--- /dev/null
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Plugs.TrailingFormatPlug do
+ @moduledoc "Calls TrailingFormatPlug for specific paths. Ideally we would just do this in the router, but TrailingFormatPlug needs to be called before Plug.Parsers."
+
+ @behaviour Plug
+ @paths [
+ "/api/statusnet",
+ "/api/statuses",
+ "/api/qvitter",
+ "/api/search",
+ "/api/account",
+ "/api/friends",
+ "/api/mutes",
+ "/api/media",
+ "/api/favorites",
+ "/api/blocks",
+ "/api/friendships",
+ "/api/users",
+ "/users",
+ "/nodeinfo",
+ "/api/help",
+ "/api/externalprofile",
+ "/notice"
+ ]
+
+ def init(opts) do
+ TrailingFormatPlug.init(opts)
+ end
+
+ for path <- @paths do
+ def call(%{request_path: unquote(path) <> _} = conn, opts) do
+ TrailingFormatPlug.call(conn, opts)
+ end
+ end
+
+ def call(conn, _opts), do: conn
+end
end
def user(%{assigns: %{user: for_user}} = conn, %{"id" => nickname_or_id}) do
- with %User{} = user <- User.get_cached_by_nickname_or_id(nickname_or_id),
+ with %User{} = user <- get_user_by_nickname_or_id(for_user, nickname_or_id),
true <- User.auth_active?(user) || user.id == for_user.id || User.superuser?(for_user) do
account = AccountView.render("account.json", %{user: user, for: for_user})
json(conn, account)
end
def user_statuses(%{assigns: %{user: reading_user}} = conn, params) do
- with %User{} = user <- User.get_cached_by_nickname_or_id(params["id"]) do
+ with %User{} = user <- get_user_by_nickname_or_id(reading_user, params["id"]) do
params =
params
|> Map.put("tag", params["tagged"])
defp present?(nil), do: false
defp present?(false), do: false
defp present?(_), do: true
+
+ defp get_user_by_nickname_or_id(for_user, nickname_or_id) do
+ restrict_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
+
+ opts =
+ cond do
+ restrict_to_local == :all ->
+ [restrict_remote_nicknames: true]
+
+ restrict_to_local == false ->
+ []
+
+ restrict_to_local == :unauthenticated and match?(%User{}, for_user) ->
+ []
+
+ true ->
+ [restrict_remote_nicknames: true]
+ end
+
+ User.get_cached_by_nickname_or_id(nickname_or_id, opts)
+ end
end
end
end
- test "account fetching", %{conn: conn} do
- user = insert(:user)
+ describe "account fetching" do
+ test "works by id" do
+ user = insert(:user)
- conn =
- conn
- |> get("/api/v1/accounts/#{user.id}")
+ conn =
+ build_conn()
+ |> get("/api/v1/accounts/#{user.id}")
- assert %{"id" => id} = json_response(conn, 200)
- assert id == to_string(user.id)
+ assert %{"id" => id} = json_response(conn, 200)
+ assert id == to_string(user.id)
- conn =
- build_conn()
- |> get("/api/v1/accounts/-1")
+ conn =
+ build_conn()
+ |> get("/api/v1/accounts/-1")
- assert %{"error" => "Can't find user"} = json_response(conn, 404)
- end
+ assert %{"error" => "Can't find user"} = json_response(conn, 404)
+ end
- test "account fetching also works nickname", %{conn: conn} do
- user = insert(:user)
+ test "works by nickname" do
+ user = insert(:user)
- conn =
- conn
- |> get("/api/v1/accounts/#{user.nickname}")
+ conn =
+ build_conn()
+ |> get("/api/v1/accounts/#{user.nickname}")
- assert %{"id" => id} = json_response(conn, 200)
- assert id == user.id
+ assert %{"id" => id} = json_response(conn, 200)
+ assert id == user.id
+ end
+
+ test "works by nickname for remote users" do
+ limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
+ Pleroma.Config.put([:instance, :limit_to_local_content], false)
+ user = insert(:user, nickname: "user@example.com", local: false)
+
+ conn =
+ build_conn()
+ |> get("/api/v1/accounts/#{user.nickname}")
+
+ Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
+ assert %{"id" => id} = json_response(conn, 200)
+ assert id == user.id
+ end
+
+ test "respects limit_to_local_content == :all for remote user nicknames" do
+ limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
+ Pleroma.Config.put([:instance, :limit_to_local_content], :all)
+
+ user = insert(:user, nickname: "user@example.com", local: false)
+
+ conn =
+ build_conn()
+ |> get("/api/v1/accounts/#{user.nickname}")
+
+ Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
+ assert json_response(conn, 404)
+ end
+
+ test "respects limit_to_local_content == :unauthenticated for remote user nicknames" do
+ limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
+ Pleroma.Config.put([:instance, :limit_to_local_content], :unauthenticated)
+
+ user = insert(:user, nickname: "user@example.com", local: false)
+ reading_user = insert(:user)
+
+ conn =
+ build_conn()
+ |> get("/api/v1/accounts/#{user.nickname}")
+
+ assert json_response(conn, 404)
+
+ conn =
+ build_conn()
+ |> assign(:user, reading_user)
+ |> get("/api/v1/accounts/#{user.nickname}")
+
+ Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
+ assert %{"id" => id} = json_response(conn, 200)
+ assert id == user.id
+ end
end
test "mascot upload", %{conn: conn} do
projects / akkoma / commitdiff