From f85566324ec7cf20f070850d0cd5bd3fec25445d Mon Sep 17 00:00:00 2001 From: eal Date: Tue, 7 Nov 2017 00:33:44 +0200 Subject: [PATCH] Allow profile fetching for authenticated users only. --- lib/pleroma/web/router.ex | 3 ++- test/web/twitter_api/twitter_api_controller_test.exs | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index f96ec7213..514320fd6 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -138,7 +138,6 @@ defmodule Pleroma.Web.Router do get "/search", TwitterAPI.Controller, :search get "/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline - get "/externalprofile/show", TwitterAPI.Controller, :external_profile end scope "/api", Pleroma.Web do @@ -176,6 +175,8 @@ defmodule Pleroma.Web.Router do get "/statuses/followers", TwitterAPI.Controller, :followers get "/statuses/friends", TwitterAPI.Controller, :friends + + get "/externalprofile/show", TwitterAPI.Controller, :external_profile end pipeline :ostatus do diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index a62947018..798309f7d 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -405,11 +405,13 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do describe "GET /api/externalprofile/show" do test "it returns the user", %{conn: conn} do user = insert(:user) + other_user = insert(:user) conn = conn - |> get("/api/externalprofile/show", %{profileurl: user.ap_id}) + |> assign(:user, user) + |> get("/api/externalprofile/show", %{profileurl: other_user.ap_id}) - assert json_response(conn, 200) == UserView.render("show.json", %{user: user}) + assert json_response(conn, 200) == UserView.render("show.json", %{user: other_user}) end end