commit: eb383ef8d366c1656494278dfe6d2a6afdc04bc6
parent a677c621e822673b3b2922d5b0975f704f2f59a7
Author: Tusooa Zhu <tusooa@kazv.moe>
Date: Wed, 22 Sep 2021 16:26:22 -0400
Make move_account endpoint process non-existent users properly
Ref: emit-move
Diffstat:
4 files changed, 50 insertions(+), 4 deletions(-)
diff --git a/lib/pleroma/web/api_spec/operations/twitter_util_operation.ex b/lib/pleroma/web/api_spec/operations/twitter_util_operation.ex
@@ -228,7 +228,8 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
properties: %{status: %Schema{type: :string, example: "success"}}
}),
400 => Operation.response("Error", "application/json", ApiError),
- 403 => Operation.response("Error", "application/json", ApiError)
+ 403 => Operation.response("Error", "application/json", ApiError),
+ 404 => Operation.response("Error", "application/json", ApiError)
}
}
end
diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@@ -173,12 +173,14 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
def move_account(%{assigns: %{user: user}, body_params: body_params} = conn, %{}) do
case CommonAPI.Utils.confirm_current_password(user, body_params.password) do
{:ok, user} ->
- with {:ok, target_user} <- find_user_by_nickname(body_params.target_account),
+ with {:ok, target_user} <- find_or_fetch_user_by_nickname(body_params.target_account),
{:ok, _user} <- ActivityPub.move(user, target_user) do
json(conn, %{status: "success"})
else
- {:not_found} ->
- json(conn, %{error: "Target account not found."})
+ {:not_found, _} ->
+ conn
+ |> put_status(404)
+ |> json(%{error: "Target account not found."})
{:error, error} ->
json(conn, %{error: error})
@@ -233,6 +235,21 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
end
end
+ defp find_or_fetch_user_by_nickname(nickname) do
+ user = User.get_by_nickname(nickname)
+
+ if user != nil and user.local do
+ {:ok, user}
+ else
+ with {:ok, user} <- User.fetch_by_nickname(nickname) do
+ {:ok, user}
+ else
+ _ ->
+ {:not_found, nil}
+ end
+ end
+ end
+
def captcha(conn, _params) do
json(conn, Pleroma.Captcha.new())
end
diff --git a/test/pleroma/web/twitter_api/util_controller_test.exs b/test/pleroma/web/twitter_api/util_controller_test.exs
@@ -573,6 +573,25 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
}
end
+ test "with proper permissions, valid password and target account does not exist",
+ %{
+ conn: conn
+ } do
+ target_nick = "not_found@mastodon.social"
+
+ conn =
+ conn
+ |> put_req_header("content-type", "multipart/form-data")
+ |> post("/api/pleroma/move_account", %{
+ "password" => "test",
+ "target_account" => target_nick
+ })
+
+ assert json_response_and_validate_schema(conn, 404) == %{
+ "error" => "Target account not found."
+ }
+ end
+
test "with proper permissions, valid password and target account aliases this", %{
conn: conn,
user: user
diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex
@@ -725,6 +725,15 @@ defmodule HttpRequestMock do
}}
end
+ def get(
+ "https://mastodon.social/.well-known/webfinger?resource=acct:not_found@mastodon.social",
+ _,
+ _,
+ [{"accept", "application/xrd+xml,application/jrd+json"}]
+ ) do
+ {:ok, %Tesla.Env{status: 404}}
+ end
+
def get("http://gs.example.org/.well-known/host-meta", _, _, _) do
{:ok,
%Tesla.Env{