forked from AkkomaGang/akkoma
[#1560] Enforced authentication for non-federating instances in StaticFEController.
This commit is contained in:
parent
972889550d
commit
5b696a8ac1
3 changed files with 33 additions and 10 deletions
|
@ -17,6 +17,10 @@ defmodule Pleroma.Web.StaticFE.StaticFEController do
|
||||||
plug(:put_view, Pleroma.Web.StaticFE.StaticFEView)
|
plug(:put_view, Pleroma.Web.StaticFE.StaticFEView)
|
||||||
plug(:assign_id)
|
plug(:assign_id)
|
||||||
|
|
||||||
|
plug(Pleroma.Plugs.EnsureAuthenticatedPlug,
|
||||||
|
unless_func: &Pleroma.Web.FederatingPlug.federating?/0
|
||||||
|
)
|
||||||
|
|
||||||
@page_keys ["max_id", "min_id", "limit", "since_id", "order"]
|
@page_keys ["max_id", "min_id", "limit", "since_id", "order"]
|
||||||
|
|
||||||
defp get_title(%Object{data: %{"name" => name}}) when is_binary(name),
|
defp get_title(%Object{data: %{"name" => name}}) when is_binary(name),
|
||||||
|
@ -33,7 +37,7 @@ defp not_found(conn, message) do
|
||||||
|> render("error.html", %{message: message, meta: ""})
|
|> render("error.html", %{message: message, meta: ""})
|
||||||
end
|
end
|
||||||
|
|
||||||
def get_counts(%Activity{} = activity) do
|
defp get_counts(%Activity{} = activity) do
|
||||||
%Object{data: data} = Object.normalize(activity)
|
%Object{data: data} = Object.normalize(activity)
|
||||||
|
|
||||||
%{
|
%{
|
||||||
|
@ -43,9 +47,9 @@ def get_counts(%Activity{} = activity) do
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
def represent(%Activity{} = activity), do: represent(activity, false)
|
defp represent(%Activity{} = activity), do: represent(activity, false)
|
||||||
|
|
||||||
def represent(%Activity{object: %Object{data: data}} = activity, selected) do
|
defp represent(%Activity{object: %Object{data: data}} = activity, selected) do
|
||||||
{:ok, user} = User.get_or_fetch(activity.object.data["actor"])
|
{:ok, user} = User.get_or_fetch(activity.object.data["actor"])
|
||||||
|
|
||||||
link =
|
link =
|
||||||
|
@ -147,17 +151,17 @@ def show(%{assigns: %{activity_id: _}} = conn, _params) do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def assign_id(%{path_info: ["notice", notice_id]} = conn, _opts),
|
defp assign_id(%{path_info: ["notice", notice_id]} = conn, _opts),
|
||||||
do: assign(conn, :notice_id, notice_id)
|
do: assign(conn, :notice_id, notice_id)
|
||||||
|
|
||||||
def assign_id(%{path_info: ["users", user_id]} = conn, _opts),
|
defp assign_id(%{path_info: ["users", user_id]} = conn, _opts),
|
||||||
do: assign(conn, :username_or_id, user_id)
|
do: assign(conn, :username_or_id, user_id)
|
||||||
|
|
||||||
def assign_id(%{path_info: ["objects", object_id]} = conn, _opts),
|
defp assign_id(%{path_info: ["objects", object_id]} = conn, _opts),
|
||||||
do: assign(conn, :object_id, object_id)
|
do: assign(conn, :object_id, object_id)
|
||||||
|
|
||||||
def assign_id(%{path_info: ["activities", activity_id]} = conn, _opts),
|
defp assign_id(%{path_info: ["activities", activity_id]} = conn, _opts),
|
||||||
do: assign(conn, :activity_id, activity_id)
|
do: assign(conn, :activity_id, activity_id)
|
||||||
|
|
||||||
def assign_id(conn, _opts), do: conn
|
defp assign_id(conn, _opts), do: conn
|
||||||
end
|
end
|
||||||
|
|
|
@ -26,6 +26,8 @@ defmodule Pleroma.Web.ConnCase do
|
||||||
use Pleroma.Tests.Helpers
|
use Pleroma.Tests.Helpers
|
||||||
import Pleroma.Web.Router.Helpers
|
import Pleroma.Web.Router.Helpers
|
||||||
|
|
||||||
|
alias Pleroma.Config
|
||||||
|
|
||||||
# The default endpoint for testing
|
# The default endpoint for testing
|
||||||
@endpoint Pleroma.Web.Endpoint
|
@endpoint Pleroma.Web.Endpoint
|
||||||
|
|
||||||
|
@ -50,7 +52,10 @@ defp oauth_access(scopes, opts \\ []) do
|
||||||
end
|
end
|
||||||
|
|
||||||
defp ensure_federating_or_authenticated(conn, url, user) do
|
defp ensure_federating_or_authenticated(conn, url, user) do
|
||||||
Pleroma.Config.put([:instance, :federating], false)
|
initial_setting = Config.get([:instance, :federating])
|
||||||
|
on_exit(fn -> Config.put([:instance, :federating], initial_setting) end)
|
||||||
|
|
||||||
|
Config.put([:instance, :federating], false)
|
||||||
|
|
||||||
conn
|
conn
|
||||||
|> get(url)
|
|> get(url)
|
||||||
|
@ -61,7 +66,7 @@ defp ensure_federating_or_authenticated(conn, url, user) do
|
||||||
|> get(url)
|
|> get(url)
|
||||||
|> response(200)
|
|> response(200)
|
||||||
|
|
||||||
Pleroma.Config.put([:instance, :federating], true)
|
Config.put([:instance, :federating], true)
|
||||||
|
|
||||||
conn
|
conn
|
||||||
|> get(url)
|
|> get(url)
|
||||||
|
|
|
@ -12,6 +12,10 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
|
||||||
Config.put([:static_fe, :enabled], true)
|
Config.put([:static_fe, :enabled], true)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
clear_config([:instance, :federating]) do
|
||||||
|
Config.put([:instance, :federating], true)
|
||||||
|
end
|
||||||
|
|
||||||
setup %{conn: conn} do
|
setup %{conn: conn} do
|
||||||
conn = put_req_header(conn, "accept", "text/html")
|
conn = put_req_header(conn, "accept", "text/html")
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
|
@ -70,6 +74,10 @@ test "pagination, page 2", %{conn: conn, user: user} do
|
||||||
refute html =~ ">test20<"
|
refute html =~ ">test20<"
|
||||||
refute html =~ ">test29<"
|
refute html =~ ">test29<"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires authentication if instance is NOT federating", %{conn: conn, user: user} do
|
||||||
|
ensure_federating_or_authenticated(conn, "/users/#{user.nickname}", user)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "notice html" do
|
describe "notice html" do
|
||||||
|
@ -153,5 +161,11 @@ test "302 for remote cached status", %{conn: conn, user: user} do
|
||||||
|
|
||||||
assert html_response(conn, 302) =~ "redirected"
|
assert html_response(conn, 302) =~ "redirected"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires authentication if instance is NOT federating", %{conn: conn, user: user} do
|
||||||
|
{:ok, activity} = CommonAPI.post(user, %{"status" => "testing a thing!"})
|
||||||
|
|
||||||
|
ensure_federating_or_authenticated(conn, "/notice/#{activity.id}", user)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue