Redirect not logged-in users to the MastoFE login page on private instances

2019-07-29 16:17:22 +00:00 · 2019-07-29 16:17:22 +00:00 · 25c818ed6f
parent f7028ae8ac
commit 25c818ed6f
3 changed files with 21 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -10,6 +10,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Mastodon API: return the actual profile URL in the Account entity's `url` property when appropriate
 - Templates: properly style anchor tags
 - Objects being re-embedded to activities after being updated (e.g faved/reposted). Running 'mix pleroma.database prune_objects' again is advised.
+- Not being able to access the Mastodon FE login page on private instances

 ### Added
 - Relays: Added a task to list relay subscriptions.
@ -35,6 +36,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ## [1.0.2] - 2019-07-28
 ### Fixed
 - Not being able to pin unlisted posts
+- Mastodon API: represent poll IDs as strings
+- MediaProxy: fix matching filenames
+- MediaProxy: fix filename encoding
+- Migrations: fix a sporadic migration failure
 - Metadata rendering errors resulting in the entire page being inaccessible
 - Federation/MediaProxy not working with instances that have wrong certificate order
 - ActivityPub S2S: remote user deletions now work the same as local user deletions.
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -684,7 +684,7 @@ defmodule Pleroma.Web.Router do
    delete("/auth/sign_out", MastodonAPIController, :logout)

    scope [] do
-      pipe_through(:oauth_read_or_public)
+      pipe_through(:oauth_read)
      get("/web/*path", MastodonAPIController, :index)
    end
  end
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@ -2879,6 +2879,21 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
      assert redirected_to(conn) == "/web/login"
    end

+    test "redirects not logged-in users to the login page on private instances", %{
+      conn: conn,
+      path: path
+    } do
+      is_public = Pleroma.Config.get([:instance, :public])
+      Pleroma.Config.put([:instance, :public], false)
+
+      conn = get(conn, path)
+
+      assert conn.status == 302
+      assert redirected_to(conn) == "/web/login"
+
+      Pleroma.Config.put([:instance, :public], is_public)
+    end
+
    test "does not redirect logged in users to the login page", %{conn: conn, path: path} do
      token = insert(:oauth_token)