AkkomaGang/akkoma
AkkomaGang
/
akkoma
13
63
Fork 84
Code Issues 172 Pull Requests 15 Packages Projects 2 Releases 13 Wiki Activity

Merge branch '1973-chats-fix-with-restrict-unauthenticated' into 'develop' 

[#1973] Fixed accounts rendering in GET /api/v1/pleroma/chats with truish :restrict_unauthenticated setting

Closes #1973

See merge request pleroma/pleroma!2791
This commit is contained in:
lain 2020-07-23 12:52:02 +00:00
parent b2ba70eec4 9ea51a6de5
commit 76aa49a0c5
20 changed files with 158 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/pleroma/web/activity_pub/utils.ex
View File

@ -719,15 +719,18 @@ defmodule Pleroma.Web.ActivityPub.Utils do
case Activity.get_by_ap_id_with_object(id) do case Activity.get_by_ap_id_with_object(id) do
%Activity{} = activity -> %Activity{} = activity ->
activity_actor = User.get_by_ap_id(activity.object.data["actor"])
%{ %{
"type" => "Note", "type" => "Note",
"id" => activity.data["id"], "id" => activity.data["id"],
"content" => activity.object.data["content"], "content" => activity.object.data["content"],
"published" => activity.object.data["published"], "published" => activity.object.data["published"],
"actor" => "actor" =>
AccountView.render("show.json", %{ AccountView.render(
user: User.get_by_ap_id(activity.object.data["actor"]) "show.json",
}) %{user: activity_actor, skip_visibility_check: true}
)
} }
_ -> _ ->

6
lib/pleroma/web/admin_api/controllers/admin_api_controller.ex
View File

@ -345,7 +345,11 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
with {:ok, users, count} <- Search.user(Map.merge(search_params, filters)) do with {:ok, users, count} <- Search.user(Map.merge(search_params, filters)) do
json( json(
conn, conn,
AccountView.render("index.json", users: users, count: count, page_size: page_size) AccountView.render("index.json",
users: users,
count: count,
page_size: page_size
)
) )
end end
end end

2
lib/pleroma/web/admin_api/views/account_view.ex
View File

@ -105,7 +105,7 @@ defmodule Pleroma.Web.AdminAPI.AccountView do
end end
def merge_account_views(%User{} = user) do def merge_account_views(%User{} = user) do
MastodonAPI.AccountView.render("show.json", %{user: user}) MastodonAPI.AccountView.render("show.json", %{user: user, skip_visibility_check: true})
|> Map.merge(AdminAPI.AccountView.render("show.json", %{user: user})) |> Map.merge(AdminAPI.AccountView.render("show.json", %{user: user}))
end end

6
lib/pleroma/web/chat_channel.ex
View File

@ -4,8 +4,10 @@
defmodule Pleroma.Web.ChatChannel do defmodule Pleroma.Web.ChatChannel do
use Phoenix.Channel use Phoenix.Channel
alias Pleroma.User alias Pleroma.User
alias Pleroma.Web.ChatChannel.ChatChannelState alias Pleroma.Web.ChatChannel.ChatChannelState
alias Pleroma.Web.MastodonAPI.AccountView
def join("chat:public", _message, socket) do def join("chat:public", _message, socket) do
send(self(), :after_join) send(self(), :after_join)
@ -22,9 +24,9 @@ defmodule Pleroma.Web.ChatChannel do
if String.length(text) in 1..Pleroma.Config.get([:instance, :chat_limit]) do if String.length(text) in 1..Pleroma.Config.get([:instance, :chat_limit]) do
author = User.get_cached_by_nickname(user_name) author = User.get_cached_by_nickname(user_name)
author = Pleroma.Web.MastodonAPI.AccountView.render("show.json", user: author) author_json = AccountView.render("show.json", user: author, skip_visibility_check: true)
message = ChatChannelState.add_message(%{text: text, author: author}) message = ChatChannelState.add_message(%{text: text, author: author_json})
broadcast!(socket, "new_msg", message) broadcast!(socket, "new_msg", message)
end end

1
lib/pleroma/web/mastodon_api/controllers/search_controller.ex
View File

@ -93,7 +93,6 @@ defmodule Pleroma.Web.MastodonAPI.SearchController do
AccountView.render("index.json", AccountView.render("index.json",
users: accounts, users: accounts,
for: options[:for_user], for: options[:for_user],
as: :user,
embed_relationships: options[:embed_relationships] embed_relationships: options[:embed_relationships]
) )
end end

25
lib/pleroma/web/mastodon_api/views/account_view.ex
View File

@ -27,21 +27,40 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
UserRelationship.view_relationships_option(reading_user, users) UserRelationship.view_relationships_option(reading_user, users)
end end
opts = Map.put(opts, :relationships, relationships_opt) opts =
opts
|> Map.merge(%{relationships: relationships_opt, as: :user})
|> Map.delete(:users)
users users
|> render_many(AccountView, "show.json", opts) |> render_many(AccountView, "show.json", opts)
|> Enum.filter(&Enum.any?/1) |> Enum.filter(&Enum.any?/1)
end end
def render("show.json", %{user: user} = opts) do @doc """
if User.visible_for(user, opts[:for]) == :visible do Renders specified user account.
:skip_visibility_check option skips visibility check and renders any user (local or remote)
regardless of [:pleroma, :restrict_unauthenticated] setting.
:for option specifies the requester and can be a User record or nil.
Only use `user: user, for: user` when `user` is the actual requester of own profile.
"""
def render("show.json", %{user: _user, skip_visibility_check: true} = opts) do
do_render("show.json", opts)
end
def render("show.json", %{user: user, for: for_user_or_nil} = opts) do
if User.visible_for(user, for_user_or_nil) == :visible do
do_render("show.json", opts) do_render("show.json", opts)
else else
%{} %{}
end end
end end
def render("show.json", _) do
raise "In order to prevent account accessibility issues, " <>
":skip_visibility_check or :for option is required."
end
def render("mention.json", %{user: user}) do def render("mention.json", %{user: user}) do
%{ %{
id: to_string(user.id), id: to_string(user.id),

2
lib/pleroma/web/mastodon_api/views/conversation_view.ex
View File

@ -38,7 +38,7 @@ defmodule Pleroma.Web.MastodonAPI.ConversationView do
%{ %{
id: participation.id |> to_string(), id: participation.id |> to_string(),
accounts: render(AccountView, "index.json", users: users, as: :user), accounts: render(AccountView, "index.json", users: users, for: user),
unread: !participation.read, unread: !participation.read,
last_status: last_status:
render(StatusView, "show.json", render(StatusView, "show.json",

15
lib/pleroma/web/pleroma_api/controllers/chat_controller.ex
View File

@ -89,11 +89,11 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
cm_ref <- MessageReference.for_chat_and_object(chat, message) do cm_ref <- MessageReference.for_chat_and_object(chat, message) do
conn conn
|> put_view(MessageReferenceView) |> put_view(MessageReferenceView)
|> render("show.json", for: user, chat_message_reference: cm_ref) |> render("show.json", chat_message_reference: cm_ref)
end end
end end
def mark_message_as_read(%{assigns: %{user: %{id: user_id} = user}} = conn, %{ def mark_message_as_read(%{assigns: %{user: %{id: user_id}}} = conn, %{
id: chat_id, id: chat_id,
message_id: message_id message_id: message_id
}) do }) do
@ -104,12 +104,15 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
{:ok, cm_ref} <- MessageReference.mark_as_read(cm_ref) do {:ok, cm_ref} <- MessageReference.mark_as_read(cm_ref) do
conn conn
|> put_view(MessageReferenceView) |> put_view(MessageReferenceView)
|> render("show.json", for: user, chat_message_reference: cm_ref) |> render("show.json", chat_message_reference: cm_ref)
end end
end end
def mark_as_read( def mark_as_read(
%{body_params: %{last_read_id: last_read_id}, assigns: %{user: %{id: user_id}}} = conn, %{
body_params: %{last_read_id: last_read_id},
assigns: %{user: %{id: user_id}}
} = conn,
%{id: id} %{id: id}
) do ) do
with %Chat{} = chat <- Repo.get_by(Chat, id: id, user_id: user_id), with %Chat{} = chat <- Repo.get_by(Chat, id: id, user_id: user_id),
@ -121,7 +124,7 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
end end
end end
def messages(%{assigns: %{user: %{id: user_id} = user}} = conn, %{id: id} = params) do def messages(%{assigns: %{user: %{id: user_id}}} = conn, %{id: id} = params) do
with %Chat{} = chat <- Repo.get_by(Chat, id: id, user_id: user_id) do with %Chat{} = chat <- Repo.get_by(Chat, id: id, user_id: user_id) do
cm_refs = cm_refs =
chat chat
@ -130,7 +133,7 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
conn conn
|> put_view(MessageReferenceView) |> put_view(MessageReferenceView)
|> render("index.json", for: user, chat_message_references: cm_refs) |> render("index.json", chat_message_references: cm_refs)
else else
_ -> _ ->
conn conn

17
lib/pleroma/web/pleroma_api/views/chat_view.ex
View File

@ -15,10 +15,11 @@ defmodule Pleroma.Web.PleromaAPI.ChatView do
def render("show.json", %{chat: %Chat{} = chat} = opts) do def render("show.json", %{chat: %Chat{} = chat} = opts) do
recipient = User.get_cached_by_ap_id(chat.recipient) recipient = User.get_cached_by_ap_id(chat.recipient)
last_message = opts[:last_message] || MessageReference.last_message_for_chat(chat) last_message = opts[:last_message] || MessageReference.last_message_for_chat(chat)
account_view_opts = account_view_opts(opts, recipient)
%{ %{
id: chat.id |> to_string(), id: chat.id |> to_string(),
account: AccountView.render("show.json", Map.put(opts, :user, recipient)), account: AccountView.render("show.json", account_view_opts),
unread: MessageReference.unread_count_for_chat(chat), unread: MessageReference.unread_count_for_chat(chat),
last_message: last_message:
last_message && last_message &&
@ -27,7 +28,17 @@ defmodule Pleroma.Web.PleromaAPI.ChatView do
} }
end end
def render("index.json", %{chats: chats}) do def render("index.json", %{chats: chats} = opts) do
render_many(chats, __MODULE__, "show.json") render_many(chats, __MODULE__, "show.json", Map.delete(opts, :chats))
end
defp account_view_opts(opts, recipient) do
account_view_opts = Map.put(opts, :user, recipient)
if Map.has_key?(account_view_opts, :for) do
account_view_opts
else
Map.put(account_view_opts, :skip_visibility_check, true)
end
end end
end end

2
lib/pleroma/web/pleroma_api/views/emoji_reaction_view.ex
View File

@ -17,7 +17,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiReactionView do
%{ %{
name: emoji, name: emoji,
count: length(users), count: length(users),
accounts: render(AccountView, "index.json", users: users, for: user, as: :user), accounts: render(AccountView, "index.json", users: users, for: user),
me: !!(user && user.ap_id in user_ap_ids) me: !!(user && user.ap_id in user_ap_ids)
} }
end end

6
mix.lock
View File

@ -14,14 +14,14 @@
"certifi": {:hex, :certifi, "2.5.2", "b7cfeae9d2ed395695dd8201c57a2d019c0c43ecaf8b8bcb9320b40d6662f340", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm", "3b3b5f36493004ac3455966991eaf6e768ce9884693d9968055aeeeb1e575040"}, "certifi": {:hex, :certifi, "2.5.2", "b7cfeae9d2ed395695dd8201c57a2d019c0c43ecaf8b8bcb9320b40d6662f340", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm", "3b3b5f36493004ac3455966991eaf6e768ce9884693d9968055aeeeb1e575040"},
"combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm", "1b1dbc1790073076580d0d1d64e42eae2366583e7aecd455d1215b0d16f2451b"}, "combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm", "1b1dbc1790073076580d0d1d64e42eae2366583e7aecd455d1215b0d16f2451b"},
"comeonin": {:hex, :comeonin, "5.3.1", "7fe612b739c78c9c1a75186ef2d322ce4d25032d119823269d0aa1e2f1e20025", [:mix], [], "hexpm", "d6222483060c17f0977fad1b7401ef0c5863c985a64352755f366aee3799c245"}, "comeonin": {:hex, :comeonin, "5.3.1", "7fe612b739c78c9c1a75186ef2d322ce4d25032d119823269d0aa1e2f1e20025", [:mix], [], "hexpm", "d6222483060c17f0977fad1b7401ef0c5863c985a64352755f366aee3799c245"},
"concurrent_limiter": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/concurrent_limiter", "8eee96c6ba39b9286ec44c51c52d9f2758951365", [ref: "8eee96c6ba39b9286ec44c51c52d9f2758951365"]}, "concurrent_limiter": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/concurrent_limiter.git", "8eee96c6ba39b9286ec44c51c52d9f2758951365", [ref: "8eee96c6ba39b9286ec44c51c52d9f2758951365"]},
"connection": {:hex, :connection, "1.0.4", "a1cae72211f0eef17705aaededacac3eb30e6625b04a6117c1b2db6ace7d5976", [:mix], [], "hexpm", "4a0850c9be22a43af9920a71ab17c051f5f7d45c209e40269a1938832510e4d9"}, "connection": {:hex, :connection, "1.0.4", "a1cae72211f0eef17705aaededacac3eb30e6625b04a6117c1b2db6ace7d5976", [:mix], [], "hexpm", "4a0850c9be22a43af9920a71ab17c051f5f7d45c209e40269a1938832510e4d9"},
"cors_plug": {:hex, :cors_plug, "1.5.2", "72df63c87e4f94112f458ce9d25800900cc88608c1078f0e4faddf20933eda6e", [:mix], [{:plug, "~> 1.3 or ~> 1.4 or ~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "9af027d20dc12dd0c4345a6b87247e0c62965871feea0bfecf9764648b02cc69"}, "cors_plug": {:hex, :cors_plug, "1.5.2", "72df63c87e4f94112f458ce9d25800900cc88608c1078f0e4faddf20933eda6e", [:mix], [{:plug, "~> 1.3 or ~> 1.4 or ~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "9af027d20dc12dd0c4345a6b87247e0c62965871feea0bfecf9764648b02cc69"},
"cowboy": {:hex, :cowboy, "2.7.0", "91ed100138a764355f43316b1d23d7ff6bdb0de4ea618cb5d8677c93a7a2f115", [:rebar3], [{:cowlib, "~> 2.8.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.7.1", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "04fd8c6a39edc6aaa9c26123009200fc61f92a3a94f3178c527b70b767c6e605"}, "cowboy": {:hex, :cowboy, "2.7.0", "91ed100138a764355f43316b1d23d7ff6bdb0de4ea618cb5d8677c93a7a2f115", [:rebar3], [{:cowlib, "~> 2.8.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.7.1", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "04fd8c6a39edc6aaa9c26123009200fc61f92a3a94f3178c527b70b767c6e605"},
"cowlib": {:hex, :cowlib, "2.8.0", "fd0ff1787db84ac415b8211573e9a30a3ebe71b5cbff7f720089972b2319c8a4", [:rebar3], [], "hexpm", "79f954a7021b302186a950a32869dbc185523d99d3e44ce430cd1f3289f41ed4"}, "cowlib": {:hex, :cowlib, "2.8.0", "fd0ff1787db84ac415b8211573e9a30a3ebe71b5cbff7f720089972b2319c8a4", [:rebar3], [], "hexpm", "79f954a7021b302186a950a32869dbc185523d99d3e44ce430cd1f3289f41ed4"},
"credo": {:hex, :credo, "1.1.5", "caec7a3cadd2e58609d7ee25b3931b129e739e070539ad1a0cd7efeeb47014f4", [:mix], [{:bunt, "~> 0.2.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "d0bbd3222607ccaaac5c0340f7f525c627ae4d7aee6c8c8c108922620c5b6446"}, "credo": {:hex, :credo, "1.1.5", "caec7a3cadd2e58609d7ee25b3931b129e739e070539ad1a0cd7efeeb47014f4", [:mix], [{:bunt, "~> 0.2.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "d0bbd3222607ccaaac5c0340f7f525c627ae4d7aee6c8c8c108922620c5b6446"},
"crontab": {:hex, :crontab, "1.1.8", "2ce0e74777dfcadb28a1debbea707e58b879e6aa0ffbf9c9bb540887bce43617", [:mix], [{:ecto, "~> 1.0 or ~> 2.0 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}], "hexpm"}, "crontab": {:hex, :crontab, "1.1.8", "2ce0e74777dfcadb28a1debbea707e58b879e6aa0ffbf9c9bb540887bce43617", [:mix], [{:ecto, "~> 1.0 or ~> 2.0 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}], "hexpm"},
"crypt": {:git, "https://github.com/msantos/crypt", "f63a705f92c26955977ee62a313012e309a4d77a", [ref: "f63a705f92c26955977ee62a313012e309a4d77a"]}, "crypt": {:git, "https://github.com/msantos/crypt.git", "f63a705f92c26955977ee62a313012e309a4d77a", [ref: "f63a705f92c26955977ee62a313012e309a4d77a"]},
"custom_base": {:hex, :custom_base, "0.2.1", "4a832a42ea0552299d81652aa0b1f775d462175293e99dfbe4d7dbaab785a706", [:mix], [], "hexpm", "8df019facc5ec9603e94f7270f1ac73ddf339f56ade76a721eaa57c1493ba463"}, "custom_base": {:hex, :custom_base, "0.2.1", "4a832a42ea0552299d81652aa0b1f775d462175293e99dfbe4d7dbaab785a706", [:mix], [], "hexpm", "8df019facc5ec9603e94f7270f1ac73ddf339f56ade76a721eaa57c1493ba463"},
"db_connection": {:hex, :db_connection, "2.2.2", "3bbca41b199e1598245b716248964926303b5d4609ff065125ce98bcd368939e", [:mix], [{:connection, "~> 1.0.2", [hex: :connection, repo: "hexpm", optional: false]}], "hexpm", "642af240d8a8affb93b4ba5a6fcd2bbcbdc327e1a524b825d383711536f8070c"}, "db_connection": {:hex, :db_connection, "2.2.2", "3bbca41b199e1598245b716248964926303b5d4609ff065125ce98bcd368939e", [:mix], [{:connection, "~> 1.0.2", [hex: :connection, repo: "hexpm", optional: false]}], "hexpm", "642af240d8a8affb93b4ba5a6fcd2bbcbdc327e1a524b825d383711536f8070c"},
"decimal": {:hex, :decimal, "1.8.1", "a4ef3f5f3428bdbc0d35374029ffcf4ede8533536fa79896dd450168d9acdf3c", [:mix], [], "hexpm", "3cb154b00225ac687f6cbd4acc4b7960027c757a5152b369923ead9ddbca7aec"}, "decimal": {:hex, :decimal, "1.8.1", "a4ef3f5f3428bdbc0d35374029ffcf4ede8533536fa79896dd450168d9acdf3c", [:mix], [], "hexpm", "3cb154b00225ac687f6cbd4acc4b7960027c757a5152b369923ead9ddbca7aec"},
@ -105,7 +105,7 @@
"sleeplocks": {:hex, :sleeplocks, "1.1.1", "3d462a0639a6ef36cc75d6038b7393ae537ab394641beb59830a1b8271faeed3", [:rebar3], [], "hexpm", "84ee37aeff4d0d92b290fff986d6a95ac5eedf9b383fadfd1d88e9b84a1c02e1"}, "sleeplocks": {:hex, :sleeplocks, "1.1.1", "3d462a0639a6ef36cc75d6038b7393ae537ab394641beb59830a1b8271faeed3", [:rebar3], [], "hexpm", "84ee37aeff4d0d92b290fff986d6a95ac5eedf9b383fadfd1d88e9b84a1c02e1"},
"ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"}, "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"},
"sweet_xml": {:hex, :sweet_xml, "0.6.6", "fc3e91ec5dd7c787b6195757fbcf0abc670cee1e4172687b45183032221b66b8", [:mix], [], "hexpm", "2e1ec458f892ffa81f9f8386e3f35a1af6db7a7a37748a64478f13163a1f3573"}, "sweet_xml": {:hex, :sweet_xml, "0.6.6", "fc3e91ec5dd7c787b6195757fbcf0abc670cee1e4172687b45183032221b66b8", [:mix], [], "hexpm", "2e1ec458f892ffa81f9f8386e3f35a1af6db7a7a37748a64478f13163a1f3573"},
"swoosh": {:git, "https://github.com/swoosh/swoosh", "c96e0ca8a00d8f211ec1f042a4626b09f249caa5", [ref: "c96e0ca8a00d8f211ec1f042a4626b09f249caa5"]}, "swoosh": {:git, "https://github.com/swoosh/swoosh.git", "c96e0ca8a00d8f211ec1f042a4626b09f249caa5", [ref: "c96e0ca8a00d8f211ec1f042a4626b09f249caa5"]},
"syslog": {:hex, :syslog, "1.1.0", "6419a232bea84f07b56dc575225007ffe34d9fdc91abe6f1b2f254fd71d8efc2", [:rebar3], [], "hexpm", "4c6a41373c7e20587be33ef841d3de6f3beba08519809329ecc4d27b15b659e1"}, "syslog": {:hex, :syslog, "1.1.0", "6419a232bea84f07b56dc575225007ffe34d9fdc91abe6f1b2f254fd71d8efc2", [:rebar3], [], "hexpm", "4c6a41373c7e20587be33ef841d3de6f3beba08519809329ecc4d27b15b659e1"},
"telemetry": {:hex, :telemetry, "0.4.2", "2808c992455e08d6177322f14d3bdb6b625fbcfd233a73505870d8738a2f4599", [:rebar3], [], "hexpm", "2d1419bd9dda6a206d7b5852179511722e2b18812310d304620c7bd92a13fcef"}, "telemetry": {:hex, :telemetry, "0.4.2", "2808c992455e08d6177322f14d3bdb6b625fbcfd233a73505870d8738a2f4599", [:rebar3], [], "hexpm", "2d1419bd9dda6a206d7b5852179511722e2b18812310d304620c7bd92a13fcef"},
"tesla": {:git, "https://github.com/teamon/tesla.git", "af3707078b10793f6a534938e56b963aff82fe3c", [ref: "af3707078b10793f6a534938e56b963aff82fe3c"]}, "tesla": {:git, "https://github.com/teamon/tesla.git", "af3707078b10793f6a534938e56b963aff82fe3c", [ref: "af3707078b10793f6a534938e56b963aff82fe3c"]},

3
test/web/activity_pub/activity_pub_test.exs
View File

@ -1179,7 +1179,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
"id" => activity_ap_id, "id" => activity_ap_id,
"content" => content, "content" => content,
"published" => activity_with_object.object.data["published"], "published" => activity_with_object.object.data["published"],
"actor" => AccountView.render("show.json", %{user: target_account}) "actor" =>
AccountView.render("show.json", %{user: target_account, skip_visibility_check: true})
} }
assert %Activity{ assert %Activity{

2
test/web/activity_pub/transmogrifier_test.exs
View File

@ -710,7 +710,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
"id" => activity.data["id"], "id" => activity.data["id"],
"content" => "test post", "content" => "test post",
"published" => object.data["published"], "published" => object.data["published"],
"actor" => AccountView.render("show.json", %{user: user}) "actor" => AccountView.render("show.json", %{user: user, skip_visibility_check: true})
} }
message = %{ message = %{

3
test/web/activity_pub/utils_test.exs
View File

@ -482,7 +482,8 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
"id" => activity_ap_id, "id" => activity_ap_id,
"content" => content, "content" => content,
"published" => activity.object.data["published"], "published" => activity.object.data["published"],
"actor" => AccountView.render("show.json", %{user: target_account}) "actor" =>
AccountView.render("show.json", %{user: target_account, skip_visibility_check: true})
} }
assert %{ assert %{

27
test/web/admin_api/views/report_view_test.exs
View File

@ -4,11 +4,14 @@
defmodule Pleroma.Web.AdminAPI.ReportViewTest do defmodule Pleroma.Web.AdminAPI.ReportViewTest do
use Pleroma.DataCase use Pleroma.DataCase
import Pleroma.Factory import Pleroma.Factory
alias Pleroma.Web.AdminAPI
alias Pleroma.Web.AdminAPI.Report alias Pleroma.Web.AdminAPI.Report
alias Pleroma.Web.AdminAPI.ReportView alias Pleroma.Web.AdminAPI.ReportView
alias Pleroma.Web.CommonAPI alias Pleroma.Web.CommonAPI
alias Pleroma.Web.MastodonAPI.AccountView alias Pleroma.Web.MastodonAPI
alias Pleroma.Web.MastodonAPI.StatusView alias Pleroma.Web.MastodonAPI.StatusView
test "renders a report" do test "renders a report" do
@ -21,13 +24,16 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
content: nil, content: nil,
actor: actor:
Map.merge( Map.merge(
AccountView.render("show.json", %{user: user}), MastodonAPI.AccountView.render("show.json", %{user: user, skip_visibility_check: true}),
Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: user}) AdminAPI.AccountView.render("show.json", %{user: user})
), ),
account: account:
Map.merge( Map.merge(
AccountView.render("show.json", %{user: other_user}), MastodonAPI.AccountView.render("show.json", %{
Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: other_user}) user: other_user,
skip_visibility_check: true
}),
AdminAPI.AccountView.render("show.json", %{user: other_user})
), ),
statuses: [], statuses: [],
notes: [], notes: [],
@ -56,13 +62,16 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
content: nil, content: nil,
actor: actor:
Map.merge( Map.merge(
AccountView.render("show.json", %{user: user}), MastodonAPI.AccountView.render("show.json", %{user: user, skip_visibility_check: true}),
Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: user}) AdminAPI.AccountView.render("show.json", %{user: user})
), ),
account: account:
Map.merge( Map.merge(
AccountView.render("show.json", %{user: other_user}), MastodonAPI.AccountView.render("show.json", %{
Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: other_user}) user: other_user,
skip_visibility_check: true
}),
AdminAPI.AccountView.render("show.json", %{user: other_user})
), ),
statuses: [StatusView.render("show.json", %{activity: activity})], statuses: [StatusView.render("show.json", %{activity: activity})],
state: "open", state: "open",

42
test/web/mastodon_api/views/account_view_test.exs
View File

@ -95,7 +95,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
} }
} }
assert expected == AccountView.render("show.json", %{user: user}) assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
end end
test "Favicon is nil when :instances_favicons is disabled" do test "Favicon is nil when :instances_favicons is disabled" do
@ -108,11 +108,12 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
favicon: favicon:
"https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png" "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png"
} }
} = AccountView.render("show.json", %{user: user}) } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
Config.put([:instances_favicons, :enabled], false) Config.put([:instances_favicons, :enabled], false)
assert %{pleroma: %{favicon: nil}} = AccountView.render("show.json", %{user: user}) assert %{pleroma: %{favicon: nil}} =
AccountView.render("show.json", %{user: user, skip_visibility_check: true})
end end
test "Represent the user account for the account owner" do test "Represent the user account for the account owner" do
@ -189,7 +190,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
} }
} }
assert expected == AccountView.render("show.json", %{user: user}) assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
end end
test "Represent a Funkwhale channel" do test "Represent a Funkwhale channel" do
@ -198,7 +199,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
"https://channels.tests.funkwhale.audio/federation/actors/compositions" "https://channels.tests.funkwhale.audio/federation/actors/compositions"
) )
assert represented = AccountView.render("show.json", %{user: user}) assert represented =
AccountView.render("show.json", %{user: user, skip_visibility_check: true})
assert represented.acct == "compositions@channels.tests.funkwhale.audio" assert represented.acct == "compositions@channels.tests.funkwhale.audio"
assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions" assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions"
end end
@ -223,6 +226,23 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
assert expected == AccountView.render("mention.json", %{user: user}) assert expected == AccountView.render("mention.json", %{user: user})
end end
test "demands :for or :skip_visibility_check option for account rendering" do
clear_config([:restrict_unauthenticated, :profiles, :local], false)
user = insert(:user)
user_id = user.id
assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: nil})
assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: user})
assert %{id: ^user_id} =
AccountView.render("show.json", %{user: user, skip_visibility_check: true})
assert_raise RuntimeError, ~r/:skip_visibility_check or :for option is required/, fn ->
AccountView.render("show.json", %{user: user})
end
end
describe "relationship" do describe "relationship" do
defp test_relationship_rendering(user, other_user, expected_result) do defp test_relationship_rendering(user, other_user, expected_result) do
opts = %{user: user, target: other_user, relationships: nil} opts = %{user: user, target: other_user, relationships: nil}
@ -336,7 +356,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
assert result.pleroma.settings_store == %{:fe => "test"} assert result.pleroma.settings_store == %{:fe => "test"}
result = AccountView.render("show.json", %{user: user, with_pleroma_settings: true}) result = AccountView.render("show.json", %{user: user, for: nil, with_pleroma_settings: true})
assert result.pleroma[:settings_store] == nil assert result.pleroma[:settings_store] == nil
result = AccountView.render("show.json", %{user: user, for: user}) result = AccountView.render("show.json", %{user: user, for: user})
@ -345,13 +365,13 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
test "doesn't sanitize display names" do test "doesn't sanitize display names" do
user = insert(:user, name: "<marquee> username </marquee>") user = insert(:user, name: "<marquee> username </marquee>")
result = AccountView.render("show.json", %{user: user}) result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
assert result.display_name == "<marquee> username </marquee>" assert result.display_name == "<marquee> username </marquee>"
end end
test "never display nil user follow counts" do test "never display nil user follow counts" do
user = insert(:user, following_count: 0, follower_count: 0) user = insert(:user, following_count: 0, follower_count: 0)
result = AccountView.render("show.json", %{user: user}) result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
assert result.following_count == 0 assert result.following_count == 0
assert result.followers_count == 0 assert result.followers_count == 0
@ -375,7 +395,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
followers_count: 0, followers_count: 0,
following_count: 0, following_count: 0,
pleroma: %{hide_follows_count: true, hide_followers_count: true} pleroma: %{hide_follows_count: true, hide_followers_count: true}
} = AccountView.render("show.json", %{user: user}) } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
end end
test "shows when follows/followers are hidden" do test "shows when follows/followers are hidden" do
@ -388,7 +408,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
followers_count: 1, followers_count: 1,
following_count: 1, following_count: 1,
pleroma: %{hide_follows: true, hide_followers: true} pleroma: %{hide_follows: true, hide_followers: true}
} = AccountView.render("show.json", %{user: user}) } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
end end
test "shows actual follower/following count to the account owner" do test "shows actual follower/following count to the account owner" do
@ -531,7 +551,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
emoji: %{"joker_smile" => "https://evil.website/society.png"} emoji: %{"joker_smile" => "https://evil.website/society.png"}
) )
AccountView.render("show.json", %{user: user}) AccountView.render("show.json", %{user: user, skip_visibility_check: true})
|> Enum.all?(fn |> Enum.all?(fn
{key, url} when key in [:avatar, :avatar_static, :header, :header_static] -> {key, url} when key in [:avatar, :avatar_static, :header, :header_static] ->
String.starts_with?(url, Pleroma.Web.base_url()) String.starts_with?(url, Pleroma.Web.base_url())

2
test/web/mastodon_api/views/status_view_test.exs
View File

@ -177,7 +177,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
id: to_string(note.id), id: to_string(note.id),
uri: object_data["id"], uri: object_data["id"],
url: Pleroma.Web.Router.Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, note), url: Pleroma.Web.Router.Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, note),
account: AccountView.render("show.json", %{user: user}), account: AccountView.render("show.json", %{user: user, skip_visibility_check: true}),
in_reply_to_id: nil, in_reply_to_id: nil,
in_reply_to_account_id: nil, in_reply_to_account_id: nil,
card: nil, card: nil,

22
test/web/pleroma_api/controllers/chat_controller_test.exs
View File

@ -332,5 +332,27 @@ defmodule Pleroma.Web.PleromaAPI.ChatControllerTest do
chat_1.id |> to_string() chat_1.id |> to_string()
] ]
end end
test "it is not affected by :restrict_unauthenticated setting (issue #1973)", %{
conn: conn,
user: user
} do
clear_config([:restrict_unauthenticated, :profiles, :local], true)
clear_config([:restrict_unauthenticated, :profiles, :remote], true)
user2 = insert(:user)
user3 = insert(:user, local: false)
{:ok, _chat_12} = Chat.get_or_create(user.id, user2.ap_id)
{:ok, _chat_13} = Chat.get_or_create(user.id, user3.ap_id)
result =
conn
|> get("/api/v1/pleroma/chats")
|> json_response_and_validate_schema(200)
account_ids = Enum.map(result, &get_in(&1, ["account", "id"]))
assert Enum.sort(account_ids) == Enum.sort([user2.id, user3.id])
end
end end
end end

3
test/web/pleroma_api/views/chat_view_test.exs
View File

@ -26,7 +26,8 @@ defmodule Pleroma.Web.PleromaAPI.ChatViewTest do
assert represented_chat == %{ assert represented_chat == %{
id: "#{chat.id}", id: "#{chat.id}",
account: AccountView.render("show.json", user: recipient), account:
AccountView.render("show.json", user: recipient, skip_visibility_check: true),
unread: 0, unread: 0,
last_message: nil, last_message: nil,
updated_at: Utils.to_masto_date(chat.updated_at) updated_at: Utils.to_masto_date(chat.updated_at)

45
test/web/twitter_api/twitter_api_test.exs
View File

@ -4,11 +4,11 @@
defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
use Pleroma.DataCase use Pleroma.DataCase
alias Pleroma.Repo alias Pleroma.Repo
alias Pleroma.Tests.ObanHelpers alias Pleroma.Tests.ObanHelpers
alias Pleroma.User alias Pleroma.User
alias Pleroma.UserInviteToken alias Pleroma.UserInviteToken
alias Pleroma.Web.MastodonAPI.AccountView
alias Pleroma.Web.TwitterAPI.TwitterAPI alias Pleroma.Web.TwitterAPI.TwitterAPI
setup_all do setup_all do
@ -27,13 +27,10 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("lain") assert user == User.get_cached_by_nickname("lain")
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
end end
test "it registers a new user with empty string in bio and returns the user." do test "it registers a new user with empty string in bio and returns the user" do
data = %{ data = %{
:username => "lain", :username => "lain",
:email => "lain@wired.jp", :email => "lain@wired.jp",
@ -45,10 +42,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("lain") assert user == User.get_cached_by_nickname("lain")
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
end end
test "it sends confirmation email if :account_activation_required is specified in instance config" do test "it sends confirmation email if :account_activation_required is specified in instance config" do
@ -134,13 +128,10 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("vinny") assert user == User.get_cached_by_nickname("vinny")
invite = Repo.get_by(UserInviteToken, token: invite.token) invite = Repo.get_by(UserInviteToken, token: invite.token)
assert invite.used == true assert invite.used == true
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
end end
test "returns error on invalid token" do test "returns error on invalid token" do
@ -197,10 +188,8 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
check_fn = fn invite -> check_fn = fn invite ->
data = Map.put(data, :token, invite.token) data = Map.put(data, :token, invite.token)
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("vinny")
assert AccountView.render("show.json", %{user: user}) == assert user == User.get_cached_by_nickname("vinny")
AccountView.render("show.json", %{user: fetched_user})
end end
{:ok, data: data, check_fn: check_fn} {:ok, data: data, check_fn: check_fn}
@ -260,14 +249,11 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
} }
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("vinny") assert user == User.get_cached_by_nickname("vinny")
invite = Repo.get_by(UserInviteToken, token: invite.token) invite = Repo.get_by(UserInviteToken, token: invite.token)
assert invite.used == true assert invite.used == true
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
data = %{ data = %{
:username => "GrimReaper", :username => "GrimReaper",
:email => "death@reapers.afterlife", :email => "death@reapers.afterlife",
@ -302,13 +288,10 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
} }
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("vinny") assert user == User.get_cached_by_nickname("vinny")
invite = Repo.get_by(UserInviteToken, token: invite.token) invite = Repo.get_by(UserInviteToken, token: invite.token)
refute invite.used refute invite.used
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
end end
test "error after max uses" do test "error after max uses" do
@ -327,13 +310,11 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
} }
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("vinny") assert user == User.get_cached_by_nickname("vinny")
invite = Repo.get_by(UserInviteToken, token: invite.token) invite = Repo.get_by(UserInviteToken, token: invite.token)
assert invite.used == true assert invite.used == true
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
data = %{ data = %{
:username => "GrimReaper", :username => "GrimReaper",
:email => "death@reapers.afterlife", :email => "death@reapers.afterlife",