(as for related :api pipeline endpoints).features/attachment_validator
@@ -37,9 +37,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do | |||||
[unless_func: &FederatingPlug.federating?/0] when action not in @federating_only_actions | [unless_func: &FederatingPlug.federating?/0] when action not in @federating_only_actions | ||||
) | ) | ||||
# Note: :following and :followers must be served even without authentication (as via :api) | |||||
plug( | plug( | ||||
EnsureAuthenticatedPlug | EnsureAuthenticatedPlug | ||||
when action in [:read_inbox, :update_outbox, :whoami, :upload_media, :following, :followers] | |||||
when action in [:read_inbox, :update_outbox, :whoami, :upload_media] | |||||
) | ) | ||||
plug( | plug( | ||||
@@ -585,6 +585,7 @@ defmodule Pleroma.Web.Router do | |||||
post("/users/:nickname/outbox", ActivityPubController, :update_outbox) | post("/users/:nickname/outbox", ActivityPubController, :update_outbox) | ||||
post("/api/ap/upload_media", ActivityPubController, :upload_media) | post("/api/ap/upload_media", ActivityPubController, :upload_media) | ||||
# The following two are S2S as well, see `ActivityPub.fetch_follow_information_for_user/1`: | |||||
get("/users/:nickname/followers", ActivityPubController, :followers) | get("/users/:nickname/followers", ActivityPubController, :followers) | ||||
get("/users/:nickname/following", ActivityPubController, :following) | get("/users/:nickname/following", ActivityPubController, :following) | ||||
end | end | ||||
@@ -1055,12 +1055,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do | |||||
assert result["totalItems"] == 15 | assert result["totalItems"] == 15 | ||||
end | end | ||||
test "returns 403 if requester is not logged in", %{conn: conn} do | |||||
test "does not require authentication", %{conn: conn} do | |||||
user = insert(:user) | user = insert(:user) | ||||
conn | conn | ||||
|> get("/users/#{user.nickname}/followers") | |> get("/users/#{user.nickname}/followers") | ||||
|> json_response(403) | |||||
|> json_response(200) | |||||
end | end | ||||
end | end | ||||
@@ -1152,12 +1152,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do | |||||
assert result["totalItems"] == 15 | assert result["totalItems"] == 15 | ||||
end | end | ||||
test "returns 403 if requester is not logged in", %{conn: conn} do | |||||
test "does not require authentication", %{conn: conn} do | |||||
user = insert(:user) | user = insert(:user) | ||||
conn | conn | ||||
|> get("/users/#{user.nickname}/following") | |> get("/users/#{user.nickname}/following") | ||||
|> json_response(403) | |||||
|> json_response(200) | |||||
end | end | ||||
end | end | ||||