squeegily
/
pleroma
1
0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 42 Wiki Aktivita
Procházet zdrojové kódy

[#1732] Made AP C2S :followers and :following endpoints serve on no auth 

(as for related :api pipeline endpoints).
features/attachment_validator
Ivan Tashkinov před 4 roky
rodič
9e3ec58280
revize
2d07ed7747
3 změnil soubory, kde provedl 7 přidání a 5 odebrání
Rozdělené zobrazení
Diff Options
Zobrazit statistiky Download Patch File Stáhněte rozdílový soubor
  1. +2
    -1
      lib/pleroma/web/activity_pub/activity_pub_controller.ex
  2. +1
    -0
      lib/pleroma/web/router.ex
  3. +4
    -4
      test/web/activity_pub/activity_pub_controller_test.exs

+ 2
- 1
lib/pleroma/web/activity_pub/activity_pub_controller.ex Zobrazit soubor

@@ -37,9 +37,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
[unless_func: &FederatingPlug.federating?/0] when action not in @federating_only_actions
)

# Note: :following and :followers must be served even without authentication (as via :api)
plug(
EnsureAuthenticatedPlug
when action in [:read_inbox, :update_outbox, :whoami, :upload_media, :following, :followers]
when action in [:read_inbox, :update_outbox, :whoami, :upload_media]
)

plug(


+ 1
- 0
lib/pleroma/web/router.ex Zobrazit soubor

@@ -585,6 +585,7 @@ defmodule Pleroma.Web.Router do
post("/users/:nickname/outbox", ActivityPubController, :update_outbox)
post("/api/ap/upload_media", ActivityPubController, :upload_media)

# The following two are S2S as well, see `ActivityPub.fetch_follow_information_for_user/1`:
get("/users/:nickname/followers", ActivityPubController, :followers)
get("/users/:nickname/following", ActivityPubController, :following)
end


+ 4
- 4
test/web/activity_pub/activity_pub_controller_test.exs Zobrazit soubor

@@ -1055,12 +1055,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
assert result["totalItems"] == 15
end

test "returns 403 if requester is not logged in", %{conn: conn} do
test "does not require authentication", %{conn: conn} do
user = insert(:user)

conn
|> get("/users/#{user.nickname}/followers")
|> json_response(403)
|> json_response(200)
end
end

@@ -1152,12 +1152,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
assert result["totalItems"] == 15
end

test "returns 403 if requester is not logged in", %{conn: conn} do
test "does not require authentication", %{conn: conn} do
user = insert(:user)

conn
|> get("/users/#{user.nickname}/following")
|> json_response(403)
|> json_response(200)
end
end



Zapsat Náhled
Načítá se…
Zrušit
Uložit