forked from AkkomaGang/akkoma
Merge branch 'bugfix/unauthed-liked-by' into 'develop'
Bugfix: don't error out on unauthorized request to liked/favourited_by See merge request pleroma/pleroma!1474
This commit is contained in:
kaniini
commit
8d3cf7e519
2 changed files with 30 additions and 0 deletions
|
|
@ -882,6 +882,8 @@ def blocks?(%User{info: info} = _user, %{ap_id: ap_id}) do
|
||||||
Pleroma.Web.ActivityPub.MRF.subdomain_match?(domain_blocks, host)
|
Pleroma.Web.ActivityPub.MRF.subdomain_match?(domain_blocks, host)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def blocks?(nil, _), do: false
|
||||||
|
|
||||||
def subscribed_to?(user, %{ap_id: ap_id}) do
|
def subscribed_to?(user, %{ap_id: ap_id}) do
|
||||||
with %User{} = target <- get_cached_by_ap_id(ap_id) do
|
with %User{} = target <- get_cached_by_ap_id(ap_id) do
|
||||||
Enum.member?(target.info.subscribers, user.ap_id)
|
Enum.member?(target.info.subscribers, user.ap_id)
|
||||||
|
|
|
||||||
|
|
@ -3786,6 +3786,20 @@ test "does not return users who have favorited the status but are blocked", %{
|
||||||
|
|
||||||
assert Enum.empty?(response)
|
assert Enum.empty?(response)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do
|
||||||
|
other_user = insert(:user)
|
||||||
|
{:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
|
||||||
|
|
||||||
|
response =
|
||||||
|
conn
|
||||||
|
|> assign(:user, nil)
|
||||||
|
|> get("/api/v1/statuses/#{activity.id}/favourited_by")
|
||||||
|
|> json_response(:ok)
|
||||||
|
|
||||||
|
[%{"id" => id}] = response
|
||||||
|
assert id == other_user.id
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "GET /api/v1/statuses/:id/reblogged_by" do
|
describe "GET /api/v1/statuses/:id/reblogged_by" do
|
||||||
|
|
@ -3843,6 +3857,20 @@ test "does not return users who have reblogged the status but are blocked", %{
|
||||||
|
|
||||||
assert Enum.empty?(response)
|
assert Enum.empty?(response)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do
|
||||||
|
other_user = insert(:user)
|
||||||
|
{:ok, _, _} = CommonAPI.repeat(activity.id, other_user)
|
||||||
|
|
||||||
|
response =
|
||||||
|
conn
|
||||||
|
|> assign(:user, nil)
|
||||||
|
|> get("/api/v1/statuses/#{activity.id}/reblogged_by")
|
||||||
|
|> json_response(:ok)
|
||||||
|
|
||||||
|
[%{"id" => id}] = response
|
||||||
|
assert id == other_user.id
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "POST /auth/password, with valid parameters" do
|
describe "POST /auth/password, with valid parameters" do
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue