Merge branch 'fix/1732-authless-following-followers' into 'develop'
[FIX] [#1732] Made AP C2S :followers and :following endpoints serve on no auth Closes #1732 See merge request pleroma/pleroma!2463
This commit is contained in:
commit
e186d9941d
|
@ -37,9 +37,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
|
||||||
[unless_func: &FederatingPlug.federating?/0] when action not in @federating_only_actions
|
[unless_func: &FederatingPlug.federating?/0] when action not in @federating_only_actions
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Note: :following and :followers must be served even without authentication (as via :api)
|
||||||
plug(
|
plug(
|
||||||
EnsureAuthenticatedPlug
|
EnsureAuthenticatedPlug
|
||||||
when action in [:read_inbox, :update_outbox, :whoami, :upload_media, :following, :followers]
|
when action in [:read_inbox, :update_outbox, :whoami, :upload_media]
|
||||||
)
|
)
|
||||||
|
|
||||||
plug(
|
plug(
|
||||||
|
|
|
@ -585,6 +585,7 @@ defmodule Pleroma.Web.Router do
|
||||||
post("/users/:nickname/outbox", ActivityPubController, :update_outbox)
|
post("/users/:nickname/outbox", ActivityPubController, :update_outbox)
|
||||||
post("/api/ap/upload_media", ActivityPubController, :upload_media)
|
post("/api/ap/upload_media", ActivityPubController, :upload_media)
|
||||||
|
|
||||||
|
# The following two are S2S as well, see `ActivityPub.fetch_follow_information_for_user/1`:
|
||||||
get("/users/:nickname/followers", ActivityPubController, :followers)
|
get("/users/:nickname/followers", ActivityPubController, :followers)
|
||||||
get("/users/:nickname/following", ActivityPubController, :following)
|
get("/users/:nickname/following", ActivityPubController, :following)
|
||||||
end
|
end
|
||||||
|
|
|
@ -1055,12 +1055,12 @@ test "it works for more than 10 users", %{conn: conn} do
|
||||||
assert result["totalItems"] == 15
|
assert result["totalItems"] == 15
|
||||||
end
|
end
|
||||||
|
|
||||||
test "returns 403 if requester is not logged in", %{conn: conn} do
|
test "does not require authentication", %{conn: conn} do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
|
|
||||||
conn
|
conn
|
||||||
|> get("/users/#{user.nickname}/followers")
|
|> get("/users/#{user.nickname}/followers")
|
||||||
|> json_response(403)
|
|> json_response(200)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -1152,12 +1152,12 @@ test "it works for more than 10 users", %{conn: conn} do
|
||||||
assert result["totalItems"] == 15
|
assert result["totalItems"] == 15
|
||||||
end
|
end
|
||||||
|
|
||||||
test "returns 403 if requester is not logged in", %{conn: conn} do
|
test "does not require authentication", %{conn: conn} do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
|
|
||||||
conn
|
conn
|
||||||
|> get("/users/#{user.nickname}/following")
|
|> get("/users/#{user.nickname}/following")
|
||||||
|> json_response(403)
|
|> json_response(200)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue