commit: 351a306d462ae804ee9d0bbc9f8e7781caf34533
parent a2490ddd9fe449b8799687c47b01d6072e35bbf4
Author: feld <feld@feld.me>
Date: Wed, 7 Aug 2024 16:17:58 +0000
Merge branch 'stream-follow-relationships-count' into 'develop'
StreamerView: Do not leak follows count if hidden
See merge request pleroma/pleroma!4205
Diffstat:
3 files changed, 127 insertions(+), 7 deletions(-)
diff --git a/changelog.d/stream-follow-relationships-count.fix b/changelog.d/stream-follow-relationships-count.fix
@@ -0,0 +1 @@
+StreamerView: Do not leak follows count if hidden
+\ No newline at end of file
diff --git a/lib/pleroma/web/views/streamer_view.ex b/lib/pleroma/web/views/streamer_view.ex
@@ -109,7 +109,25 @@ defmodule Pleroma.Web.StreamerView do
|> Jason.encode!()
end
- def render("follow_relationships_update.json", item, topic) do
+ def render(
+ "follow_relationships_update.json",
+ %{follower: follower, following: following} = item,
+ topic
+ ) do
+ following_follower_count =
+ if Enum.any?([following.hide_followers_count, following.hide_followers]) do
+ 0
+ else
+ following.follower_count
+ end
+
+ following_following_count =
+ if Enum.any?([following.hide_follows_count, following.hide_follows]) do
+ 0
+ else
+ following.following_count
+ end
+
%{
stream: render("stream.json", %{topic: topic}),
event: "pleroma:follow_relationships_update",
@@ -117,14 +135,14 @@ defmodule Pleroma.Web.StreamerView do
%{
state: item.state,
follower: %{
- id: item.follower.id,
- follower_count: item.follower.follower_count,
- following_count: item.follower.following_count
+ id: follower.id,
+ follower_count: follower.follower_count,
+ following_count: follower.following_count
},
following: %{
- id: item.following.id,
- follower_count: item.following.follower_count,
- following_count: item.following.following_count
+ id: following.id,
+ follower_count: following_follower_count,
+ following_count: following_following_count
}
}
|> Jason.encode!()
diff --git a/test/pleroma/web/views/streamer_view_test.ex b/test/pleroma/web/views/streamer_view_test.ex
@@ -0,0 +1,100 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.StreamerViewTest do
+ use Pleroma.Web.ConnCase, async: true
+ # import ExUnit.CaptureLog
+ import Pleroma.Factory
+
+ alias Pleroma.Web.CommonAPI
+ alias Pleroma.Web.StreamerView
+
+ describe "follow_relationships_update.json" do
+ test "shows follower/following count normally" do
+ other_user = insert(:user)
+ %{id: following_id} = following = insert(:user)
+ follower = insert(:user)
+
+ {:ok, _, _, _} = CommonAPI.follow(other_user, following)
+ {:ok, follower, following, _activity} = CommonAPI.follow(following, follower)
+
+ result =
+ StreamerView.render(
+ "follow_relationships_update.json",
+ %{follower: follower, following: following, state: :test},
+ "user:test"
+ )
+
+ {:ok, %{"payload" => payload}} = Jason.decode(result)
+
+ {:ok, decoded_payload} = Jason.decode(payload)
+
+ # check the payload updating the user that was followed
+ assert match?(
+ %{"follower_count" => 1, "following_count" => 1, "id" => ^following_id},
+ decoded_payload["following"]
+ )
+ end
+
+ test "hides follower count for :hide_followers and :hide_followers_count" do
+ user_attrs = [%{hide_followers: true}, %{hide_followers_count: true}]
+
+ Enum.each(user_attrs, fn attrs ->
+ other_user = insert(:user)
+ %{id: following_id} = following = insert(:user, attrs)
+ follower = insert(:user)
+
+ {:ok, _, _, _} = CommonAPI.follow(other_user, following)
+ {:ok, follower, following, _activity} = CommonAPI.follow(following, follower)
+
+ result =
+ StreamerView.render(
+ "follow_relationships_update.json",
+ %{follower: follower, following: following, state: :test},
+ "user:test"
+ )
+
+ {:ok, %{"payload" => payload}} = Jason.decode(result)
+
+ {:ok, decoded_payload} = Jason.decode(payload)
+
+ # check the payload updating the user that was followed
+ assert match?(
+ %{"follower_count" => 0, "following_count" => 1, "id" => ^following_id},
+ decoded_payload["following"]
+ )
+ end)
+ end
+
+ test "hides follows count for :hide_follows and :hide_follows_count" do
+ user_attrs = [%{hide_follows: true}, %{hide_follows_count: true}]
+
+ Enum.each(user_attrs, fn attrs ->
+ other_user = insert(:user)
+ %{id: following_id} = following = insert(:user, attrs)
+ follower = insert(:user)
+
+ {:ok, _, _, _} = CommonAPI.follow(other_user, following)
+ {:ok, follower, following, _activity} = CommonAPI.follow(following, follower)
+
+ result =
+ StreamerView.render(
+ "follow_relationships_update.json",
+ %{follower: follower, following: following, state: :test},
+ "user:test"
+ )
+
+ {:ok, %{"payload" => payload}} = Jason.decode(result)
+
+ {:ok, decoded_payload} = Jason.decode(payload)
+
+ # check the payload updating the user that was followed
+ assert match?(
+ %{"follower_count" => 1, "following_count" => 0, "id" => ^following_id},
+ decoded_payload["following"]
+ )
+ end)
+ end
+ end
+end
