def whoami(_conn, _params), do: {:error, :not_found}
- def read_inbox(%{assigns: %{user: user}} = conn, %{"nickname" => nickname} = params) do
- if nickname == user.nickname do
- conn
- |> put_resp_content_type("application/activity+json")
- |> json(UserView.render("inbox.json", %{user: user, max_id: params["max_id"]}))
- else
- err =
- dgettext("errors", "can't read inbox of %{nickname} as %{as_nickname}",
- nickname: nickname,
- as_nickname: user.nickname
- )
+ def read_inbox(
+ %{assigns: %{user: %{nickname: nickname} = user}} = conn,
+ %{"nickname" => nickname} = params
+ ) do
+ conn
+ |> put_resp_content_type("application/activity+json")
+ |> put_view(UserView)
+ |> render("inbox.json", user: user, max_id: params["max_id"])
+ end
- conn
- |> put_status(:forbidden)
- |> json(err)
- end
+ def read_inbox(%{assigns: %{user: nil}} = conn, %{"nickname" => nickname}) do
+ err = dgettext("errors", "can't read inbox of %{nickname}", nickname: nickname)
+
+ conn
+ |> put_status(:forbidden)
+ |> json(err)
+ end
+
+ def read_inbox(%{assigns: %{user: %{nickname: as_nickname}}} = conn, %{
+ "nickname" => nickname
+ }) do
+ err =
+ dgettext("errors", "can't read inbox of %{nickname} as %{as_nickname}",
+ nickname: nickname,
+ as_nickname: as_nickname
+ )
+
+ conn
+ |> put_status(:forbidden)
+ |> json(err)
end
def handle_user_activity(user, %{"type" => "Create"} = params) do
assert json_response(conn, 403)
end
+ test "it doesn't crash without an authenticated user", %{conn: conn} do
+ user = insert(:user)
+
+ conn =
+ conn
+ |> put_req_header("accept", "application/activity+json")
+ |> get("/users/#{user.nickname}/inbox")
+
+ assert json_response(conn, 403)
+ end
+
test "it returns a note activity in a collection", %{conn: conn} do
note_activity = insert(:direct_note_activity)
note_object = Object.normalize(note_activity)
projects / akkoma / commitdiff