Merge branch '1973-chats-fix-with-restrict-unauthenticated' into 'develop'

[#1973] Fixed accounts rendering in GET /api/v1/pleroma/chats with truish :restrict_unauthenticated setting

Closes #1973

See merge request pleroma/pleroma!2791
This commit is contained in:
lain 2020-07-23 12:52:02 +00:00
commit 76aa49a0c5
20 changed files with 158 additions and 82 deletions

View file

@ -719,15 +719,18 @@ defp build_flag_object(act) when is_map(act) or is_binary(act) do
case Activity.get_by_ap_id_with_object(id) do case Activity.get_by_ap_id_with_object(id) do
%Activity{} = activity -> %Activity{} = activity ->
activity_actor = User.get_by_ap_id(activity.object.data["actor"])
%{ %{
"type" => "Note", "type" => "Note",
"id" => activity.data["id"], "id" => activity.data["id"],
"content" => activity.object.data["content"], "content" => activity.object.data["content"],
"published" => activity.object.data["published"], "published" => activity.object.data["published"],
"actor" => "actor" =>
AccountView.render("show.json", %{ AccountView.render(
user: User.get_by_ap_id(activity.object.data["actor"]) "show.json",
}) %{user: activity_actor, skip_visibility_check: true}
)
} }
_ -> _ ->

View file

@ -345,7 +345,11 @@ def list_users(conn, params) do
with {:ok, users, count} <- Search.user(Map.merge(search_params, filters)) do with {:ok, users, count} <- Search.user(Map.merge(search_params, filters)) do
json( json(
conn, conn,
AccountView.render("index.json", users: users, count: count, page_size: page_size) AccountView.render("index.json",
users: users,
count: count,
page_size: page_size
)
) )
end end
end end

View file

@ -105,7 +105,7 @@ def render("create-error.json", %{changeset: %Ecto.Changeset{changes: changes, e
end end
def merge_account_views(%User{} = user) do def merge_account_views(%User{} = user) do
MastodonAPI.AccountView.render("show.json", %{user: user}) MastodonAPI.AccountView.render("show.json", %{user: user, skip_visibility_check: true})
|> Map.merge(AdminAPI.AccountView.render("show.json", %{user: user})) |> Map.merge(AdminAPI.AccountView.render("show.json", %{user: user}))
end end

View file

@ -4,8 +4,10 @@
defmodule Pleroma.Web.ChatChannel do defmodule Pleroma.Web.ChatChannel do
use Phoenix.Channel use Phoenix.Channel
alias Pleroma.User alias Pleroma.User
alias Pleroma.Web.ChatChannel.ChatChannelState alias Pleroma.Web.ChatChannel.ChatChannelState
alias Pleroma.Web.MastodonAPI.AccountView
def join("chat:public", _message, socket) do def join("chat:public", _message, socket) do
send(self(), :after_join) send(self(), :after_join)
@ -22,9 +24,9 @@ def handle_in("new_msg", %{"text" => text}, %{assigns: %{user_name: user_name}}
if String.length(text) in 1..Pleroma.Config.get([:instance, :chat_limit]) do if String.length(text) in 1..Pleroma.Config.get([:instance, :chat_limit]) do
author = User.get_cached_by_nickname(user_name) author = User.get_cached_by_nickname(user_name)
author = Pleroma.Web.MastodonAPI.AccountView.render("show.json", user: author) author_json = AccountView.render("show.json", user: author, skip_visibility_check: true)
message = ChatChannelState.add_message(%{text: text, author: author}) message = ChatChannelState.add_message(%{text: text, author: author_json})
broadcast!(socket, "new_msg", message) broadcast!(socket, "new_msg", message)
end end

View file

@ -93,7 +93,6 @@ defp resource_search(_, "accounts", query, options) do
AccountView.render("index.json", AccountView.render("index.json",
users: accounts, users: accounts,
for: options[:for_user], for: options[:for_user],
as: :user,
embed_relationships: options[:embed_relationships] embed_relationships: options[:embed_relationships]
) )
end end

View file

@ -27,21 +27,40 @@ def render("index.json", %{users: users} = opts) do
UserRelationship.view_relationships_option(reading_user, users) UserRelationship.view_relationships_option(reading_user, users)
end end
opts = Map.put(opts, :relationships, relationships_opt) opts =
opts
|> Map.merge(%{relationships: relationships_opt, as: :user})
|> Map.delete(:users)
users users
|> render_many(AccountView, "show.json", opts) |> render_many(AccountView, "show.json", opts)
|> Enum.filter(&Enum.any?/1) |> Enum.filter(&Enum.any?/1)
end end
def render("show.json", %{user: user} = opts) do @doc """
if User.visible_for(user, opts[:for]) == :visible do Renders specified user account.
:skip_visibility_check option skips visibility check and renders any user (local or remote)
regardless of [:pleroma, :restrict_unauthenticated] setting.
:for option specifies the requester and can be a User record or nil.
Only use `user: user, for: user` when `user` is the actual requester of own profile.
"""
def render("show.json", %{user: _user, skip_visibility_check: true} = opts) do
do_render("show.json", opts)
end
def render("show.json", %{user: user, for: for_user_or_nil} = opts) do
if User.visible_for(user, for_user_or_nil) == :visible do
do_render("show.json", opts) do_render("show.json", opts)
else else
%{} %{}
end end
end end
def render("show.json", _) do
raise "In order to prevent account accessibility issues, " <>
":skip_visibility_check or :for option is required."
end
def render("mention.json", %{user: user}) do def render("mention.json", %{user: user}) do
%{ %{
id: to_string(user.id), id: to_string(user.id),

View file

@ -38,7 +38,7 @@ def render("participation.json", %{participation: participation, for: user}) do
%{ %{
id: participation.id |> to_string(), id: participation.id |> to_string(),
accounts: render(AccountView, "index.json", users: users, as: :user), accounts: render(AccountView, "index.json", users: users, for: user),
unread: !participation.read, unread: !participation.read,
last_status: last_status:
render(StatusView, "show.json", render(StatusView, "show.json",

View file

@ -89,11 +89,11 @@ def post_chat_message(
cm_ref <- MessageReference.for_chat_and_object(chat, message) do cm_ref <- MessageReference.for_chat_and_object(chat, message) do
conn conn
|> put_view(MessageReferenceView) |> put_view(MessageReferenceView)
|> render("show.json", for: user, chat_message_reference: cm_ref) |> render("show.json", chat_message_reference: cm_ref)
end end
end end
def mark_message_as_read(%{assigns: %{user: %{id: user_id} = user}} = conn, %{ def mark_message_as_read(%{assigns: %{user: %{id: user_id}}} = conn, %{
id: chat_id, id: chat_id,
message_id: message_id message_id: message_id
}) do }) do
@ -104,12 +104,15 @@ def mark_message_as_read(%{assigns: %{user: %{id: user_id} = user}} = conn, %{
{:ok, cm_ref} <- MessageReference.mark_as_read(cm_ref) do {:ok, cm_ref} <- MessageReference.mark_as_read(cm_ref) do
conn conn
|> put_view(MessageReferenceView) |> put_view(MessageReferenceView)
|> render("show.json", for: user, chat_message_reference: cm_ref) |> render("show.json", chat_message_reference: cm_ref)
end end
end end
def mark_as_read( def mark_as_read(
%{body_params: %{last_read_id: last_read_id}, assigns: %{user: %{id: user_id}}} = conn, %{
body_params: %{last_read_id: last_read_id},
assigns: %{user: %{id: user_id}}
} = conn,
%{id: id} %{id: id}
) do ) do
with %Chat{} = chat <- Repo.get_by(Chat, id: id, user_id: user_id), with %Chat{} = chat <- Repo.get_by(Chat, id: id, user_id: user_id),
@ -121,7 +124,7 @@ def mark_as_read(
end end
end end
def messages(%{assigns: %{user: %{id: user_id} = user}} = conn, %{id: id} = params) do def messages(%{assigns: %{user: %{id: user_id}}} = conn, %{id: id} = params) do
with %Chat{} = chat <- Repo.get_by(Chat, id: id, user_id: user_id) do with %Chat{} = chat <- Repo.get_by(Chat, id: id, user_id: user_id) do
cm_refs = cm_refs =
chat chat
@ -130,7 +133,7 @@ def messages(%{assigns: %{user: %{id: user_id} = user}} = conn, %{id: id} = para
conn conn
|> put_view(MessageReferenceView) |> put_view(MessageReferenceView)
|> render("index.json", for: user, chat_message_references: cm_refs) |> render("index.json", chat_message_references: cm_refs)
else else
_ -> _ ->
conn conn

View file

@ -15,10 +15,11 @@ defmodule Pleroma.Web.PleromaAPI.ChatView do
def render("show.json", %{chat: %Chat{} = chat} = opts) do def render("show.json", %{chat: %Chat{} = chat} = opts) do
recipient = User.get_cached_by_ap_id(chat.recipient) recipient = User.get_cached_by_ap_id(chat.recipient)
last_message = opts[:last_message] || MessageReference.last_message_for_chat(chat) last_message = opts[:last_message] || MessageReference.last_message_for_chat(chat)
account_view_opts = account_view_opts(opts, recipient)
%{ %{
id: chat.id |> to_string(), id: chat.id |> to_string(),
account: AccountView.render("show.json", Map.put(opts, :user, recipient)), account: AccountView.render("show.json", account_view_opts),
unread: MessageReference.unread_count_for_chat(chat), unread: MessageReference.unread_count_for_chat(chat),
last_message: last_message:
last_message && last_message &&
@ -27,7 +28,17 @@ def render("show.json", %{chat: %Chat{} = chat} = opts) do
} }
end end
def render("index.json", %{chats: chats}) do def render("index.json", %{chats: chats} = opts) do
render_many(chats, __MODULE__, "show.json") render_many(chats, __MODULE__, "show.json", Map.delete(opts, :chats))
end
defp account_view_opts(opts, recipient) do
account_view_opts = Map.put(opts, :user, recipient)
if Map.has_key?(account_view_opts, :for) do
account_view_opts
else
Map.put(account_view_opts, :skip_visibility_check, true)
end
end end
end end

View file

@ -17,7 +17,7 @@ def render("show.json", %{emoji_reaction: [emoji, user_ap_ids], user: user}) do
%{ %{
name: emoji, name: emoji,
count: length(users), count: length(users),
accounts: render(AccountView, "index.json", users: users, for: user, as: :user), accounts: render(AccountView, "index.json", users: users, for: user),
me: !!(user && user.ap_id in user_ap_ids) me: !!(user && user.ap_id in user_ap_ids)
} }
end end

View file

@ -14,14 +14,14 @@
"certifi": {:hex, :certifi, "2.5.2", "b7cfeae9d2ed395695dd8201c57a2d019c0c43ecaf8b8bcb9320b40d6662f340", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm", "3b3b5f36493004ac3455966991eaf6e768ce9884693d9968055aeeeb1e575040"}, "certifi": {:hex, :certifi, "2.5.2", "b7cfeae9d2ed395695dd8201c57a2d019c0c43ecaf8b8bcb9320b40d6662f340", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm", "3b3b5f36493004ac3455966991eaf6e768ce9884693d9968055aeeeb1e575040"},
"combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm", "1b1dbc1790073076580d0d1d64e42eae2366583e7aecd455d1215b0d16f2451b"}, "combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm", "1b1dbc1790073076580d0d1d64e42eae2366583e7aecd455d1215b0d16f2451b"},
"comeonin": {:hex, :comeonin, "5.3.1", "7fe612b739c78c9c1a75186ef2d322ce4d25032d119823269d0aa1e2f1e20025", [:mix], [], "hexpm", "d6222483060c17f0977fad1b7401ef0c5863c985a64352755f366aee3799c245"}, "comeonin": {:hex, :comeonin, "5.3.1", "7fe612b739c78c9c1a75186ef2d322ce4d25032d119823269d0aa1e2f1e20025", [:mix], [], "hexpm", "d6222483060c17f0977fad1b7401ef0c5863c985a64352755f366aee3799c245"},
"concurrent_limiter": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/concurrent_limiter", "8eee96c6ba39b9286ec44c51c52d9f2758951365", [ref: "8eee96c6ba39b9286ec44c51c52d9f2758951365"]}, "concurrent_limiter": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/concurrent_limiter.git", "8eee96c6ba39b9286ec44c51c52d9f2758951365", [ref: "8eee96c6ba39b9286ec44c51c52d9f2758951365"]},
"connection": {:hex, :connection, "1.0.4", "a1cae72211f0eef17705aaededacac3eb30e6625b04a6117c1b2db6ace7d5976", [:mix], [], "hexpm", "4a0850c9be22a43af9920a71ab17c051f5f7d45c209e40269a1938832510e4d9"}, "connection": {:hex, :connection, "1.0.4", "a1cae72211f0eef17705aaededacac3eb30e6625b04a6117c1b2db6ace7d5976", [:mix], [], "hexpm", "4a0850c9be22a43af9920a71ab17c051f5f7d45c209e40269a1938832510e4d9"},
"cors_plug": {:hex, :cors_plug, "1.5.2", "72df63c87e4f94112f458ce9d25800900cc88608c1078f0e4faddf20933eda6e", [:mix], [{:plug, "~> 1.3 or ~> 1.4 or ~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "9af027d20dc12dd0c4345a6b87247e0c62965871feea0bfecf9764648b02cc69"}, "cors_plug": {:hex, :cors_plug, "1.5.2", "72df63c87e4f94112f458ce9d25800900cc88608c1078f0e4faddf20933eda6e", [:mix], [{:plug, "~> 1.3 or ~> 1.4 or ~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "9af027d20dc12dd0c4345a6b87247e0c62965871feea0bfecf9764648b02cc69"},
"cowboy": {:hex, :cowboy, "2.7.0", "91ed100138a764355f43316b1d23d7ff6bdb0de4ea618cb5d8677c93a7a2f115", [:rebar3], [{:cowlib, "~> 2.8.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.7.1", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "04fd8c6a39edc6aaa9c26123009200fc61f92a3a94f3178c527b70b767c6e605"}, "cowboy": {:hex, :cowboy, "2.7.0", "91ed100138a764355f43316b1d23d7ff6bdb0de4ea618cb5d8677c93a7a2f115", [:rebar3], [{:cowlib, "~> 2.8.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.7.1", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "04fd8c6a39edc6aaa9c26123009200fc61f92a3a94f3178c527b70b767c6e605"},
"cowlib": {:hex, :cowlib, "2.8.0", "fd0ff1787db84ac415b8211573e9a30a3ebe71b5cbff7f720089972b2319c8a4", [:rebar3], [], "hexpm", "79f954a7021b302186a950a32869dbc185523d99d3e44ce430cd1f3289f41ed4"}, "cowlib": {:hex, :cowlib, "2.8.0", "fd0ff1787db84ac415b8211573e9a30a3ebe71b5cbff7f720089972b2319c8a4", [:rebar3], [], "hexpm", "79f954a7021b302186a950a32869dbc185523d99d3e44ce430cd1f3289f41ed4"},
"credo": {:hex, :credo, "1.1.5", "caec7a3cadd2e58609d7ee25b3931b129e739e070539ad1a0cd7efeeb47014f4", [:mix], [{:bunt, "~> 0.2.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "d0bbd3222607ccaaac5c0340f7f525c627ae4d7aee6c8c8c108922620c5b6446"}, "credo": {:hex, :credo, "1.1.5", "caec7a3cadd2e58609d7ee25b3931b129e739e070539ad1a0cd7efeeb47014f4", [:mix], [{:bunt, "~> 0.2.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "d0bbd3222607ccaaac5c0340f7f525c627ae4d7aee6c8c8c108922620c5b6446"},
"crontab": {:hex, :crontab, "1.1.8", "2ce0e74777dfcadb28a1debbea707e58b879e6aa0ffbf9c9bb540887bce43617", [:mix], [{:ecto, "~> 1.0 or ~> 2.0 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}], "hexpm"}, "crontab": {:hex, :crontab, "1.1.8", "2ce0e74777dfcadb28a1debbea707e58b879e6aa0ffbf9c9bb540887bce43617", [:mix], [{:ecto, "~> 1.0 or ~> 2.0 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}], "hexpm"},
"crypt": {:git, "https://github.com/msantos/crypt", "f63a705f92c26955977ee62a313012e309a4d77a", [ref: "f63a705f92c26955977ee62a313012e309a4d77a"]}, "crypt": {:git, "https://github.com/msantos/crypt.git", "f63a705f92c26955977ee62a313012e309a4d77a", [ref: "f63a705f92c26955977ee62a313012e309a4d77a"]},
"custom_base": {:hex, :custom_base, "0.2.1", "4a832a42ea0552299d81652aa0b1f775d462175293e99dfbe4d7dbaab785a706", [:mix], [], "hexpm", "8df019facc5ec9603e94f7270f1ac73ddf339f56ade76a721eaa57c1493ba463"}, "custom_base": {:hex, :custom_base, "0.2.1", "4a832a42ea0552299d81652aa0b1f775d462175293e99dfbe4d7dbaab785a706", [:mix], [], "hexpm", "8df019facc5ec9603e94f7270f1ac73ddf339f56ade76a721eaa57c1493ba463"},
"db_connection": {:hex, :db_connection, "2.2.2", "3bbca41b199e1598245b716248964926303b5d4609ff065125ce98bcd368939e", [:mix], [{:connection, "~> 1.0.2", [hex: :connection, repo: "hexpm", optional: false]}], "hexpm", "642af240d8a8affb93b4ba5a6fcd2bbcbdc327e1a524b825d383711536f8070c"}, "db_connection": {:hex, :db_connection, "2.2.2", "3bbca41b199e1598245b716248964926303b5d4609ff065125ce98bcd368939e", [:mix], [{:connection, "~> 1.0.2", [hex: :connection, repo: "hexpm", optional: false]}], "hexpm", "642af240d8a8affb93b4ba5a6fcd2bbcbdc327e1a524b825d383711536f8070c"},
"decimal": {:hex, :decimal, "1.8.1", "a4ef3f5f3428bdbc0d35374029ffcf4ede8533536fa79896dd450168d9acdf3c", [:mix], [], "hexpm", "3cb154b00225ac687f6cbd4acc4b7960027c757a5152b369923ead9ddbca7aec"}, "decimal": {:hex, :decimal, "1.8.1", "a4ef3f5f3428bdbc0d35374029ffcf4ede8533536fa79896dd450168d9acdf3c", [:mix], [], "hexpm", "3cb154b00225ac687f6cbd4acc4b7960027c757a5152b369923ead9ddbca7aec"},
@ -105,7 +105,7 @@
"sleeplocks": {:hex, :sleeplocks, "1.1.1", "3d462a0639a6ef36cc75d6038b7393ae537ab394641beb59830a1b8271faeed3", [:rebar3], [], "hexpm", "84ee37aeff4d0d92b290fff986d6a95ac5eedf9b383fadfd1d88e9b84a1c02e1"}, "sleeplocks": {:hex, :sleeplocks, "1.1.1", "3d462a0639a6ef36cc75d6038b7393ae537ab394641beb59830a1b8271faeed3", [:rebar3], [], "hexpm", "84ee37aeff4d0d92b290fff986d6a95ac5eedf9b383fadfd1d88e9b84a1c02e1"},
"ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"}, "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"},
"sweet_xml": {:hex, :sweet_xml, "0.6.6", "fc3e91ec5dd7c787b6195757fbcf0abc670cee1e4172687b45183032221b66b8", [:mix], [], "hexpm", "2e1ec458f892ffa81f9f8386e3f35a1af6db7a7a37748a64478f13163a1f3573"}, "sweet_xml": {:hex, :sweet_xml, "0.6.6", "fc3e91ec5dd7c787b6195757fbcf0abc670cee1e4172687b45183032221b66b8", [:mix], [], "hexpm", "2e1ec458f892ffa81f9f8386e3f35a1af6db7a7a37748a64478f13163a1f3573"},
"swoosh": {:git, "https://github.com/swoosh/swoosh", "c96e0ca8a00d8f211ec1f042a4626b09f249caa5", [ref: "c96e0ca8a00d8f211ec1f042a4626b09f249caa5"]}, "swoosh": {:git, "https://github.com/swoosh/swoosh.git", "c96e0ca8a00d8f211ec1f042a4626b09f249caa5", [ref: "c96e0ca8a00d8f211ec1f042a4626b09f249caa5"]},
"syslog": {:hex, :syslog, "1.1.0", "6419a232bea84f07b56dc575225007ffe34d9fdc91abe6f1b2f254fd71d8efc2", [:rebar3], [], "hexpm", "4c6a41373c7e20587be33ef841d3de6f3beba08519809329ecc4d27b15b659e1"}, "syslog": {:hex, :syslog, "1.1.0", "6419a232bea84f07b56dc575225007ffe34d9fdc91abe6f1b2f254fd71d8efc2", [:rebar3], [], "hexpm", "4c6a41373c7e20587be33ef841d3de6f3beba08519809329ecc4d27b15b659e1"},
"telemetry": {:hex, :telemetry, "0.4.2", "2808c992455e08d6177322f14d3bdb6b625fbcfd233a73505870d8738a2f4599", [:rebar3], [], "hexpm", "2d1419bd9dda6a206d7b5852179511722e2b18812310d304620c7bd92a13fcef"}, "telemetry": {:hex, :telemetry, "0.4.2", "2808c992455e08d6177322f14d3bdb6b625fbcfd233a73505870d8738a2f4599", [:rebar3], [], "hexpm", "2d1419bd9dda6a206d7b5852179511722e2b18812310d304620c7bd92a13fcef"},
"tesla": {:git, "https://github.com/teamon/tesla.git", "af3707078b10793f6a534938e56b963aff82fe3c", [ref: "af3707078b10793f6a534938e56b963aff82fe3c"]}, "tesla": {:git, "https://github.com/teamon/tesla.git", "af3707078b10793f6a534938e56b963aff82fe3c", [ref: "af3707078b10793f6a534938e56b963aff82fe3c"]},

View file

@ -1179,7 +1179,8 @@ test "it can create a Flag activity",
"id" => activity_ap_id, "id" => activity_ap_id,
"content" => content, "content" => content,
"published" => activity_with_object.object.data["published"], "published" => activity_with_object.object.data["published"],
"actor" => AccountView.render("show.json", %{user: target_account}) "actor" =>
AccountView.render("show.json", %{user: target_account, skip_visibility_check: true})
} }
assert %Activity{ assert %Activity{

View file

@ -710,7 +710,7 @@ test "it accepts Flag activities" do
"id" => activity.data["id"], "id" => activity.data["id"],
"content" => "test post", "content" => "test post",
"published" => object.data["published"], "published" => object.data["published"],
"actor" => AccountView.render("show.json", %{user: user}) "actor" => AccountView.render("show.json", %{user: user, skip_visibility_check: true})
} }
message = %{ message = %{

View file

@ -482,7 +482,8 @@ test "returns map with Flag object" do
"id" => activity_ap_id, "id" => activity_ap_id,
"content" => content, "content" => content,
"published" => activity.object.data["published"], "published" => activity.object.data["published"],
"actor" => AccountView.render("show.json", %{user: target_account}) "actor" =>
AccountView.render("show.json", %{user: target_account, skip_visibility_check: true})
} }
assert %{ assert %{

View file

@ -4,11 +4,14 @@
defmodule Pleroma.Web.AdminAPI.ReportViewTest do defmodule Pleroma.Web.AdminAPI.ReportViewTest do
use Pleroma.DataCase use Pleroma.DataCase
import Pleroma.Factory import Pleroma.Factory
alias Pleroma.Web.AdminAPI
alias Pleroma.Web.AdminAPI.Report alias Pleroma.Web.AdminAPI.Report
alias Pleroma.Web.AdminAPI.ReportView alias Pleroma.Web.AdminAPI.ReportView
alias Pleroma.Web.CommonAPI alias Pleroma.Web.CommonAPI
alias Pleroma.Web.MastodonAPI.AccountView alias Pleroma.Web.MastodonAPI
alias Pleroma.Web.MastodonAPI.StatusView alias Pleroma.Web.MastodonAPI.StatusView
test "renders a report" do test "renders a report" do
@ -21,13 +24,16 @@ test "renders a report" do
content: nil, content: nil,
actor: actor:
Map.merge( Map.merge(
AccountView.render("show.json", %{user: user}), MastodonAPI.AccountView.render("show.json", %{user: user, skip_visibility_check: true}),
Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: user}) AdminAPI.AccountView.render("show.json", %{user: user})
), ),
account: account:
Map.merge( Map.merge(
AccountView.render("show.json", %{user: other_user}), MastodonAPI.AccountView.render("show.json", %{
Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: other_user}) user: other_user,
skip_visibility_check: true
}),
AdminAPI.AccountView.render("show.json", %{user: other_user})
), ),
statuses: [], statuses: [],
notes: [], notes: [],
@ -56,13 +62,16 @@ test "includes reported statuses" do
content: nil, content: nil,
actor: actor:
Map.merge( Map.merge(
AccountView.render("show.json", %{user: user}), MastodonAPI.AccountView.render("show.json", %{user: user, skip_visibility_check: true}),
Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: user}) AdminAPI.AccountView.render("show.json", %{user: user})
), ),
account: account:
Map.merge( Map.merge(
AccountView.render("show.json", %{user: other_user}), MastodonAPI.AccountView.render("show.json", %{
Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: other_user}) user: other_user,
skip_visibility_check: true
}),
AdminAPI.AccountView.render("show.json", %{user: other_user})
), ),
statuses: [StatusView.render("show.json", %{activity: activity})], statuses: [StatusView.render("show.json", %{activity: activity})],
state: "open", state: "open",

View file

@ -95,7 +95,7 @@ test "Represent a user account" do
} }
} }
assert expected == AccountView.render("show.json", %{user: user}) assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
end end
test "Favicon is nil when :instances_favicons is disabled" do test "Favicon is nil when :instances_favicons is disabled" do
@ -108,11 +108,12 @@ test "Favicon is nil when :instances_favicons is disabled" do
favicon: favicon:
"https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png" "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png"
} }
} = AccountView.render("show.json", %{user: user}) } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
Config.put([:instances_favicons, :enabled], false) Config.put([:instances_favicons, :enabled], false)
assert %{pleroma: %{favicon: nil}} = AccountView.render("show.json", %{user: user}) assert %{pleroma: %{favicon: nil}} =
AccountView.render("show.json", %{user: user, skip_visibility_check: true})
end end
test "Represent the user account for the account owner" do test "Represent the user account for the account owner" do
@ -189,7 +190,7 @@ test "Represent a Service(bot) account" do
} }
} }
assert expected == AccountView.render("show.json", %{user: user}) assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
end end
test "Represent a Funkwhale channel" do test "Represent a Funkwhale channel" do
@ -198,7 +199,9 @@ test "Represent a Funkwhale channel" do
"https://channels.tests.funkwhale.audio/federation/actors/compositions" "https://channels.tests.funkwhale.audio/federation/actors/compositions"
) )
assert represented = AccountView.render("show.json", %{user: user}) assert represented =
AccountView.render("show.json", %{user: user, skip_visibility_check: true})
assert represented.acct == "compositions@channels.tests.funkwhale.audio" assert represented.acct == "compositions@channels.tests.funkwhale.audio"
assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions" assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions"
end end
@ -223,6 +226,23 @@ test "Represent a smaller mention" do
assert expected == AccountView.render("mention.json", %{user: user}) assert expected == AccountView.render("mention.json", %{user: user})
end end
test "demands :for or :skip_visibility_check option for account rendering" do
clear_config([:restrict_unauthenticated, :profiles, :local], false)
user = insert(:user)
user_id = user.id
assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: nil})
assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: user})
assert %{id: ^user_id} =
AccountView.render("show.json", %{user: user, skip_visibility_check: true})
assert_raise RuntimeError, ~r/:skip_visibility_check or :for option is required/, fn ->
AccountView.render("show.json", %{user: user})
end
end
describe "relationship" do describe "relationship" do
defp test_relationship_rendering(user, other_user, expected_result) do defp test_relationship_rendering(user, other_user, expected_result) do
opts = %{user: user, target: other_user, relationships: nil} opts = %{user: user, target: other_user, relationships: nil}
@ -336,7 +356,7 @@ test "returns the settings store if the requesting user is the represented user
assert result.pleroma.settings_store == %{:fe => "test"} assert result.pleroma.settings_store == %{:fe => "test"}
result = AccountView.render("show.json", %{user: user, with_pleroma_settings: true}) result = AccountView.render("show.json", %{user: user, for: nil, with_pleroma_settings: true})
assert result.pleroma[:settings_store] == nil assert result.pleroma[:settings_store] == nil
result = AccountView.render("show.json", %{user: user, for: user}) result = AccountView.render("show.json", %{user: user, for: user})
@ -345,13 +365,13 @@ test "returns the settings store if the requesting user is the represented user
test "doesn't sanitize display names" do test "doesn't sanitize display names" do
user = insert(:user, name: "<marquee> username </marquee>") user = insert(:user, name: "<marquee> username </marquee>")
result = AccountView.render("show.json", %{user: user}) result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
assert result.display_name == "<marquee> username </marquee>" assert result.display_name == "<marquee> username </marquee>"
end end
test "never display nil user follow counts" do test "never display nil user follow counts" do
user = insert(:user, following_count: 0, follower_count: 0) user = insert(:user, following_count: 0, follower_count: 0)
result = AccountView.render("show.json", %{user: user}) result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
assert result.following_count == 0 assert result.following_count == 0
assert result.followers_count == 0 assert result.followers_count == 0
@ -375,7 +395,7 @@ test "shows when follows/followers stats are hidden and sets follow/follower cou
followers_count: 0, followers_count: 0,
following_count: 0, following_count: 0,
pleroma: %{hide_follows_count: true, hide_followers_count: true} pleroma: %{hide_follows_count: true, hide_followers_count: true}
} = AccountView.render("show.json", %{user: user}) } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
end end
test "shows when follows/followers are hidden" do test "shows when follows/followers are hidden" do
@ -388,7 +408,7 @@ test "shows when follows/followers are hidden" do
followers_count: 1, followers_count: 1,
following_count: 1, following_count: 1,
pleroma: %{hide_follows: true, hide_followers: true} pleroma: %{hide_follows: true, hide_followers: true}
} = AccountView.render("show.json", %{user: user}) } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
end end
test "shows actual follower/following count to the account owner" do test "shows actual follower/following count to the account owner" do
@ -531,7 +551,7 @@ test "uses mediaproxy urls when it's enabled" do
emoji: %{"joker_smile" => "https://evil.website/society.png"} emoji: %{"joker_smile" => "https://evil.website/society.png"}
) )
AccountView.render("show.json", %{user: user}) AccountView.render("show.json", %{user: user, skip_visibility_check: true})
|> Enum.all?(fn |> Enum.all?(fn
{key, url} when key in [:avatar, :avatar_static, :header, :header_static] -> {key, url} when key in [:avatar, :avatar_static, :header, :header_static] ->
String.starts_with?(url, Pleroma.Web.base_url()) String.starts_with?(url, Pleroma.Web.base_url())

View file

@ -177,7 +177,7 @@ test "a note activity" do
id: to_string(note.id), id: to_string(note.id),
uri: object_data["id"], uri: object_data["id"],
url: Pleroma.Web.Router.Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, note), url: Pleroma.Web.Router.Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, note),
account: AccountView.render("show.json", %{user: user}), account: AccountView.render("show.json", %{user: user, skip_visibility_check: true}),
in_reply_to_id: nil, in_reply_to_id: nil,
in_reply_to_account_id: nil, in_reply_to_account_id: nil,
card: nil, card: nil,

View file

@ -332,5 +332,27 @@ test "it return a list of chats the current user is participating in, in descend
chat_1.id |> to_string() chat_1.id |> to_string()
] ]
end end
test "it is not affected by :restrict_unauthenticated setting (issue #1973)", %{
conn: conn,
user: user
} do
clear_config([:restrict_unauthenticated, :profiles, :local], true)
clear_config([:restrict_unauthenticated, :profiles, :remote], true)
user2 = insert(:user)
user3 = insert(:user, local: false)
{:ok, _chat_12} = Chat.get_or_create(user.id, user2.ap_id)
{:ok, _chat_13} = Chat.get_or_create(user.id, user3.ap_id)
result =
conn
|> get("/api/v1/pleroma/chats")
|> json_response_and_validate_schema(200)
account_ids = Enum.map(result, &get_in(&1, ["account", "id"]))
assert Enum.sort(account_ids) == Enum.sort([user2.id, user3.id])
end
end end
end end

View file

@ -26,7 +26,8 @@ test "it represents a chat" do
assert represented_chat == %{ assert represented_chat == %{
id: "#{chat.id}", id: "#{chat.id}",
account: AccountView.render("show.json", user: recipient), account:
AccountView.render("show.json", user: recipient, skip_visibility_check: true),
unread: 0, unread: 0,
last_message: nil, last_message: nil,
updated_at: Utils.to_masto_date(chat.updated_at) updated_at: Utils.to_masto_date(chat.updated_at)

View file

@ -4,11 +4,11 @@
defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
use Pleroma.DataCase use Pleroma.DataCase
alias Pleroma.Repo alias Pleroma.Repo
alias Pleroma.Tests.ObanHelpers alias Pleroma.Tests.ObanHelpers
alias Pleroma.User alias Pleroma.User
alias Pleroma.UserInviteToken alias Pleroma.UserInviteToken
alias Pleroma.Web.MastodonAPI.AccountView
alias Pleroma.Web.TwitterAPI.TwitterAPI alias Pleroma.Web.TwitterAPI.TwitterAPI
setup_all do setup_all do
@ -27,13 +27,10 @@ test "it registers a new user and returns the user." do
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("lain") assert user == User.get_cached_by_nickname("lain")
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
end end
test "it registers a new user with empty string in bio and returns the user." do test "it registers a new user with empty string in bio and returns the user" do
data = %{ data = %{
:username => "lain", :username => "lain",
:email => "lain@wired.jp", :email => "lain@wired.jp",
@ -45,10 +42,7 @@ test "it registers a new user with empty string in bio and returns the user." do
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("lain") assert user == User.get_cached_by_nickname("lain")
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
end end
test "it sends confirmation email if :account_activation_required is specified in instance config" do test "it sends confirmation email if :account_activation_required is specified in instance config" do
@ -134,13 +128,10 @@ test "returns user on success" do
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("vinny") assert user == User.get_cached_by_nickname("vinny")
invite = Repo.get_by(UserInviteToken, token: invite.token) invite = Repo.get_by(UserInviteToken, token: invite.token)
assert invite.used == true assert invite.used == true
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
end end
test "returns error on invalid token" do test "returns error on invalid token" do
@ -197,10 +188,8 @@ test "returns error on expired token" do
check_fn = fn invite -> check_fn = fn invite ->
data = Map.put(data, :token, invite.token) data = Map.put(data, :token, invite.token)
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("vinny")
assert AccountView.render("show.json", %{user: user}) == assert user == User.get_cached_by_nickname("vinny")
AccountView.render("show.json", %{user: fetched_user})
end end
{:ok, data: data, check_fn: check_fn} {:ok, data: data, check_fn: check_fn}
@ -260,14 +249,11 @@ test "returns user on success, after him registration fails" do
} }
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("vinny") assert user == User.get_cached_by_nickname("vinny")
invite = Repo.get_by(UserInviteToken, token: invite.token) invite = Repo.get_by(UserInviteToken, token: invite.token)
assert invite.used == true assert invite.used == true
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
data = %{ data = %{
:username => "GrimReaper", :username => "GrimReaper",
:email => "death@reapers.afterlife", :email => "death@reapers.afterlife",
@ -302,13 +288,10 @@ test "returns user on success" do
} }
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("vinny") assert user == User.get_cached_by_nickname("vinny")
invite = Repo.get_by(UserInviteToken, token: invite.token) invite = Repo.get_by(UserInviteToken, token: invite.token)
refute invite.used refute invite.used
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
end end
test "error after max uses" do test "error after max uses" do
@ -327,13 +310,11 @@ test "error after max uses" do
} }
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("vinny") assert user == User.get_cached_by_nickname("vinny")
invite = Repo.get_by(UserInviteToken, token: invite.token) invite = Repo.get_by(UserInviteToken, token: invite.token)
assert invite.used == true assert invite.used == true
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
data = %{ data = %{
:username => "GrimReaper", :username => "GrimReaper",
:email => "death@reapers.afterlife", :email => "death@reapers.afterlife",