Merge branch 'dtluna/pleroma-bugfix/deny-self-repeats' into develop

This commit is contained in:
Roger Braun 2017-04-26 08:56:34 +02:00
commit fb5cebc1b5
2 changed files with 23 additions and 8 deletions

View File

@ -163,12 +163,17 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
def retweet(%{assigns: %{user: user}} = conn, %{"id" => id}) do def retweet(%{assigns: %{user: user}} = conn, %{"id" => id}) do
activity = Repo.get(Activity, id) activity = Repo.get(Activity, id)
if activity.data["actor"] == user.ap_id do
bad_request_reply(conn, "You cannot repeat your own notice.")
else
{:ok, status} = TwitterAPI.retweet(user, activity) {:ok, status} = TwitterAPI.retweet(user, activity)
response = Poison.encode!(status) response = Poison.encode!(status)
conn conn
|> json_reply(200, response) |> json_reply(200, response)
end end
end
def register(conn, params) do def register(conn, params) do
with {:ok, user} <- TwitterAPI.register_user(params) do with {:ok, user} <- TwitterAPI.register_user(params) do

View File

@ -331,11 +331,21 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
test "with credentials", %{conn: conn, user: current_user} do test "with credentials", %{conn: conn, user: current_user} do
note_activity = insert(:note_activity) note_activity = insert(:note_activity)
conn = conn request_path = "/api/statuses/retweet/#{note_activity.id}.json"
|> with_credentials(current_user.nickname, "test")
|> post("/api/statuses/retweet/#{note_activity.id}.json")
assert json_response(conn, 200) user = Repo.get_by(User, ap_id: note_activity.data["actor"])
response = conn
|> with_credentials(user.nickname, "test")
|> post(request_path)
assert json_response(response, 400) == %{"error" => "You cannot repeat your own notice.",
"request" => request_path}
response = conn
|> with_credentials(current_user.nickname, "test")
|> post(request_path)
activity = Repo.get(Activity, note_activity.id)
activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
assert json_response(response, 200) == ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
end end
end end