[#2409] Made GET /api/v1/accounts/:id/favourites auth-optional, adjusted tests.

This commit is contained in:
Ivan Tashkinov 2020-04-24 22:25:27 +03:00
parent 00e62161f6
commit b4139cc547
4 changed files with 24 additions and 10 deletions

View file

@ -357,7 +357,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
end end
@doc "GET /api/v1/favourites" @doc "GET /api/v1/favourites"
def favourites(%{assigns: %{user: user}} = conn, params) do def favourites(%{assigns: %{user: %User{} = user}} = conn, params) do
activities = activities =
ActivityPub.fetch_favourites( ActivityPub.fetch_favourites(
user, user,

View file

@ -39,7 +39,10 @@ defmodule Pleroma.Web.PleromaAPI.AccountController do
] ]
) )
plug(OAuthScopesPlug, %{scopes: ["read:favourites"]} when action == :favourites) plug(
OAuthScopesPlug,
%{scopes: ["read:favourites"], fallback: :proceed_unauthenticated} when action == :favourites
)
plug(RateLimiter, [name: :account_confirmation_resend] when action == :confirmation_resend) plug(RateLimiter, [name: :account_confirmation_resend] when action == :confirmation_resend)

View file

@ -312,10 +312,14 @@ defmodule Pleroma.Web.Router do
post("/scrobble", ScrobbleController, :new_scrobble) post("/scrobble", ScrobbleController, :new_scrobble)
end end
scope [] do
pipe_through(:api)
get("/accounts/:id/favourites", AccountController, :favourites)
end
scope [] do scope [] do
pipe_through(:authenticated_api) pipe_through(:authenticated_api)
get("/accounts/:id/favourites", AccountController, :favourites)
post("/accounts/:id/subscribe", AccountController, :subscribe) post("/accounts/:id/subscribe", AccountController, :subscribe)
post("/accounts/:id/unsubscribe", AccountController, :unsubscribe) post("/accounts/:id/unsubscribe", AccountController, :unsubscribe)
end end
@ -404,6 +408,7 @@ defmodule Pleroma.Web.Router do
put("/scheduled_statuses/:id", ScheduledActivityController, :update) put("/scheduled_statuses/:id", ScheduledActivityController, :update)
delete("/scheduled_statuses/:id", ScheduledActivityController, :delete) delete("/scheduled_statuses/:id", ScheduledActivityController, :delete)
# Unlike `GET /api/v1/accounts/:id/favourites`, demands authentication
get("/favourites", StatusController, :favourites) get("/favourites", StatusController, :favourites)
get("/bookmarks", StatusController, :bookmarks) get("/bookmarks", StatusController, :bookmarks)

View file

@ -151,15 +151,18 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
assert like["id"] == activity.id assert like["id"] == activity.id
end end
test "does not return favorites for specified user_id when user is not logged in", %{ test "returns favorites for specified user_id when requester is not logged in", %{
user: user user: user
} do } do
activity = insert(:note_activity) activity = insert(:note_activity)
CommonAPI.favorite(user, activity.id) CommonAPI.favorite(user, activity.id)
response =
build_conn() build_conn()
|> get("/api/v1/pleroma/accounts/#{user.id}/favourites") |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
|> json_response(403) |> json_response(200)
assert length(response) == 1
end end
test "returns favorited DM only when user is logged in and he is one of recipients", %{ test "returns favorited DM only when user is logged in and he is one of recipients", %{
@ -185,9 +188,12 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
assert length(response) == 1 assert length(response) == 1
end end
response =
build_conn() build_conn()
|> get("/api/v1/pleroma/accounts/#{user.id}/favourites") |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
|> json_response(403) |> json_response(200)
assert length(response) == 0
end end
test "does not return others' favorited DM when user is not one of recipients", %{ test "does not return others' favorited DM when user is not one of recipients", %{