X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Ftwitter_api%2Fcontrollers%2Futil_controller.ex;h=c35e393c072e391b7d7cb4c9deb94d6b76f2e367;hb=05ca420c0994b079116b40ea5a84214b50d56d0e;hp=2305bb41334202badc82890d3e5e0bfaeab97eb9;hpb=28fb98d69e31ce5a09e15e213491b880430a0902;p=akkoma diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index 2305bb413..c35e393c0 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -22,7 +22,14 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do plug( OAuthScopesPlug, %{scopes: ["follow", "write:follows"]} - when action in [:do_remote_follow, :follow_import] + when action == :follow_import + ) + + # Note: follower can submit the form (with password auth) not being signed in (having no token) + plug( + OAuthScopesPlug, + %{fallback: :proceed_unauthenticated, scopes: ["follow", "write:follows"]} + when action == :do_remote_follow ) plug(OAuthScopesPlug, %{scopes: ["follow", "write:blocks"]} when action == :blocks_import) @@ -104,7 +111,8 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do defp is_status?(acct) do case Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id(acct) do - {:ok, %{"type" => type}} when type in ["Article", "Note", "Video", "Page", "Question"] -> + {:ok, %{"type" => type}} + when type in ["Article", "Event", "Note", "Video", "Page", "Question"] -> true _ -> @@ -112,6 +120,28 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do end end + def do_remote_follow(%{assigns: %{user: user}} = conn, %{"user" => %{"id" => id}}) + when not is_nil(user) do + with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)}, + {:ok, _follower, _followee, _activity} <- CommonAPI.follow(user, followee) do + conn + |> render("followed.html", %{error: false}) + else + # Was already following user + {:error, "Could not follow user:" <> _rest} -> + render(conn, "followed.html", %{error: "Error following account"}) + + {:fetch_user, error} -> + Logger.debug("Remote follow failed with error #{inspect(error)}") + render(conn, "followed.html", %{error: "Could not find user"}) + + e -> + Logger.debug("Remote follow failed with error #{inspect(e)}") + render(conn, "followed.html", %{error: "Something went wrong."}) + end + end + + # Note: "id" is the id of followee user, disregard incorrect placing under "authorization" def do_remote_follow(conn, %{ "authorization" => %{"name" => username, "password" => password, "id" => id} }) do @@ -145,24 +175,12 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do end end - def do_remote_follow(%{assigns: %{user: user}} = conn, %{"user" => %{"id" => id}}) do - with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)}, - {:ok, _follower, _followee, _activity} <- CommonAPI.follow(user, followee) do - conn - |> render("followed.html", %{error: false}) - else - # Was already following user - {:error, "Could not follow user:" <> _rest} -> - render(conn, "followed.html", %{error: "Error following account"}) - - {:fetch_user, error} -> - Logger.debug("Remote follow failed with error #{inspect(error)}") - render(conn, "followed.html", %{error: "Could not find user"}) + def do_remote_follow(%{assigns: %{user: nil}} = conn, _) do + render(conn, "followed.html", %{error: "Insufficient permissions: follow | write:follows."}) + end - e -> - Logger.debug("Remote follow failed with error #{inspect(e)}") - render(conn, "followed.html", %{error: "Something went wrong."}) - end + def do_remote_follow(conn, _) do + render(conn, "followed.html", %{error: "Something went wrong."}) end def notifications_read(%{assigns: %{user: user}} = conn, %{"id" => notification_id}) do @@ -345,7 +363,9 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do end def delete_account(%{assigns: %{user: user}} = conn, params) do - case CommonAPI.Utils.confirm_current_password(user, params["password"]) do + password = params["password"] || "" + + case CommonAPI.Utils.confirm_current_password(user, password) do {:ok, user} -> User.delete(user) json(conn, %{status: "success"})