- Add documented-but-missing chat pagination.
- Allow sending out emails again.
+- OStatus / static FE endpoints: fixed inaccessibility for anonymous users on non-federating instances, switched to handling per `:restrict_unauthenticated` setting.
## Unreleased (Patch)
with id <- Endpoint.url() <> conn.request_path,
{_, %Activity{} = activity} <-
{:activity, Activity.get_create_by_object_ap_id_with_object(id)},
- {_, true} <- {:public?, Visibility.is_public?(activity)},
- {_, true} <- {:visible?, Visibility.visible_for_user?(activity, _reading_user = nil)} do
+ {_, true} <- {:public?, Visibility.is_public?(activity)} do
redirect(conn, to: "/notice/#{activity.id}")
else
- reason when reason in [{:public?, false}, {:visible?, false}, {:activity, nil}] ->
+ reason when reason in [{:public?, false}, {:activity, nil}] ->
{:error, :not_found}
e ->
def activity(conn, _params) do
with id <- Endpoint.url() <> conn.request_path,
{_, %Activity{} = activity} <- {:activity, Activity.normalize(id)},
- {_, true} <- {:public?, Visibility.is_public?(activity)},
- {_, true} <- {:visible?, Visibility.visible_for_user?(activity, _reading_user = nil)} do
+ {_, true} <- {:public?, Visibility.is_public?(activity)} do
redirect(conn, to: "/notice/#{activity.id}")
else
- reason when reason in [{:public?, false}, {:visible?, false}, {:activity, nil}] ->
+ reason when reason in [{:public?, false}, {:activity, nil}] ->
{:error, :not_found}
e ->
def notice(%{assigns: %{format: format}} = conn, %{"id" => id}) do
with {_, %Activity{} = activity} <- {:activity, Activity.get_by_id_with_object(id)},
{_, true} <- {:public?, Visibility.is_public?(activity)},
- {_, true} <- {:visible?, Visibility.visible_for_user?(activity, _reading_user = nil)},
%User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
cond do
format in ["json", "activity+json"] ->
RedirectController.redirector(conn, nil)
end
else
- reason when reason in [{:public?, false}, {:visible?, false}, {:activity, nil}] ->
+ reason when reason in [{:public?, false}, {:activity, nil}] ->
conn
|> put_status(404)
|> RedirectController.redirector(nil, 404)
plug(:accepts, ["html"])
end
+ pipeline :accepts_html_xml do
+ plug(:accepts, ["html", "xml", "rss", "atom"])
+ end
+
+ pipeline :accepts_html_json do
+ plug(:accepts, ["html", "activity+json", "json"])
+ end
+
+ pipeline :accepts_html_xml_json do
+ plug(:accepts, ["html", "xml", "rss", "atom", "activity+json", "json"])
+ end
+
pipeline :accepts_xml_rss_atom do
plug(:accepts, ["xml", "rss", "atom"])
end
)
end
- pipeline :ostatus_html_json do
- plug(:accepts, ["html", "activity+json", "json"])
- plug(Pleroma.Plugs.StaticFEPlug)
- end
-
- pipeline :ostatus_html_xml do
- plug(:accepts, ["html", "xml", "rss", "atom"])
- plug(Pleroma.Plugs.StaticFEPlug)
- end
-
- pipeline :ostatus_html_xml_json do
- plug(:accepts, ["html", "xml", "rss", "atom", "activity+json", "json"])
- plug(Pleroma.Plugs.StaticFEPlug)
- end
-
scope "/", Pleroma.Web do
# Note: html format is supported only if static FE is enabled
- pipe_through(:ostatus_html_json)
+ # Note: http signature is only considered for json requests (no auth for non-json requests)
+ pipe_through([:accepts_html_json, :http_signature, Pleroma.Plugs.StaticFEPlug])
get("/objects/:uuid", OStatus.OStatusController, :object)
get("/activities/:uuid", OStatus.OStatusController, :activity)
scope "/", Pleroma.Web do
# Note: html format is supported only if static FE is enabled
- pipe_through(:ostatus_html_xml_json)
+ # Note: http signature is only considered for json requests (no auth for non-json requests)
+ pipe_through([:accepts_html_xml_json, :http_signature, Pleroma.Plugs.StaticFEPlug])
- # Note: for json format responds with user profile (not user feed)
+ # Note: returns user _profile_ for json requests, redirects to user _feed_ for non-json ones
get("/users/:nickname", Feed.UserController, :feed_redirect, as: :user_feed)
end
scope "/", Pleroma.Web do
# Note: html format is supported only if static FE is enabled
- pipe_through(:ostatus_html_xml)
+ pipe_through([:accepts_html_xml, Pleroma.Plugs.StaticFEPlug])
+
get("/users/:nickname/feed", Feed.UserController, :feed, as: :user_feed)
end
assert html_response(conn, 200) =~ user.nickname
end
+
+ test "returns 404 for local user with `restrict_unauthenticated/profiles/local` setting", %{
+ conn: conn
+ } do
+ clear_config([:restrict_unauthenticated, :profiles, :local], true)
+
+ local_user = insert(:user, local: true)
+
+ conn
+ |> get("/users/#{local_user.nickname}")
+ |> html_response(404)
+ end
end
describe "notice html" do
assert html_response(conn, 200) =~ "testing a thing!"
end
+
+ test "returns 404 for local public activity with `restrict_unauthenticated/activities/local` setting",
+ %{conn: conn, user: user} do
+ clear_config([:restrict_unauthenticated, :activities, :local], true)
+
+ {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
+
+ conn
+ |> get("/notice/#{activity.id}")
+ |> html_response(404)
+ end
end
end
projects / akkoma / commitdiff