[#1973] Fixed accounts rendering in GET /api/v1/pleroma/chats with truish :restrict_unauthenticated.

Made `Pleroma.Web.MastodonAPI.AccountView.render("show.json", _)` demand :for or :force option in order to prevent incorrect rendering of empty map instead of expected user representation with truish :restrict_unauthenticated setting.
This commit is contained in:
Ivan Tashkinov 2020-07-22 19:06:00 +03:00
parent 1c9752cff4
commit 6f5f7af607
20 changed files with 143 additions and 82 deletions

View File

@ -719,15 +719,18 @@ defmodule Pleroma.Web.ActivityPub.Utils do
case Activity.get_by_ap_id_with_object(id) do case Activity.get_by_ap_id_with_object(id) do
%Activity{} = activity -> %Activity{} = activity ->
activity_actor = User.get_by_ap_id(activity.object.data["actor"])
%{ %{
"type" => "Note", "type" => "Note",
"id" => activity.data["id"], "id" => activity.data["id"],
"content" => activity.object.data["content"], "content" => activity.object.data["content"],
"published" => activity.object.data["published"], "published" => activity.object.data["published"],
"actor" => "actor" =>
AccountView.render("show.json", %{ AccountView.render(
user: User.get_by_ap_id(activity.object.data["actor"]) "show.json",
}) %{user: activity_actor, force: true}
)
} }
_ -> _ ->

View File

@ -345,7 +345,11 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
with {:ok, users, count} <- Search.user(Map.merge(search_params, filters)) do with {:ok, users, count} <- Search.user(Map.merge(search_params, filters)) do
json( json(
conn, conn,
AccountView.render("index.json", users: users, count: count, page_size: page_size) AccountView.render("index.json",
users: users,
count: count,
page_size: page_size
)
) )
end end
end end

View File

@ -105,7 +105,7 @@ defmodule Pleroma.Web.AdminAPI.AccountView do
end end
def merge_account_views(%User{} = user) do def merge_account_views(%User{} = user) do
MastodonAPI.AccountView.render("show.json", %{user: user}) MastodonAPI.AccountView.render("show.json", %{user: user, force: true})
|> Map.merge(AdminAPI.AccountView.render("show.json", %{user: user})) |> Map.merge(AdminAPI.AccountView.render("show.json", %{user: user}))
end end

View File

@ -4,8 +4,10 @@
defmodule Pleroma.Web.ChatChannel do defmodule Pleroma.Web.ChatChannel do
use Phoenix.Channel use Phoenix.Channel
alias Pleroma.User alias Pleroma.User
alias Pleroma.Web.ChatChannel.ChatChannelState alias Pleroma.Web.ChatChannel.ChatChannelState
alias Pleroma.Web.MastodonAPI.AccountView
def join("chat:public", _message, socket) do def join("chat:public", _message, socket) do
send(self(), :after_join) send(self(), :after_join)
@ -22,9 +24,9 @@ defmodule Pleroma.Web.ChatChannel do
if String.length(text) in 1..Pleroma.Config.get([:instance, :chat_limit]) do if String.length(text) in 1..Pleroma.Config.get([:instance, :chat_limit]) do
author = User.get_cached_by_nickname(user_name) author = User.get_cached_by_nickname(user_name)
author = Pleroma.Web.MastodonAPI.AccountView.render("show.json", user: author) author_json = AccountView.render("show.json", user: author, force: true)
message = ChatChannelState.add_message(%{text: text, author: author}) message = ChatChannelState.add_message(%{text: text, author: author_json})
broadcast!(socket, "new_msg", message) broadcast!(socket, "new_msg", message)
end end

View File

@ -93,7 +93,6 @@ defmodule Pleroma.Web.MastodonAPI.SearchController do
AccountView.render("index.json", AccountView.render("index.json",
users: accounts, users: accounts,
for: options[:for_user], for: options[:for_user],
as: :user,
embed_relationships: options[:embed_relationships] embed_relationships: options[:embed_relationships]
) )
end end

View File

@ -27,21 +27,38 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
UserRelationship.view_relationships_option(reading_user, users) UserRelationship.view_relationships_option(reading_user, users)
end end
opts = Map.put(opts, :relationships, relationships_opt) opts =
opts
|> Map.merge(%{relationships: relationships_opt, as: :user})
|> Map.delete(:users)
users users
|> render_many(AccountView, "show.json", opts) |> render_many(AccountView, "show.json", opts)
|> Enum.filter(&Enum.any?/1) |> Enum.filter(&Enum.any?/1)
end end
def render("show.json", %{user: user} = opts) do @doc """
if User.visible_for(user, opts[:for]) == :visible do Renders specified user account.
:force option skips visibility check and renders any user (local or remote)
regardless of [:pleroma, :restrict_unauthenticated] setting.
:for option specifies the requester and can be a User record or nil.
"""
def render("show.json", %{user: _user, force: true} = opts) do
do_render("show.json", opts)
end
def render("show.json", %{user: user, for: for_user_or_nil} = opts) do
if User.visible_for(user, for_user_or_nil) == :visible do
do_render("show.json", opts) do_render("show.json", opts)
else else
%{} %{}
end end
end end
def render("show.json", _) do
raise "In order to prevent account accessibility issues, :force or :for option is required."
end
def render("mention.json", %{user: user}) do def render("mention.json", %{user: user}) do
%{ %{
id: to_string(user.id), id: to_string(user.id),

View File

@ -38,7 +38,7 @@ defmodule Pleroma.Web.MastodonAPI.ConversationView do
%{ %{
id: participation.id |> to_string(), id: participation.id |> to_string(),
accounts: render(AccountView, "index.json", users: users, as: :user), accounts: render(AccountView, "index.json", users: users, for: user),
unread: !participation.read, unread: !participation.read,
last_status: last_status:
render(StatusView, "show.json", render(StatusView, "show.json",

View File

@ -89,11 +89,11 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
cm_ref <- MessageReference.for_chat_and_object(chat, message) do cm_ref <- MessageReference.for_chat_and_object(chat, message) do
conn conn
|> put_view(MessageReferenceView) |> put_view(MessageReferenceView)
|> render("show.json", for: user, chat_message_reference: cm_ref) |> render("show.json", chat_message_reference: cm_ref)
end end
end end
def mark_message_as_read(%{assigns: %{user: %{id: user_id} = user}} = conn, %{ def mark_message_as_read(%{assigns: %{user: %{id: user_id}}} = conn, %{
id: chat_id, id: chat_id,
message_id: message_id message_id: message_id
}) do }) do
@ -104,12 +104,15 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
{:ok, cm_ref} <- MessageReference.mark_as_read(cm_ref) do {:ok, cm_ref} <- MessageReference.mark_as_read(cm_ref) do
conn conn
|> put_view(MessageReferenceView) |> put_view(MessageReferenceView)
|> render("show.json", for: user, chat_message_reference: cm_ref) |> render("show.json", chat_message_reference: cm_ref)
end end
end end
def mark_as_read( def mark_as_read(
%{body_params: %{last_read_id: last_read_id}, assigns: %{user: %{id: user_id}}} = conn, %{
body_params: %{last_read_id: last_read_id},
assigns: %{user: %{id: user_id}}
} = conn,
%{id: id} %{id: id}
) do ) do
with %Chat{} = chat <- Repo.get_by(Chat, id: id, user_id: user_id), with %Chat{} = chat <- Repo.get_by(Chat, id: id, user_id: user_id),
@ -121,7 +124,7 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
end end
end end
def messages(%{assigns: %{user: %{id: user_id} = user}} = conn, %{id: id} = params) do def messages(%{assigns: %{user: %{id: user_id}}} = conn, %{id: id} = params) do
with %Chat{} = chat <- Repo.get_by(Chat, id: id, user_id: user_id) do with %Chat{} = chat <- Repo.get_by(Chat, id: id, user_id: user_id) do
cm_refs = cm_refs =
chat chat
@ -130,7 +133,7 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
conn conn
|> put_view(MessageReferenceView) |> put_view(MessageReferenceView)
|> render("index.json", for: user, chat_message_references: cm_refs) |> render("index.json", chat_message_references: cm_refs)
else else
_ -> _ ->
conn conn

View File

@ -15,10 +15,11 @@ defmodule Pleroma.Web.PleromaAPI.ChatView do
def render("show.json", %{chat: %Chat{} = chat} = opts) do def render("show.json", %{chat: %Chat{} = chat} = opts) do
recipient = User.get_cached_by_ap_id(chat.recipient) recipient = User.get_cached_by_ap_id(chat.recipient)
last_message = opts[:last_message] || MessageReference.last_message_for_chat(chat) last_message = opts[:last_message] || MessageReference.last_message_for_chat(chat)
account_view_opts = account_view_opts(opts, recipient)
%{ %{
id: chat.id |> to_string(), id: chat.id |> to_string(),
account: AccountView.render("show.json", Map.put(opts, :user, recipient)), account: AccountView.render("show.json", account_view_opts),
unread: MessageReference.unread_count_for_chat(chat), unread: MessageReference.unread_count_for_chat(chat),
last_message: last_message:
last_message && last_message &&
@ -27,7 +28,17 @@ defmodule Pleroma.Web.PleromaAPI.ChatView do
} }
end end
def render("index.json", %{chats: chats}) do def render("index.json", %{chats: chats} = opts) do
render_many(chats, __MODULE__, "show.json") render_many(chats, __MODULE__, "show.json", Map.delete(opts, :chats))
end
defp account_view_opts(opts, recipient) do
account_view_opts = Map.put(opts, :user, recipient)
if Map.has_key?(account_view_opts, :for) do
account_view_opts
else
Map.put(account_view_opts, :force, true)
end
end end
end end

View File

@ -17,7 +17,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiReactionView do
%{ %{
name: emoji, name: emoji,
count: length(users), count: length(users),
accounts: render(AccountView, "index.json", users: users, for: user, as: :user), accounts: render(AccountView, "index.json", users: users, for: user),
me: !!(user && user.ap_id in user_ap_ids) me: !!(user && user.ap_id in user_ap_ids)
} }
end end

View File

@ -15,14 +15,14 @@
"certifi": {:hex, :certifi, "2.5.2", "b7cfeae9d2ed395695dd8201c57a2d019c0c43ecaf8b8bcb9320b40d6662f340", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm", "3b3b5f36493004ac3455966991eaf6e768ce9884693d9968055aeeeb1e575040"}, "certifi": {:hex, :certifi, "2.5.2", "b7cfeae9d2ed395695dd8201c57a2d019c0c43ecaf8b8bcb9320b40d6662f340", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm", "3b3b5f36493004ac3455966991eaf6e768ce9884693d9968055aeeeb1e575040"},
"combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm", "1b1dbc1790073076580d0d1d64e42eae2366583e7aecd455d1215b0d16f2451b"}, "combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm", "1b1dbc1790073076580d0d1d64e42eae2366583e7aecd455d1215b0d16f2451b"},
"comeonin": {:hex, :comeonin, "5.3.1", "7fe612b739c78c9c1a75186ef2d322ce4d25032d119823269d0aa1e2f1e20025", [:mix], [], "hexpm", "d6222483060c17f0977fad1b7401ef0c5863c985a64352755f366aee3799c245"}, "comeonin": {:hex, :comeonin, "5.3.1", "7fe612b739c78c9c1a75186ef2d322ce4d25032d119823269d0aa1e2f1e20025", [:mix], [], "hexpm", "d6222483060c17f0977fad1b7401ef0c5863c985a64352755f366aee3799c245"},
"concurrent_limiter": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/concurrent_limiter", "8eee96c6ba39b9286ec44c51c52d9f2758951365", [ref: "8eee96c6ba39b9286ec44c51c52d9f2758951365"]}, "concurrent_limiter": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/concurrent_limiter.git", "8eee96c6ba39b9286ec44c51c52d9f2758951365", [ref: "8eee96c6ba39b9286ec44c51c52d9f2758951365"]},
"connection": {:hex, :connection, "1.0.4", "a1cae72211f0eef17705aaededacac3eb30e6625b04a6117c1b2db6ace7d5976", [:mix], [], "hexpm", "4a0850c9be22a43af9920a71ab17c051f5f7d45c209e40269a1938832510e4d9"}, "connection": {:hex, :connection, "1.0.4", "a1cae72211f0eef17705aaededacac3eb30e6625b04a6117c1b2db6ace7d5976", [:mix], [], "hexpm", "4a0850c9be22a43af9920a71ab17c051f5f7d45c209e40269a1938832510e4d9"},
"cors_plug": {:hex, :cors_plug, "1.5.2", "72df63c87e4f94112f458ce9d25800900cc88608c1078f0e4faddf20933eda6e", [:mix], [{:plug, "~> 1.3 or ~> 1.4 or ~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "9af027d20dc12dd0c4345a6b87247e0c62965871feea0bfecf9764648b02cc69"}, "cors_plug": {:hex, :cors_plug, "1.5.2", "72df63c87e4f94112f458ce9d25800900cc88608c1078f0e4faddf20933eda6e", [:mix], [{:plug, "~> 1.3 or ~> 1.4 or ~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "9af027d20dc12dd0c4345a6b87247e0c62965871feea0bfecf9764648b02cc69"},
"cowboy": {:hex, :cowboy, "2.7.0", "91ed100138a764355f43316b1d23d7ff6bdb0de4ea618cb5d8677c93a7a2f115", [:rebar3], [{:cowlib, "~> 2.8.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.7.1", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "04fd8c6a39edc6aaa9c26123009200fc61f92a3a94f3178c527b70b767c6e605"}, "cowboy": {:hex, :cowboy, "2.7.0", "91ed100138a764355f43316b1d23d7ff6bdb0de4ea618cb5d8677c93a7a2f115", [:rebar3], [{:cowlib, "~> 2.8.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.7.1", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "04fd8c6a39edc6aaa9c26123009200fc61f92a3a94f3178c527b70b767c6e605"},
"cowlib": {:hex, :cowlib, "2.8.0", "fd0ff1787db84ac415b8211573e9a30a3ebe71b5cbff7f720089972b2319c8a4", [:rebar3], [], "hexpm", "79f954a7021b302186a950a32869dbc185523d99d3e44ce430cd1f3289f41ed4"}, "cowlib": {:hex, :cowlib, "2.8.0", "fd0ff1787db84ac415b8211573e9a30a3ebe71b5cbff7f720089972b2319c8a4", [:rebar3], [], "hexpm", "79f954a7021b302186a950a32869dbc185523d99d3e44ce430cd1f3289f41ed4"},
"credo": {:hex, :credo, "1.1.5", "caec7a3cadd2e58609d7ee25b3931b129e739e070539ad1a0cd7efeeb47014f4", [:mix], [{:bunt, "~> 0.2.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "d0bbd3222607ccaaac5c0340f7f525c627ae4d7aee6c8c8c108922620c5b6446"}, "credo": {:hex, :credo, "1.1.5", "caec7a3cadd2e58609d7ee25b3931b129e739e070539ad1a0cd7efeeb47014f4", [:mix], [{:bunt, "~> 0.2.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "d0bbd3222607ccaaac5c0340f7f525c627ae4d7aee6c8c8c108922620c5b6446"},
"crontab": {:hex, :crontab, "1.1.8", "2ce0e74777dfcadb28a1debbea707e58b879e6aa0ffbf9c9bb540887bce43617", [:mix], [{:ecto, "~> 1.0 or ~> 2.0 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}], "hexpm"}, "crontab": {:hex, :crontab, "1.1.8", "2ce0e74777dfcadb28a1debbea707e58b879e6aa0ffbf9c9bb540887bce43617", [:mix], [{:ecto, "~> 1.0 or ~> 2.0 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}], "hexpm"},
"crypt": {:git, "https://github.com/msantos/crypt", "f63a705f92c26955977ee62a313012e309a4d77a", [ref: "f63a705f92c26955977ee62a313012e309a4d77a"]}, "crypt": {:git, "https://github.com/msantos/crypt.git", "f63a705f92c26955977ee62a313012e309a4d77a", [ref: "f63a705f92c26955977ee62a313012e309a4d77a"]},
"custom_base": {:hex, :custom_base, "0.2.1", "4a832a42ea0552299d81652aa0b1f775d462175293e99dfbe4d7dbaab785a706", [:mix], [], "hexpm", "8df019facc5ec9603e94f7270f1ac73ddf339f56ade76a721eaa57c1493ba463"}, "custom_base": {:hex, :custom_base, "0.2.1", "4a832a42ea0552299d81652aa0b1f775d462175293e99dfbe4d7dbaab785a706", [:mix], [], "hexpm", "8df019facc5ec9603e94f7270f1ac73ddf339f56ade76a721eaa57c1493ba463"},
"db_connection": {:hex, :db_connection, "2.2.2", "3bbca41b199e1598245b716248964926303b5d4609ff065125ce98bcd368939e", [:mix], [{:connection, "~> 1.0.2", [hex: :connection, repo: "hexpm", optional: false]}], "hexpm", "642af240d8a8affb93b4ba5a6fcd2bbcbdc327e1a524b825d383711536f8070c"}, "db_connection": {:hex, :db_connection, "2.2.2", "3bbca41b199e1598245b716248964926303b5d4609ff065125ce98bcd368939e", [:mix], [{:connection, "~> 1.0.2", [hex: :connection, repo: "hexpm", optional: false]}], "hexpm", "642af240d8a8affb93b4ba5a6fcd2bbcbdc327e1a524b825d383711536f8070c"},
"decimal": {:hex, :decimal, "1.8.1", "a4ef3f5f3428bdbc0d35374029ffcf4ede8533536fa79896dd450168d9acdf3c", [:mix], [], "hexpm", "3cb154b00225ac687f6cbd4acc4b7960027c757a5152b369923ead9ddbca7aec"}, "decimal": {:hex, :decimal, "1.8.1", "a4ef3f5f3428bdbc0d35374029ffcf4ede8533536fa79896dd450168d9acdf3c", [:mix], [], "hexpm", "3cb154b00225ac687f6cbd4acc4b7960027c757a5152b369923ead9ddbca7aec"},
@ -105,7 +105,7 @@
"sleeplocks": {:hex, :sleeplocks, "1.1.1", "3d462a0639a6ef36cc75d6038b7393ae537ab394641beb59830a1b8271faeed3", [:rebar3], [], "hexpm", "84ee37aeff4d0d92b290fff986d6a95ac5eedf9b383fadfd1d88e9b84a1c02e1"}, "sleeplocks": {:hex, :sleeplocks, "1.1.1", "3d462a0639a6ef36cc75d6038b7393ae537ab394641beb59830a1b8271faeed3", [:rebar3], [], "hexpm", "84ee37aeff4d0d92b290fff986d6a95ac5eedf9b383fadfd1d88e9b84a1c02e1"},
"ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"}, "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"},
"sweet_xml": {:hex, :sweet_xml, "0.6.6", "fc3e91ec5dd7c787b6195757fbcf0abc670cee1e4172687b45183032221b66b8", [:mix], [], "hexpm", "2e1ec458f892ffa81f9f8386e3f35a1af6db7a7a37748a64478f13163a1f3573"}, "sweet_xml": {:hex, :sweet_xml, "0.6.6", "fc3e91ec5dd7c787b6195757fbcf0abc670cee1e4172687b45183032221b66b8", [:mix], [], "hexpm", "2e1ec458f892ffa81f9f8386e3f35a1af6db7a7a37748a64478f13163a1f3573"},
"swoosh": {:git, "https://github.com/swoosh/swoosh", "c96e0ca8a00d8f211ec1f042a4626b09f249caa5", [ref: "c96e0ca8a00d8f211ec1f042a4626b09f249caa5"]}, "swoosh": {:git, "https://github.com/swoosh/swoosh.git", "c96e0ca8a00d8f211ec1f042a4626b09f249caa5", [ref: "c96e0ca8a00d8f211ec1f042a4626b09f249caa5"]},
"syslog": {:hex, :syslog, "1.1.0", "6419a232bea84f07b56dc575225007ffe34d9fdc91abe6f1b2f254fd71d8efc2", [:rebar3], [], "hexpm", "4c6a41373c7e20587be33ef841d3de6f3beba08519809329ecc4d27b15b659e1"}, "syslog": {:hex, :syslog, "1.1.0", "6419a232bea84f07b56dc575225007ffe34d9fdc91abe6f1b2f254fd71d8efc2", [:rebar3], [], "hexpm", "4c6a41373c7e20587be33ef841d3de6f3beba08519809329ecc4d27b15b659e1"},
"telemetry": {:hex, :telemetry, "0.4.2", "2808c992455e08d6177322f14d3bdb6b625fbcfd233a73505870d8738a2f4599", [:rebar3], [], "hexpm", "2d1419bd9dda6a206d7b5852179511722e2b18812310d304620c7bd92a13fcef"}, "telemetry": {:hex, :telemetry, "0.4.2", "2808c992455e08d6177322f14d3bdb6b625fbcfd233a73505870d8738a2f4599", [:rebar3], [], "hexpm", "2d1419bd9dda6a206d7b5852179511722e2b18812310d304620c7bd92a13fcef"},
"tesla": {:git, "https://github.com/teamon/tesla.git", "af3707078b10793f6a534938e56b963aff82fe3c", [ref: "af3707078b10793f6a534938e56b963aff82fe3c"]}, "tesla": {:git, "https://github.com/teamon/tesla.git", "af3707078b10793f6a534938e56b963aff82fe3c", [ref: "af3707078b10793f6a534938e56b963aff82fe3c"]},

View File

@ -1179,7 +1179,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
"id" => activity_ap_id, "id" => activity_ap_id,
"content" => content, "content" => content,
"published" => activity_with_object.object.data["published"], "published" => activity_with_object.object.data["published"],
"actor" => AccountView.render("show.json", %{user: target_account}) "actor" => AccountView.render("show.json", %{user: target_account, force: true})
} }
assert %Activity{ assert %Activity{

View File

@ -710,7 +710,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
"id" => activity.data["id"], "id" => activity.data["id"],
"content" => "test post", "content" => "test post",
"published" => object.data["published"], "published" => object.data["published"],
"actor" => AccountView.render("show.json", %{user: user}) "actor" => AccountView.render("show.json", %{user: user, force: true})
} }
message = %{ message = %{

View File

@ -482,7 +482,7 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
"id" => activity_ap_id, "id" => activity_ap_id,
"content" => content, "content" => content,
"published" => activity.object.data["published"], "published" => activity.object.data["published"],
"actor" => AccountView.render("show.json", %{user: target_account}) "actor" => AccountView.render("show.json", %{user: target_account, force: true})
} }
assert %{ assert %{

View File

@ -4,11 +4,14 @@
defmodule Pleroma.Web.AdminAPI.ReportViewTest do defmodule Pleroma.Web.AdminAPI.ReportViewTest do
use Pleroma.DataCase use Pleroma.DataCase
import Pleroma.Factory import Pleroma.Factory
alias Pleroma.Web.AdminAPI
alias Pleroma.Web.AdminAPI.Report alias Pleroma.Web.AdminAPI.Report
alias Pleroma.Web.AdminAPI.ReportView alias Pleroma.Web.AdminAPI.ReportView
alias Pleroma.Web.CommonAPI alias Pleroma.Web.CommonAPI
alias Pleroma.Web.MastodonAPI.AccountView alias Pleroma.Web.MastodonAPI
alias Pleroma.Web.MastodonAPI.StatusView alias Pleroma.Web.MastodonAPI.StatusView
test "renders a report" do test "renders a report" do
@ -21,13 +24,13 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
content: nil, content: nil,
actor: actor:
Map.merge( Map.merge(
AccountView.render("show.json", %{user: user}), MastodonAPI.AccountView.render("show.json", %{user: user, force: true}),
Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: user}) AdminAPI.AccountView.render("show.json", %{user: user})
), ),
account: account:
Map.merge( Map.merge(
AccountView.render("show.json", %{user: other_user}), MastodonAPI.AccountView.render("show.json", %{user: other_user, force: true}),
Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: other_user}) AdminAPI.AccountView.render("show.json", %{user: other_user})
), ),
statuses: [], statuses: [],
notes: [], notes: [],
@ -56,13 +59,13 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
content: nil, content: nil,
actor: actor:
Map.merge( Map.merge(
AccountView.render("show.json", %{user: user}), MastodonAPI.AccountView.render("show.json", %{user: user, force: true}),
Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: user}) AdminAPI.AccountView.render("show.json", %{user: user})
), ),
account: account:
Map.merge( Map.merge(
AccountView.render("show.json", %{user: other_user}), MastodonAPI.AccountView.render("show.json", %{user: other_user, force: true}),
Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: other_user}) AdminAPI.AccountView.render("show.json", %{user: other_user})
), ),
statuses: [StatusView.render("show.json", %{activity: activity})], statuses: [StatusView.render("show.json", %{activity: activity})],
state: "open", state: "open",

View File

@ -95,7 +95,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
} }
} }
assert expected == AccountView.render("show.json", %{user: user}) assert expected == AccountView.render("show.json", %{user: user, force: true})
end end
test "Favicon is nil when :instances_favicons is disabled" do test "Favicon is nil when :instances_favicons is disabled" do
@ -108,11 +108,12 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
favicon: favicon:
"https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png" "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png"
} }
} = AccountView.render("show.json", %{user: user}) } = AccountView.render("show.json", %{user: user, force: true})
Config.put([:instances_favicons, :enabled], false) Config.put([:instances_favicons, :enabled], false)
assert %{pleroma: %{favicon: nil}} = AccountView.render("show.json", %{user: user}) assert %{pleroma: %{favicon: nil}} =
AccountView.render("show.json", %{user: user, force: true})
end end
test "Represent the user account for the account owner" do test "Represent the user account for the account owner" do
@ -189,7 +190,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
} }
} }
assert expected == AccountView.render("show.json", %{user: user}) assert expected == AccountView.render("show.json", %{user: user, force: true})
end end
test "Represent a Funkwhale channel" do test "Represent a Funkwhale channel" do
@ -198,7 +199,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
"https://channels.tests.funkwhale.audio/federation/actors/compositions" "https://channels.tests.funkwhale.audio/federation/actors/compositions"
) )
assert represented = AccountView.render("show.json", %{user: user}) assert represented = AccountView.render("show.json", %{user: user, force: true})
assert represented.acct == "compositions@channels.tests.funkwhale.audio" assert represented.acct == "compositions@channels.tests.funkwhale.audio"
assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions" assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions"
end end
@ -223,6 +224,21 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
assert expected == AccountView.render("mention.json", %{user: user}) assert expected == AccountView.render("mention.json", %{user: user})
end end
test "demands :for or :force option for account rendering" do
clear_config([:restrict_unauthenticated, :profiles, :local], false)
user = insert(:user)
user_id = user.id
assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: nil})
assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: user})
assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, force: true})
assert_raise RuntimeError, ~r/:force or :for option is required/, fn ->
AccountView.render("show.json", %{user: user})
end
end
describe "relationship" do describe "relationship" do
defp test_relationship_rendering(user, other_user, expected_result) do defp test_relationship_rendering(user, other_user, expected_result) do
opts = %{user: user, target: other_user, relationships: nil} opts = %{user: user, target: other_user, relationships: nil}
@ -336,7 +352,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
assert result.pleroma.settings_store == %{:fe => "test"} assert result.pleroma.settings_store == %{:fe => "test"}
result = AccountView.render("show.json", %{user: user, with_pleroma_settings: true}) result = AccountView.render("show.json", %{user: user, for: nil, with_pleroma_settings: true})
assert result.pleroma[:settings_store] == nil assert result.pleroma[:settings_store] == nil
result = AccountView.render("show.json", %{user: user, for: user}) result = AccountView.render("show.json", %{user: user, for: user})
@ -345,13 +361,13 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
test "doesn't sanitize display names" do test "doesn't sanitize display names" do
user = insert(:user, name: "<marquee> username </marquee>") user = insert(:user, name: "<marquee> username </marquee>")
result = AccountView.render("show.json", %{user: user}) result = AccountView.render("show.json", %{user: user, force: true})
assert result.display_name == "<marquee> username </marquee>" assert result.display_name == "<marquee> username </marquee>"
end end
test "never display nil user follow counts" do test "never display nil user follow counts" do
user = insert(:user, following_count: 0, follower_count: 0) user = insert(:user, following_count: 0, follower_count: 0)
result = AccountView.render("show.json", %{user: user}) result = AccountView.render("show.json", %{user: user, force: true})
assert result.following_count == 0 assert result.following_count == 0
assert result.followers_count == 0 assert result.followers_count == 0
@ -375,7 +391,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
followers_count: 0, followers_count: 0,
following_count: 0, following_count: 0,
pleroma: %{hide_follows_count: true, hide_followers_count: true} pleroma: %{hide_follows_count: true, hide_followers_count: true}
} = AccountView.render("show.json", %{user: user}) } = AccountView.render("show.json", %{user: user, force: true})
end end
test "shows when follows/followers are hidden" do test "shows when follows/followers are hidden" do
@ -388,7 +404,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
followers_count: 1, followers_count: 1,
following_count: 1, following_count: 1,
pleroma: %{hide_follows: true, hide_followers: true} pleroma: %{hide_follows: true, hide_followers: true}
} = AccountView.render("show.json", %{user: user}) } = AccountView.render("show.json", %{user: user, force: true})
end end
test "shows actual follower/following count to the account owner" do test "shows actual follower/following count to the account owner" do
@ -531,7 +547,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
emoji: %{"joker_smile" => "https://evil.website/society.png"} emoji: %{"joker_smile" => "https://evil.website/society.png"}
) )
AccountView.render("show.json", %{user: user}) AccountView.render("show.json", %{user: user, force: true})
|> Enum.all?(fn |> Enum.all?(fn
{key, url} when key in [:avatar, :avatar_static, :header, :header_static] -> {key, url} when key in [:avatar, :avatar_static, :header, :header_static] ->
String.starts_with?(url, Pleroma.Web.base_url()) String.starts_with?(url, Pleroma.Web.base_url())

View File

@ -177,7 +177,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
id: to_string(note.id), id: to_string(note.id),
uri: object_data["id"], uri: object_data["id"],
url: Pleroma.Web.Router.Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, note), url: Pleroma.Web.Router.Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, note),
account: AccountView.render("show.json", %{user: user}), account: AccountView.render("show.json", %{user: user, force: true}),
in_reply_to_id: nil, in_reply_to_id: nil,
in_reply_to_account_id: nil, in_reply_to_account_id: nil,
card: nil, card: nil,

View File

@ -332,5 +332,27 @@ defmodule Pleroma.Web.PleromaAPI.ChatControllerTest do
chat_1.id |> to_string() chat_1.id |> to_string()
] ]
end end
test "it is not affected by :restrict_unauthenticated setting (issue #1973)", %{
conn: conn,
user: user
} do
clear_config([:restrict_unauthenticated, :profiles, :local], true)
clear_config([:restrict_unauthenticated, :profiles, :remote], true)
user2 = insert(:user)
user3 = insert(:user, local: false)
{:ok, _chat_12} = Chat.get_or_create(user.id, user2.ap_id)
{:ok, _chat_13} = Chat.get_or_create(user.id, user3.ap_id)
result =
conn
|> get("/api/v1/pleroma/chats")
|> json_response_and_validate_schema(200)
account_ids = Enum.map(result, &get_in(&1, ["account", "id"]))
assert Enum.sort(account_ids) == Enum.sort([user2.id, user3.id])
end
end end
end end

View File

@ -26,7 +26,7 @@ defmodule Pleroma.Web.PleromaAPI.ChatViewTest do
assert represented_chat == %{ assert represented_chat == %{
id: "#{chat.id}", id: "#{chat.id}",
account: AccountView.render("show.json", user: recipient), account: AccountView.render("show.json", user: recipient, force: true),
unread: 0, unread: 0,
last_message: nil, last_message: nil,
updated_at: Utils.to_masto_date(chat.updated_at) updated_at: Utils.to_masto_date(chat.updated_at)

View File

@ -4,11 +4,11 @@
defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
use Pleroma.DataCase use Pleroma.DataCase
alias Pleroma.Repo alias Pleroma.Repo
alias Pleroma.Tests.ObanHelpers alias Pleroma.Tests.ObanHelpers
alias Pleroma.User alias Pleroma.User
alias Pleroma.UserInviteToken alias Pleroma.UserInviteToken
alias Pleroma.Web.MastodonAPI.AccountView
alias Pleroma.Web.TwitterAPI.TwitterAPI alias Pleroma.Web.TwitterAPI.TwitterAPI
setup_all do setup_all do
@ -27,13 +27,10 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("lain") assert user == User.get_cached_by_nickname("lain")
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
end end
test "it registers a new user with empty string in bio and returns the user." do test "it registers a new user with empty string in bio and returns the user" do
data = %{ data = %{
:username => "lain", :username => "lain",
:email => "lain@wired.jp", :email => "lain@wired.jp",
@ -45,10 +42,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("lain") assert user == User.get_cached_by_nickname("lain")
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
end end
test "it sends confirmation email if :account_activation_required is specified in instance config" do test "it sends confirmation email if :account_activation_required is specified in instance config" do
@ -134,13 +128,10 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("vinny") assert user == User.get_cached_by_nickname("vinny")
invite = Repo.get_by(UserInviteToken, token: invite.token) invite = Repo.get_by(UserInviteToken, token: invite.token)
assert invite.used == true assert invite.used == true
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
end end
test "returns error on invalid token" do test "returns error on invalid token" do
@ -197,10 +188,8 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
check_fn = fn invite -> check_fn = fn invite ->
data = Map.put(data, :token, invite.token) data = Map.put(data, :token, invite.token)
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("vinny")
assert AccountView.render("show.json", %{user: user}) == assert user == User.get_cached_by_nickname("vinny")
AccountView.render("show.json", %{user: fetched_user})
end end
{:ok, data: data, check_fn: check_fn} {:ok, data: data, check_fn: check_fn}
@ -260,14 +249,11 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
} }
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("vinny") assert user == User.get_cached_by_nickname("vinny")
invite = Repo.get_by(UserInviteToken, token: invite.token) invite = Repo.get_by(UserInviteToken, token: invite.token)
assert invite.used == true assert invite.used == true
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
data = %{ data = %{
:username => "GrimReaper", :username => "GrimReaper",
:email => "death@reapers.afterlife", :email => "death@reapers.afterlife",
@ -302,13 +288,10 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
} }
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("vinny") assert user == User.get_cached_by_nickname("vinny")
invite = Repo.get_by(UserInviteToken, token: invite.token) invite = Repo.get_by(UserInviteToken, token: invite.token)
refute invite.used refute invite.used
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
end end
test "error after max uses" do test "error after max uses" do
@ -327,13 +310,11 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
} }
{:ok, user} = TwitterAPI.register_user(data) {:ok, user} = TwitterAPI.register_user(data)
fetched_user = User.get_cached_by_nickname("vinny") assert user == User.get_cached_by_nickname("vinny")
invite = Repo.get_by(UserInviteToken, token: invite.token) invite = Repo.get_by(UserInviteToken, token: invite.token)
assert invite.used == true assert invite.used == true
assert AccountView.render("show.json", %{user: user}) ==
AccountView.render("show.json", %{user: fetched_user})
data = %{ data = %{
:username => "GrimReaper", :username => "GrimReaper",
:email => "death@reapers.afterlife", :email => "death@reapers.afterlife",