From: William Pitcock Date: Fri, 25 May 2018 03:16:02 +0000 (+0000) Subject: user: do not allow refollowing somebody who has blocked a user X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=1d88abf2d4834a6dac95c655b9d27cf50377010a;p=akkoma user: do not allow refollowing somebody who has blocked a user --- diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 690cc7cf3..508f14584 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -170,25 +170,30 @@ defmodule Pleroma.User do def follow(%User{} = follower, %User{info: info} = followed) do ap_followers = followed.follower_address - if following?(follower, followed) or info["deactivated"] do - {:error, "Could not follow user: #{followed.nickname} is already on your list."} - else - if !followed.local && follower.local && !ap_enabled?(followed) do - Websub.subscribe(follower, followed) - end + cond do + following?(follower, followed) or info["deactivated"] -> + {:error, "Could not follow user: #{followed.nickname} is already on your list."} - following = - [ap_followers | follower.following] - |> Enum.uniq() + blocks?(followed, follower) -> + {:error, "Could not follow user: #{followed.nickname} blocked you."} - follower = - follower - |> follow_changeset(%{following: following}) - |> update_and_set_cache + true -> + if !followed.local && follower.local && !ap_enabled?(followed) do + Websub.subscribe(follower, followed) + end + + following = + [ap_followers | follower.following] + |> Enum.uniq() - {:ok, _} = update_follower_count(followed) + follower = + follower + |> follow_changeset(%{following: following}) + |> update_and_set_cache - follower + {:ok, _} = update_follower_count(followed) + + follower end end diff --git a/test/user_test.exs b/test/user_test.exs index 9506b58fa..8c8cfd673 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -46,6 +46,15 @@ defmodule Pleroma.UserTest do {:error, _} = User.follow(user, followed) end + test "can't follow a user who blocked us" do + blocker = insert(:user) + blockee = insert(:user) + + {:ok, blocker} = User.block(blocker, blockee) + + {:error, _} = User.follow(blockee, blocker) + end + # This is a somewhat useless test. # test "following a remote user will ensure a websub subscription is present" do # user = insert(:user)