diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 7114d6de6..55a9c2572 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -14,6 +14,19 @@ defmodule Pleroma.Web.CommonAPI do import Pleroma.Web.CommonAPI.Utils + def follow(follower, followed) do + with {:ok, follower} <- User.maybe_direct_follow(follower, followed), + {:ok, activity} <- ActivityPub.follow(follower, followed), + {:ok, follower, followed} <- + User.wait_and_refresh( + Pleroma.Config.get([:activitypub, :follow_handshake_timeout]), + follower, + followed + ) do + {:ok, follower, followed, activity} + end + end + def delete(activity_id, user) do with %Activity{data: %{"object" => %{"id" => object_id}}} <- Repo.get(Activity, activity_id), %Object{} = object <- Object.normalize(object_id), diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 00a0f1351..21ebef6b4 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -292,13 +292,16 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def dm_timeline(%{assigns: %{user: user}} = conn, params) do - query = - ActivityPub.fetch_activities_query( - [user.ap_id], - Map.merge(params, %{"type" => "Create", visibility: "direct"}) - ) + params = + params + |> Map.put("type", "Create") + |> Map.put("blocking_user", user) + |> Map.put("user", user) + |> Map.put(:visibility, "direct") - activities = Repo.all(query) + activities = + ActivityPub.fetch_activities_query([user.ap_id], params) + |> Repo.all() conn |> add_link_headers(:dm_timeline, activities) @@ -733,14 +736,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def follow(%{assigns: %{user: follower}} = conn, %{"id" => id}) do with %User{} = followed <- Repo.get(User, id), - {:ok, follower} <- User.maybe_direct_follow(follower, followed), - {:ok, _activity} <- ActivityPub.follow(follower, followed), - {:ok, follower, followed} <- - User.wait_and_refresh( - Config.get([:activitypub, :follow_handshake_timeout]), - follower, - followed - ) do + {:ok, follower, followed, _} <- CommonAPI.follow(follower, followed) do conn |> put_view(AccountView) |> render("relationship.json", %{user: follower, target: followed}) @@ -754,8 +750,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def follow(%{assigns: %{user: follower}} = conn, %{"uri" => uri}) do with %User{} = followed <- Repo.get_by(User, nickname: uri), - {:ok, follower} <- User.maybe_direct_follow(follower, followed), - {:ok, _activity} <- ActivityPub.follow(follower, followed) do + {:ok, follower, followed, _} <- CommonAPI.follow(follower, followed) do conn |> put_view(AccountView) |> render("account.json", %{user: followed, for: follower}) diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 615a34be9..d1b3c796c 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -28,18 +28,8 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do end def follow(%User{} = follower, params) do - with {:ok, %User{} = followed} <- get_user(params), - {:ok, follower} <- User.maybe_direct_follow(follower, followed), - {:ok, activity} <- ActivityPub.follow(follower, followed), - {:ok, follower, followed} <- - User.wait_and_refresh( - Pleroma.Config.get([:activitypub, :follow_handshake_timeout]), - follower, - followed - ) do - {:ok, follower, followed, activity} - else - err -> err + with {:ok, %User{} = followed} <- get_user(params) do + CommonAPI.follow(follower, followed) end end diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 0769f8698..6f8c3cc54 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -177,13 +177,16 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end def dm_timeline(%{assigns: %{user: user}} = conn, params) do - query = - ActivityPub.fetch_activities_query( - [user.ap_id], - Map.merge(params, %{"type" => "Create", "user" => user, visibility: "direct"}) - ) + params = + params + |> Map.put("type", "Create") + |> Map.put("blocking_user", user) + |> Map.put("user", user) + |> Map.put(:visibility, "direct") - activities = Repo.all(query) + activities = + ActivityPub.fetch_activities_query([user.ap_id], params) + |> Repo.all() conn |> put_view(ActivityView) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index f7f10662a..ec6869db9 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -248,6 +248,33 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert status["url"] != direct.data["id"] end + test "doesn't include DMs from blocked users", %{conn: conn} do + blocker = insert(:user) + blocked = insert(:user) + user = insert(:user) + {:ok, blocker} = User.block(blocker, blocked) + + {:ok, _blocked_direct} = + CommonAPI.post(blocked, %{ + "status" => "Hi @#{blocker.nickname}!", + "visibility" => "direct" + }) + + {:ok, direct} = + CommonAPI.post(user, %{ + "status" => "Hi @#{blocker.nickname}!", + "visibility" => "direct" + }) + + res_conn = + conn + |> assign(:user, user) + |> get("api/v1/timelines/direct") + + [status] = json_response(res_conn, 200) + assert status["id"] == direct.id + end + test "replying to a status", %{conn: conn} do user = insert(:user) diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index d18b65876..ce0812308 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -415,6 +415,33 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do assert status["id"] == direct_two.id assert status_two["id"] == direct.id end + + test "doesn't include DMs from blocked users", %{conn: conn} do + blocker = insert(:user) + blocked = insert(:user) + user = insert(:user) + {:ok, blocker} = User.block(blocker, blocked) + + {:ok, _blocked_direct} = + CommonAPI.post(blocked, %{ + "status" => "Hi @#{blocker.nickname}!", + "visibility" => "direct" + }) + + {:ok, direct} = + CommonAPI.post(user, %{ + "status" => "Hi @#{blocker.nickname}!", + "visibility" => "direct" + }) + + res_conn = + conn + |> assign(:user, blocker) + |> get("/api/statuses/dm_timeline.json") + + [status] = json_response(res_conn, 200) + assert status["id"] == direct.id + end end describe "GET /statuses/mentions.json" do @@ -1762,8 +1789,6 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do |> assign(:user, user) |> post("/api/pleroma/friendships/approve", %{"user_id" => other_user.id}) - user = Repo.get(User, user.id) - assert relationship = json_response(conn, 200) assert other_user.id == relationship["id"] assert relationship["follows_you"] == true @@ -1787,8 +1812,6 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do |> assign(:user, user) |> post("/api/pleroma/friendships/deny", %{"user_id" => other_user.id}) - user = Repo.get(User, user.id) - assert relationship = json_response(conn, 200) assert other_user.id == relationship["id"] assert relationship["follows_you"] == false