X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Ftwitter_api%2Fcontrollers%2Fremote_follow_controller.ex;h=fbf31c7eb1a2a1c03affe32268bbd0e1352b35c1;hb=3eddd9caa61a2ac431eb57cd4c835db608702a7d;hp=460a42566147c02301c06f53e8290e3de9bff40a;hpb=5b8415601346447b9a66b1eabfc7538191892a76;p=akkoma
diff --git a/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex b/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex
index 460a42566..fbf31c7eb 100644
--- a/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex
@@ -1,5 +1,5 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors
+# Copyright © 2017-2020 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do
@@ -16,7 +16,12 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do
@status_types ["Article", "Event", "Note", "Video", "Page", "Question"]
- plug(OAuthScopesPlug, %{scopes: ["follow", "write:follows"]} when action in [:do_follow])
+ # Note: follower can submit the form (with password auth) not being signed in (having no token)
+ plug(
+ OAuthScopesPlug,
+ %{fallback: :proceed_unauthenticated, scopes: ["follow", "write:follows"]}
+ when action in [:do_follow]
+ )
# GET /ostatus_subscribe
#
@@ -30,7 +35,7 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do
defp follow_status(conn, _user, acct) do
with {:ok, object} <- Fetcher.fetch_object_from_id(acct),
%Activity{id: activity_id} <- Activity.get_create_by_object_ap_id(object.data["id"]) do
- redirect(conn, to: "/notice/#{activity_id}")
+ redirect(conn, to: o_status_path(conn, :notice, activity_id))
else
error ->
handle_follow_error(conn, error)
@@ -61,27 +66,32 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do
# POST /ostatus_subscribe
#
- def do_follow(conn, %{"authorization" => %{"name" => _, "password" => _, "id" => id}}) do
+ def do_follow(%{assigns: %{user: %User{} = user}} = conn, %{"user" => %{"id" => id}}) do
with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)},
- {_, {:ok, user}, _} <- {:auth, Authenticator.get_user(conn), followee},
{:ok, _, _, _} <- CommonAPI.follow(user, followee) do
- render(conn, "followed.html", %{error: false})
+ redirect(conn, to: "/users/#{followee.id}")
else
error ->
handle_follow_error(conn, error)
end
end
- def do_follow(%{assigns: %{user: user}} = conn, %{"user" => %{"id" => id}}) do
+ def do_follow(conn, %{"authorization" => %{"name" => _, "password" => _, "id" => id}}) do
with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)},
+ {_, {:ok, user}, _} <- {:auth, Authenticator.get_user(conn), followee},
{:ok, _, _, _} <- CommonAPI.follow(user, followee) do
- render(conn, "followed.html", %{error: false})
+ redirect(conn, to: "/users/#{followee.id}")
else
error ->
handle_follow_error(conn, error)
end
end
+ def do_follow(%{assigns: %{user: nil}} = conn, _) do
+ Logger.debug("Insufficient permissions: follow | write:follows.")
+ render(conn, "followed.html", %{error: "Insufficient permissions: follow | write:follows."})
+ end
+
defp handle_follow_error(conn, {:auth, _, followee} = _) do
render(conn, "follow_login.html", %{error: "Wrong username or password", followee: followee})
end