projects / akkoma / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 00e6216)
[#2409] Made `GET /api/v1/accounts/:id/favourites` auth-optional, adjusted tests.
authorIvan Tashkinov <ivantashkinov@gmail.com>
Fri, 24 Apr 2020 19:25:27 +0000 (22:25 +0300)
committerIvan Tashkinov <ivantashkinov@gmail.com>
Fri, 24 Apr 2020 19:25:27 +0000 (22:25 +0300)
lib/pleroma/web/mastodon_api/controllers/status_controller.ex patch | blob | history
lib/pleroma/web/pleroma_api/controllers/account_controller.ex patch | blob | history
lib/pleroma/web/router.ex patch | blob | history
test/web/pleroma_api/controllers/account_controller_test.exs patch | blob | history

diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
index 4fa9a21202f612cecf68d9db033e84e8e8414db4..45601ff5992733c63f9004e299aa4c754d2423ed 100644 (file)
--- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
@@ -357,7 +357,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
   end
 
   @doc "GET /api/v1/favourites"
-  def favourites(%{assigns: %{user: user}} = conn, params) do
+  def favourites(%{assigns: %{user: %User{} = user}} = conn, params) do
     activities =
       ActivityPub.fetch_favourites(
         user,
diff --git a/lib/pleroma/web/pleroma_api/controllers/account_controller.ex b/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
index 237c8157e6f3b3f899af4af7879463a729979c9e..be7477867b3592766fa10170331922c90c50c6a9 100644 (file)
--- a/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
@@ -39,7 +39,10 @@ defmodule Pleroma.Web.PleromaAPI.AccountController do
          ]
   )
 
-  plug(OAuthScopesPlug, %{scopes: ["read:favourites"]} when action == :favourites)
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["read:favourites"], fallback: :proceed_unauthenticated} when action == :favourites
+  )
 
   plug(RateLimiter, [name: :account_confirmation_resend] when action == :confirmation_resend)
 
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 57efc3314f3134df45c45801013d3780c24b26c3..becce3098f3838d39ac7c641b25187159fc7389a 100644 (file)
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -312,10 +312,14 @@ defmodule Pleroma.Web.Router do
       post("/scrobble", ScrobbleController, :new_scrobble)
     end
 
+    scope [] do
+      pipe_through(:api)
+      get("/accounts/:id/favourites", AccountController, :favourites)
+    end
+
     scope [] do
       pipe_through(:authenticated_api)
 
-      get("/accounts/:id/favourites", AccountController, :favourites)
       post("/accounts/:id/subscribe", AccountController, :subscribe)
       post("/accounts/:id/unsubscribe", AccountController, :unsubscribe)
     end
@@ -404,6 +408,7 @@ defmodule Pleroma.Web.Router do
     put("/scheduled_statuses/:id", ScheduledActivityController, :update)
     delete("/scheduled_statuses/:id", ScheduledActivityController, :delete)
 
+    # Unlike `GET /api/v1/accounts/:id/favourites`, demands authentication
     get("/favourites", StatusController, :favourites)
     get("/bookmarks", StatusController, :bookmarks)
 
diff --git a/test/web/pleroma_api/controllers/account_controller_test.exs b/test/web/pleroma_api/controllers/account_controller_test.exs
index ae5334015aa56e029203a922328236a6050b9d10..6b671a667a7c9811601e277571083c0d779aeefa 100644 (file)
--- a/test/web/pleroma_api/controllers/account_controller_test.exs
+++ b/test/web/pleroma_api/controllers/account_controller_test.exs
@@ -151,15 +151,18 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
       assert like["id"] == activity.id
     end
 
-    test "does not return favorites for specified user_id when user is not logged in", %{
+    test "returns favorites for specified user_id when requester is not logged in", %{
       user: user
     } do
       activity = insert(:note_activity)
       CommonAPI.favorite(user, activity.id)
 
-      build_conn()
-      |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
-      |> json_response(403)
+      response =
+        build_conn()
+        |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
+        |> json_response(200)
+
+      assert length(response) == 1
     end
 
     test "returns favorited DM only when user is logged in and he is one of recipients", %{
@@ -185,9 +188,12 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
         assert length(response) == 1
       end
 
-      build_conn()
-      |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
-      |> json_response(403)
+      response =
+        build_conn()
+        |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
+        |> json_response(200)
+
+      assert length(response) == 0
     end
 
     test "does not return others' favorited DM when user is not one of recipients", %{
Fork of https://akkoma.dev/AkkomaGang/akkoma.git