feed/user_controller: Return 404 when the user is remote

This commit is contained in:
Haelwenn (lanodan) Monnier 2020-07-29 14:02:02 +02:00
parent 93dbba9b8a
commit 2e27847573
No known key found for this signature in database
GPG key ID: D5B7A8E43C997DEE
2 changed files with 13 additions and 1 deletions

View file

@ -47,7 +47,7 @@ def feed(conn, %{"nickname" => nickname} = params) do
"atom" "atom"
end end
with {_, %User{} = user} <- {:fetch_user, User.get_cached_by_nickname(nickname)} do with {_, %User{local: true} = user} <- {:fetch_user, User.get_cached_by_nickname(nickname)} do
activities = activities =
%{ %{
type: ["Create"], type: ["Create"],
@ -71,6 +71,7 @@ def errors(conn, {:error, :not_found}) do
render_error(conn, :not_found, "Not found") render_error(conn, :not_found, "Not found")
end end
def errors(conn, {:fetch_user, %User{local: false}}), do: errors(conn, {:error, :not_found})
def errors(conn, {:fetch_user, nil}), do: errors(conn, {:error, :not_found}) def errors(conn, {:fetch_user, nil}), do: errors(conn, {:error, :not_found})
def errors(conn, _) do def errors(conn, _) do

View file

@ -181,6 +181,17 @@ test "returns feed with public and unlisted activities", %{conn: conn} do
assert activity_titles == ['public', 'unlisted'] assert activity_titles == ['public', 'unlisted']
end end
test "returns 404 when the user is remote", %{conn: conn} do
user = insert(:user, local: false)
{:ok, _} = CommonAPI.post(user, %{status: "test"})
assert conn
|> put_req_header("accept", "application/atom+xml")
|> get(user_feed_path(conn, :feed, user.nickname))
|> response(404)
end
end end
# Note: see ActivityPubControllerTest for JSON format tests # Note: see ActivityPubControllerTest for JSON format tests