logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git
commit: eb383ef8d366c1656494278dfe6d2a6afdc04bc6
parent a677c621e822673b3b2922d5b0975f704f2f59a7
Author: Tusooa Zhu <tusooa@kazv.moe>
Date:   Wed, 22 Sep 2021 16:26:22 -0400

Make move_account endpoint process non-existent users properly

Ref: emit-move

Diffstat:

Mlib/pleroma/web/api_spec/operations/twitter_util_operation.ex3++-
Mlib/pleroma/web/twitter_api/controllers/util_controller.ex23++++++++++++++++++++---
Mtest/pleroma/web/twitter_api/util_controller_test.exs19+++++++++++++++++++
Mtest/support/http_request_mock.ex9+++++++++
4 files changed, 50 insertions(+), 4 deletions(-)

diff --git a/lib/pleroma/web/api_spec/operations/twitter_util_operation.ex b/lib/pleroma/web/api_spec/operations/twitter_util_operation.ex @@ -228,7 +228,8 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do properties: %{status: %Schema{type: :string, example: "success"}} }), 400 => Operation.response("Error", "application/json", ApiError), - 403 => Operation.response("Error", "application/json", ApiError) + 403 => Operation.response("Error", "application/json", ApiError), + 404 => Operation.response("Error", "application/json", ApiError) } } end diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -173,12 +173,14 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do def move_account(%{assigns: %{user: user}, body_params: body_params} = conn, %{}) do case CommonAPI.Utils.confirm_current_password(user, body_params.password) do {:ok, user} -> - with {:ok, target_user} <- find_user_by_nickname(body_params.target_account), + with {:ok, target_user} <- find_or_fetch_user_by_nickname(body_params.target_account), {:ok, _user} <- ActivityPub.move(user, target_user) do json(conn, %{status: "success"}) else - {:not_found} -> - json(conn, %{error: "Target account not found."}) + {:not_found, _} -> + conn + |> put_status(404) + |> json(%{error: "Target account not found."}) {:error, error} -> json(conn, %{error: error}) @@ -233,6 +235,21 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do end end + defp find_or_fetch_user_by_nickname(nickname) do + user = User.get_by_nickname(nickname) + + if user != nil and user.local do + {:ok, user} + else + with {:ok, user} <- User.fetch_by_nickname(nickname) do + {:ok, user} + else + _ -> + {:not_found, nil} + end + end + end + def captcha(conn, _params) do json(conn, Pleroma.Captcha.new()) end diff --git a/test/pleroma/web/twitter_api/util_controller_test.exs b/test/pleroma/web/twitter_api/util_controller_test.exs @@ -573,6 +573,25 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do } end + test "with proper permissions, valid password and target account does not exist", + %{ + conn: conn + } do + target_nick = "not_found@mastodon.social" + + conn = + conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/pleroma/move_account", %{ + "password" => "test", + "target_account" => target_nick + }) + + assert json_response_and_validate_schema(conn, 404) == %{ + "error" => "Target account not found." + } + end + test "with proper permissions, valid password and target account aliases this", %{ conn: conn, user: user diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex @@ -725,6 +725,15 @@ defmodule HttpRequestMock do }} end + def get( + "https://mastodon.social/.well-known/webfinger?resource=acct:not_found@mastodon.social", + _, + _, + [{"accept", "application/xrd+xml,application/jrd+json"}] + ) do + {:ok, %Tesla.Env{status: 404}} + end + def get("http://gs.example.org/.well-known/host-meta", _, _, _) do {:ok, %Tesla.Env{