logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git
commit: 8d3cf7e519ddc0b5e89729d305120d2810e1e3eb
parent ad608373005036a1181474ec446ed9d882385248
Author: kaniini <ariadne@dereferenced.org>
Date:   Tue, 23 Jul 2019 19:14:43 +0000

Merge branch 'bugfix/unauthed-liked-by' into 'develop'

Bugfix: don't error out on unauthorized request to liked/favourited_by

See merge request pleroma/pleroma!1474

Diffstat:


Mlib/pleroma/user.ex2++


Mtest/web/mastodon_api/mastodon_api_controller_test.exs28++++++++++++++++++++++++++++


2 files changed, 30 insertions(+), 0 deletions(-)

diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
@@ -882,6 +882,8 @@ defmodule Pleroma.User do
       Pleroma.Web.ActivityPub.MRF.subdomain_match?(domain_blocks, host)
   end
 
+  def blocks?(nil, _), do: false
+
   def subscribed_to?(user, %{ap_id: ap_id}) do
     with %User{} = target <- get_cached_by_ap_id(ap_id) do
       Enum.member?(target.info.subscribers, user.ap_id)
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -3786,6 +3786,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
 
       assert Enum.empty?(response)
     end
+
+    test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do
+      other_user = insert(:user)
+      {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
+
+      response =
+        conn
+        |> assign(:user, nil)
+        |> get("/api/v1/statuses/#{activity.id}/favourited_by")
+        |> json_response(:ok)
+
+      [%{"id" => id}] = response
+      assert id == other_user.id
+    end
   end
 
   describe "GET /api/v1/statuses/:id/reblogged_by" do
@@ -3843,6 +3857,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
 
       assert Enum.empty?(response)
     end
+
+    test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do
+      other_user = insert(:user)
+      {:ok, _, _} = CommonAPI.repeat(activity.id, other_user)
+
+      response =
+        conn
+        |> assign(:user, nil)
+        |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
+        |> json_response(:ok)
+
+      [%{"id" => id}] = response
+      assert id == other_user.id
+    end
   end
 
   describe "POST /auth/password, with valid parameters" do