Merge branch 'reply-visibility-user-guard' into 'develop'

Mastodon API: fix the public timeline returning an error when the `reply_visibility` parameter is set to `self` for an unauthenticated user

See merge request pleroma/pleroma!2999

CHANGELOG.md

@@ -24,6 +24,7 @@ switched to a new configuration mechanism, however it was not officially removed
 ### Fixed
 
 - Welcome Chat messages preventing user registration with MRF Simple Policy applied to the local instance
+- Mastodon API: the public timeline returning an error when the `reply_visibility` parameter is set to `self` for an unauthenticated user
 
 ## [2.1.1] - 2020-09-08
 

lib/pleroma/web/activity_pub/activity_pub.ex

@@ -767,7 +767,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
   end
 
   defp restrict_replies(query, %{
-         reply_filtering_user: user,
+         reply_filtering_user: %User{} = user,
          reply_visibility: "self"
        }) do
     from(
@@ -783,7 +783,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
   end
 
   defp restrict_replies(query, %{
-         reply_filtering_user: user,
+         reply_filtering_user: %User{} = user,
          reply_visibility: "following"
        }) do
     from(

test/web/activity_pub/activity_pub_test.exs

@@ -1810,6 +1810,14 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
         |> Enum.map(& &1.id)
 
       assert activities_ids == []
+
+      activities_ids =
+        %{}
+        |> Map.put(:reply_visibility, "self")
+        |> Map.put(:reply_filtering_user, nil)
+        |> ActivityPub.fetch_public_activities()
+
+      assert activities_ids == []
     end
 
     test "home timeline", %{users: %{u1: user}} do