Merge branch 'dtluna/pleroma-bugfix/deny-self-repeats' into develop

author Roger Braun <roger@rogerbraun.net>

Wed, 26 Apr 2017 06:56:34 +0000 (08:56 +0200)

committer Roger Braun <roger@rogerbraun.net>

Wed, 26 Apr 2017 06:56:34 +0000 (08:56 +0200)
author Roger Braun <roger@rogerbraun.net>
Wed, 26 Apr 2017 06:56:34 +0000 (08:56 +0200)
committer Roger Braun <roger@rogerbraun.net>
Wed, 26 Apr 2017 06:56:34 +0000 (08:56 +0200)
diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex

index d9ff7e5305b2e55e7022e4bb12c6d4b7811fd4ea..b5b829ca0532d8fd539e303f853dc21fa358bdd6 100644 (file)
--- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
@@ -163,11 +163,16 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
  
    def retweet(%{assigns: %{user: user}} = conn, %{"id" => id}) do
      activity = Repo.get(Activity, id)
-    {:ok, status} = TwitterAPI.retweet(user, activity)
-    response = Poison.encode!(status)
+    if activity.data["actor"] == user.ap_id do
+      bad_request_reply(conn, "You cannot repeat your own notice.")
+    else
+      {:ok, status} = TwitterAPI.retweet(user, activity)
+      response = Poison.encode!(status)
  
-    conn
-    |> json_reply(200, response)
+      conn
+
+      |> json_reply(200, response)
+    end
    end
  
    def register(conn, params) do
diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs

index 766268ce96f97d0142e680b65b52525e666218a2..6c249be7d619a0807437b3ce5e795f080cc6e46f 100644 (file)
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -331,11 +331,21 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
      test "with credentials", %{conn: conn, user: current_user} do
        note_activity = insert(:note_activity)
  
-      conn = conn
-      |> with_credentials(current_user.nickname, "test")
-      |> post("/api/statuses/retweet/#{note_activity.id}.json")
+      request_path = "/api/statuses/retweet/#{note_activity.id}.json"
  
-      assert json_response(conn, 200)
+      user = Repo.get_by(User, ap_id: note_activity.data["actor"])
+      response = conn
+      |> with_credentials(user.nickname, "test")
+      |> post(request_path)
+      assert json_response(response, 400) == %{"error" => "You cannot repeat your own notice.",
+                                               "request" => request_path}
+
+      response = conn
+      |> with_credentials(current_user.nickname, "test")
+      |> post(request_path)
+      activity = Repo.get(Activity, note_activity.id)
+      activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
+      assert json_response(response, 200) == ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
      end
    end
author	Roger Braun <roger@rogerbraun.net>
	Wed, 26 Apr 2017 06:56:34 +0000 (08:56 +0200)
committer	Roger Braun <roger@rogerbraun.net>
	Wed, 26 Apr 2017 06:56:34 +0000 (08:56 +0200)
lib/pleroma/web/twitter_api/twitter_api_controller.ex		patch \| blob \| history
test/web/twitter_api/twitter_api_controller_test.exs		patch \| blob \| history