commit: 63739c5a58ccb65dd4a63019b270429d5a462e71
parent 83301fe61aa3d453b7c12ee1f5465d9802d07370
Author: Mark Felder <feld@feld.me>
Date: Thu, 18 Feb 2021 17:23:17 -0600
Tests to validate client disclosure obeys user setting
Diffstat:
2 files changed, 27 insertions(+), 5 deletions(-)
diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
@@ -420,9 +420,13 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
)
end
- defp put_application(params, %{assigns: %{token: %Token{} = token}} = _conn) do
- %{client_name: client_name, website: website} = Repo.preload(token, :app).app
- Map.put(params, :application, %{name: client_name, website: website})
+ defp put_application(params, %{assigns: %{token: %Token{user: %User{} = user} = token}} = _conn) do
+ if user.disclose_client do
+ %{client_name: client_name, website: website} = Repo.preload(token, :app).app
+ Map.put(params, :application, %{name: client_name, website: website})
+ else
+ Map.put(params, :application, nil)
+ end
end
defp put_application(params, _), do: Map.put(params, :application, nil)
diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
@@ -358,8 +358,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
assert activity.data["cc"] == []
end
- test "preserves client application metadata" do
- %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"])
+ test "discloses application metadata when enabled" do
+ user = insert(:user, disclose_client: true)
+ %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"], user: user)
%Pleroma.Web.OAuth.Token{
app: %Pleroma.Web.OAuth.App{
@@ -383,6 +384,23 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
}
} = json_response_and_validate_schema(result, 200)
end
+
+ test "hides application metadata when disabled" do
+ user = insert(:user, disclose_client: false)
+ %{user: _user, token: _token, conn: conn} = oauth_access(["write:statuses"], user: user)
+
+ result =
+ conn
+ |> put_req_header("content-type", "application/json")
+ |> post("/api/v1/statuses", %{
+ "status" => "club mate is my wingman"
+ })
+
+ assert %{
+ "content" => "club mate is my wingman",
+ "application" => nil
+ } = json_response_and_validate_schema(result, 200)
+ end
end
describe "posting scheduled statuses" do
