Mastodon API: do not create a following relationship if the corresponding follow request doesn't exist when calling POST /api/v1/follow_requests/:id/authorize

This commit is contained in:
eugenijm 2020-04-27 17:41:38 +03:00 committed by rinpatch
parent e55876409b
commit 66a8e1312d
3 changed files with 11 additions and 2 deletions
CHANGELOG.md
lib/pleroma/web/common_api
test/web/common_api

View file

@ -41,6 +41,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Logger configuration through AdminFE - Logger configuration through AdminFE
- HTTP Basic Authentication permissions issue - HTTP Basic Authentication permissions issue
- ObjectAgePolicy didn't filter out old messages - ObjectAgePolicy didn't filter out old messages
- Mastodon API: do not create a following relationship if the corresponding follow request doesn't exist when calling `POST /api/v1/follow_requests/:id/authorize`
### Added ### Added
- NodeInfo: ObjectAgePolicy settings to the `federation` list. - NodeInfo: ObjectAgePolicy settings to the `federation` list.

View file

@ -43,8 +43,8 @@ def unfollow(follower, unfollowed) do
end end
def accept_follow_request(follower, followed) do def accept_follow_request(follower, followed) do
with {:ok, follower} <- User.follow(follower, followed), with %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed),
%Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed), {:ok, follower} <- User.follow(follower, followed),
{:ok, follow_activity} <- Utils.update_follow_state_for_all(follow_activity, "accept"), {:ok, follow_activity} <- Utils.update_follow_state_for_all(follow_activity, "accept"),
{:ok, _relationship} <- FollowingRelationship.update(follower, followed, :follow_accept), {:ok, _relationship} <- FollowingRelationship.update(follower, followed, :follow_accept),
{:ok, _activity} <- {:ok, _activity} <-

View file

@ -697,6 +697,14 @@ test "after rejection, it sets all existing pending follow request states to 're
assert Repo.get(Activity, follow_activity_two.id).data["state"] == "reject" assert Repo.get(Activity, follow_activity_two.id).data["state"] == "reject"
assert Repo.get(Activity, follow_activity_three.id).data["state"] == "pending" assert Repo.get(Activity, follow_activity_three.id).data["state"] == "pending"
end end
test "doesn't create a following relationship if the corresponding follow request doesn't exist" do
user = insert(:user, locked: true)
not_follower = insert(:user)
CommonAPI.accept_follow_request(not_follower, user)
assert Pleroma.FollowingRelationship.following?(not_follower, user) == false
end
end end
describe "vote/3" do describe "vote/3" do