a1batross
/
pleroma
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Merge branch 'fix/1732-authless-following-followers' into 'develop' 

[FIX] [#1732] Made AP C2S :followers and :following endpoints serve on no auth

Closes #1732

See merge request pleroma/pleroma!2463
This commit is contained in:
rinpatch 2020-05-02 15:39:31 +00:00
parent 9e3ec58280 2d07ed7747
commit e186d9941d
3 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/pleroma/web/activity_pub/activity_pub_controller.ex
View File

@ -37,9 +37,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
[unless_func: &FederatingPlug.federating?/0] when action not in @federating_only_actions [unless_func: &FederatingPlug.federating?/0] when action not in @federating_only_actions
) )
# Note: :following and :followers must be served even without authentication (as via :api)
plug( plug(
EnsureAuthenticatedPlug EnsureAuthenticatedPlug
when action in [:read_inbox, :update_outbox, :whoami, :upload_media, :following, :followers] when action in [:read_inbox, :update_outbox, :whoami, :upload_media]
) )
plug( plug(

1
lib/pleroma/web/router.ex
View File

@ -585,6 +585,7 @@ defmodule Pleroma.Web.Router do
post("/users/:nickname/outbox", ActivityPubController, :update_outbox) post("/users/:nickname/outbox", ActivityPubController, :update_outbox)
post("/api/ap/upload_media", ActivityPubController, :upload_media) post("/api/ap/upload_media", ActivityPubController, :upload_media)
# The following two are S2S as well, see `ActivityPub.fetch_follow_information_for_user/1`:
get("/users/:nickname/followers", ActivityPubController, :followers) get("/users/:nickname/followers", ActivityPubController, :followers)
get("/users/:nickname/following", ActivityPubController, :following) get("/users/:nickname/following", ActivityPubController, :following)
end end

8
test/web/activity_pub/activity_pub_controller_test.exs
View File

@ -1055,12 +1055,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
assert result["totalItems"] == 15 assert result["totalItems"] == 15
end end
test "returns 403 if requester is not logged in", %{conn: conn} do test "does not require authentication", %{conn: conn} do
user = insert(:user) user = insert(:user)
conn conn
|> get("/users/#{user.nickname}/followers") |> get("/users/#{user.nickname}/followers")
|> json_response(403) |> json_response(200)
end end
end end
@ -1152,12 +1152,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
assert result["totalItems"] == 15 assert result["totalItems"] == 15
end end
test "returns 403 if requester is not logged in", %{conn: conn} do test "does not require authentication", %{conn: conn} do
user = insert(:user) user = insert(:user)
conn conn
|> get("/users/#{user.nickname}/following") |> get("/users/#{user.nickname}/following")
|> json_response(403) |> json_response(200)
end end
end end