list(30, %{}, %{user: user})
@@ -145,14 +147,44 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
Application.put_env(:pleroma, :instance, instance)
end
+ test "returns 200 to authenticated request when the instance is not public",
+ %{conn: conn, user: user} do
+ instance =
+ Application.get_env(:pleroma, :instance)
+ |> Keyword.put(:public, false)
+
+ Application.put_env(:pleroma, :instance, instance)
+
+ conn
+ |> with_credentials(user.nickname, "test")
+ |> get("/api/statuses/public_timeline.json")
+ |> json_response(200)
+
+ instance =
+ Application.get_env(:pleroma, :instance)
+ |> Keyword.put(:public, true)
+
+ Application.put_env(:pleroma, :instance, instance)
+ end
+
test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
conn
|> get("/api/statuses/public_timeline.json")
|> json_response(200)
end
+
+ test "returns 200 to authenticated request when the instance is public",
+ %{conn: conn, user: user} do
+ conn
+ |> with_credentials(user.nickname, "test")
+ |> get("/api/statuses/public_timeline.json")
+ |> json_response(200)
+ end
end
describe "GET /statuses/public_and_external_timeline.json" do
+ setup [:valid_user]
+
test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
instance =
Application.get_env(:pleroma, :instance)
@@ -171,11 +203,39 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
Application.put_env(:pleroma, :instance, instance)
end
+ test "returns 200 to authenticated request when the instance is not public",
+ %{conn: conn, user: user} do
+ instance =
+ Application.get_env(:pleroma, :instance)
+ |> Keyword.put(:public, false)
+
+ Application.put_env(:pleroma, :instance, instance)
+
+ conn
+ |> with_credentials(user.nickname, "test")
+ |> get("/api/statuses/public_and_external_timeline.json")
+ |> json_response(200)
+
+ instance =
+ Application.get_env(:pleroma, :instance)
+ |> Keyword.put(:public, true)
+
+ Application.put_env(:pleroma, :instance, instance)
+ end
+
test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
conn
|> get("/api/statuses/public_and_external_timeline.json")
|> json_response(200)
end
+
+ test "returns 200 to authenticated request when the instance is public",
+ %{conn: conn, user: user} do
+ conn
+ |> with_credentials(user.nickname, "test")
+ |> get("/api/statuses/public_and_external_timeline.json")
+ |> json_response(200)
+ end
end
describe "GET /statuses/show/:id.json" do
