forked from AkkomaGang/akkoma
Fix ActivityPubController.read_inbox/2
This commit is contained in:
parent
896ffabe37
commit
e0f84d0043
2 changed files with 40 additions and 15 deletions
|
@ -251,22 +251,36 @@ def whoami(%{assigns: %{user: %User{} = user}} = conn, _params) do
|
||||||
|
|
||||||
def whoami(_conn, _params), do: {:error, :not_found}
|
def whoami(_conn, _params), do: {:error, :not_found}
|
||||||
|
|
||||||
def read_inbox(%{assigns: %{user: user}} = conn, %{"nickname" => nickname} = params) do
|
def read_inbox(
|
||||||
if nickname == user.nickname do
|
%{assigns: %{user: %{nickname: nickname} = user}} = conn,
|
||||||
|
%{"nickname" => nickname} = params
|
||||||
|
) do
|
||||||
conn
|
conn
|
||||||
|> put_resp_content_type("application/activity+json")
|
|> put_resp_content_type("application/activity+json")
|
||||||
|> json(UserView.render("inbox.json", %{user: user, max_id: params["max_id"]}))
|
|> put_view(UserView)
|
||||||
else
|
|> render("inbox.json", user: user, max_id: params["max_id"])
|
||||||
err =
|
end
|
||||||
dgettext("errors", "can't read inbox of %{nickname} as %{as_nickname}",
|
|
||||||
nickname: nickname,
|
def read_inbox(%{assigns: %{user: nil}} = conn, %{"nickname" => nickname}) do
|
||||||
as_nickname: user.nickname
|
err = dgettext("errors", "can't read inbox of %{nickname}", nickname: nickname)
|
||||||
)
|
|
||||||
|
|
||||||
conn
|
conn
|
||||||
|> put_status(:forbidden)
|
|> put_status(:forbidden)
|
||||||
|> json(err)
|
|> json(err)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def read_inbox(%{assigns: %{user: %{nickname: as_nickname}}} = conn, %{
|
||||||
|
"nickname" => nickname
|
||||||
|
}) do
|
||||||
|
err =
|
||||||
|
dgettext("errors", "can't read inbox of %{nickname} as %{as_nickname}",
|
||||||
|
nickname: nickname,
|
||||||
|
as_nickname: as_nickname
|
||||||
|
)
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> put_status(:forbidden)
|
||||||
|
|> json(err)
|
||||||
end
|
end
|
||||||
|
|
||||||
def handle_user_activity(user, %{"type" => "Create"} = params) do
|
def handle_user_activity(user, %{"type" => "Create"} = params) do
|
||||||
|
|
|
@ -365,6 +365,17 @@ test "it rejects reads from other users", %{conn: conn} do
|
||||||
assert json_response(conn, 403)
|
assert json_response(conn, 403)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it doesn't crash without an authenticated user", %{conn: conn} do
|
||||||
|
user = insert(:user)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header("accept", "application/activity+json")
|
||||||
|
|> get("/users/#{user.nickname}/inbox")
|
||||||
|
|
||||||
|
assert json_response(conn, 403)
|
||||||
|
end
|
||||||
|
|
||||||
test "it returns a note activity in a collection", %{conn: conn} do
|
test "it returns a note activity in a collection", %{conn: conn} do
|
||||||
note_activity = insert(:direct_note_activity)
|
note_activity = insert(:direct_note_activity)
|
||||||
note_object = Object.normalize(note_activity)
|
note_object = Object.normalize(note_activity)
|
||||||
|
|
Loading…
Reference in a new issue