Mastodon API: do not create a following relationship if the corresponding follow request doesn't exist when calling `POST /api/v1/follow_requests/:id/authorize` - pleroma - My custom branche(s) on git.pleroma.social/pleroma/pleroma

commit: 66a8e1312dc82fa755a635984f89a5314917d209
parent: e55876409b523d81bc19db876bc90f29ba80a47c
Author: eugenijm <eugenijm@protonmail.com>
Date:   Mon, 27 Apr 2020 17:41:38 +0300

Mastodon API: do not create a following relationship if the corresponding follow request doesn't exist when calling `POST /api/v1/follow_requests/:id/authorize`

Diffstat:
M CHANGELOG.md 1 +
M lib/pleroma/web/common_api/common_api.ex 4 ++--
M test/web/common_api/common_api_test.exs 8 ++++++++

3 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -41,6 +41,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Logger configuration through AdminFE
 - HTTP Basic Authentication permissions issue
 - ObjectAgePolicy didn't filter out old messages
+- Mastodon API: do not create a following relationship if the corresponding follow request doesn't exist when calling `POST /api/v1/follow_requests/:id/authorize`
 
 ### Added
 - NodeInfo: ObjectAgePolicy settings to the `federation` list.
diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex
@@ -43,8 +43,8 @@ defmodule Pleroma.Web.CommonAPI do
   end
 
   def accept_follow_request(follower, followed) do
-    with {:ok, follower} <- User.follow(follower, followed),
-         %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed),
+    with %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed),
+         {:ok, follower} <- User.follow(follower, followed),
          {:ok, follow_activity} <- Utils.update_follow_state_for_all(follow_activity, "accept"),
          {:ok, _relationship} <- FollowingRelationship.update(follower, followed, :follow_accept),
          {:ok, _activity} <-
diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs
@@ -697,6 +697,14 @@ defmodule Pleroma.Web.CommonAPITest do
       assert Repo.get(Activity, follow_activity_two.id).data["state"] == "reject"
       assert Repo.get(Activity, follow_activity_three.id).data["state"] == "pending"
     end
+
+    test "doesn't create a following relationship if the corresponding follow request doesn't exist" do
+      user = insert(:user, locked: true)
+      not_follower = insert(:user)
+      CommonAPI.accept_follow_request(not_follower, user)
+
+      assert Pleroma.FollowingRelationship.following?(not_follower, user) == false
+    end
   end
 
   describe "vote/3" do

M	CHANGELOG.md	1	+
M	lib/pleroma/web/common_api/common_api.ex	4	++--
M	test/web/common_api/common_api_test.exs	8	++++++++