[#1732] Made AP C2S :followers and :following endpoints serve on no auth

author Ivan Tashkinov <ivantashkinov@gmail.com>

Sat, 2 May 2020 15:28:04 +0000 (18:28 +0300)

committer Ivan Tashkinov <ivantashkinov@gmail.com>

Sat, 2 May 2020 15:28:04 +0000 (18:28 +0300)
author Ivan Tashkinov <ivantashkinov@gmail.com>
Sat, 2 May 2020 15:28:04 +0000 (18:28 +0300)
committer Ivan Tashkinov <ivantashkinov@gmail.com>
Sat, 2 May 2020 15:28:04 +0000 (18:28 +0300)
diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex

index d625530ecb575586986e22735544299733fe498a..f607931ab247bc2b6435cbbbba5a74d07bca6466 100644 (file)
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@@ -37,9 +37,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
      [unless_func: &FederatingPlug.federating?/0] when action not in @federating_only_actions
    )
  
+  # Note: :following and :followers must be served even without authentication (as via :api)
    plug(
      EnsureAuthenticatedPlug
-    when action in [:read_inbox, :update_outbox, :whoami, :upload_media, :following, :followers]
+    when action in [:read_inbox, :update_outbox, :whoami, :upload_media]
    )
  
    plug(
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex

index 83287a83d44e2c44ad0c0f86903112e8aa0fe042..5b00243e9cb5566c3ecb315df51796e3e31556eb 100644 (file)
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -585,6 +585,7 @@ defmodule Pleroma.Web.Router do
      post("/users/:nickname/outbox", ActivityPubController, :update_outbox)
      post("/api/ap/upload_media", ActivityPubController, :upload_media)
  
+    # The following two are S2S as well, see `ActivityPub.fetch_follow_information_for_user/1`:
      get("/users/:nickname/followers", ActivityPubController, :followers)
      get("/users/:nickname/following", ActivityPubController, :following)
    end
diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs

index 6b5913f9506aaa634606d351feeb665f1adc40b1..a8f1f0e263e092d95aad2633386be3ba4039656c 100644 (file)
--- a/test/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/web/activity_pub/activity_pub_controller_test.exs
@@ -1055,12 +1055,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        assert result["totalItems"] == 15
      end
  
-    test "returns 403 if requester is not logged in", %{conn: conn} do
+    test "does not require authentication", %{conn: conn} do
        user = insert(:user)
  
        conn
        |> get("/users/#{user.nickname}/followers")
-      |> json_response(403)
+      |> json_response(200)
      end
    end
  
@@ -1152,12 +1152,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        assert result["totalItems"] == 15
      end
  
-    test "returns 403 if requester is not logged in", %{conn: conn} do
+    test "does not require authentication", %{conn: conn} do
        user = insert(:user)
  
        conn
        |> get("/users/#{user.nickname}/following")
-      |> json_response(403)
+      |> json_response(200)
      end
    end
author	Ivan Tashkinov <ivantashkinov@gmail.com>
	Sat, 2 May 2020 15:28:04 +0000 (18:28 +0300)
committer	Ivan Tashkinov <ivantashkinov@gmail.com>
	Sat, 2 May 2020 15:28:04 +0000 (18:28 +0300)
lib/pleroma/web/activity_pub/activity_pub_controller.ex		patch \| blob \| history
lib/pleroma/web/router.ex		patch \| blob \| history
test/web/activity_pub/activity_pub_controller_test.exs		patch \| blob \| history