ActivityPub controller: do not render remote users

author rinpatch <rinpatch@sdf.org>

Mon, 25 Nov 2019 14:19:33 +0000 (17:19 +0300)

committer rinpatch <rinpatch@sdf.org>

Mon, 25 Nov 2019 14:19:33 +0000 (17:19 +0300)
author rinpatch <rinpatch@sdf.org>
Mon, 25 Nov 2019 14:19:33 +0000 (17:19 +0300)
committer rinpatch <rinpatch@sdf.org>
Mon, 25 Nov 2019 14:19:33 +0000 (17:19 +0300)
diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex

index b2cd965fe0db08bc7cf183928a251ace949df6d9..dec5da0d3aea6ea4572bcf6ab100d3136a398c86 100644 (file)
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@@ -45,7 +45,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
    end
  
    def user(conn, %{"nickname" => nickname}) do
    end
  
    def user(conn, %{"nickname" => nickname}) do
-    with %User{} = user <- User.get_cached_by_nickname(nickname),
+    with %User{local: true} = user <- User.get_cached_by_nickname(nickname),
           {:ok, user} <- User.ensure_keys_present(user) do
        conn
        |> put_resp_content_type("application/activity+json")
           {:ok, user} <- User.ensure_keys_present(user) do
        conn
        |> put_resp_content_type("application/activity+json")
@@ -53,6 +53,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
        |> render("user.json", %{user: user})
      else
        nil -> {:error, :not_found}
        |> render("user.json", %{user: user})
      else
        nil -> {:error, :not_found}
+      %{local: false} -> {:error, :not_found}
      end
    end
  
      end
    end
  
diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs

index a5414c5210bc66b6f38c63ce70f14a07416bc6a8..1aa73d75cf675efee5dfd1df83028840b92324b5 100644 (file)
--- a/test/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/web/activity_pub/activity_pub_controller_test.exs
@@ -110,6 +110,19 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
  
        assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
      end
  
        assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
      end
+
+    test "it returns 404 for remote users", %{
+      conn: conn
+    } do
+      user = insert(:user, local: false, nickname: "remoteuser@example.com")
+
+      conn =
+        conn
+        |> put_req_header("accept", "application/json")
+        |> get("/users/#{user.nickname}.json")
+
+      assert json_response(conn, 404)
+    end
    end
  
    describe "/object/:uuid" do
    end
  
    describe "/object/:uuid" do
author	rinpatch <rinpatch@sdf.org>
	Mon, 25 Nov 2019 14:19:33 +0000 (17:19 +0300)
committer	rinpatch <rinpatch@sdf.org>
	Mon, 25 Nov 2019 14:19:33 +0000 (17:19 +0300)
lib/pleroma/web/activity_pub/activity_pub_controller.ex		patch \| blob \| history
test/web/activity_pub/activity_pub_controller_test.exs		patch \| blob \| history