Merge branch 'security/remote-follow-commonapi' into 'develop'

twitter api: utils: rework do_remote_follow() to use CommonAPI

Closes #1138

See merge request pleroma/pleroma!1506
This commit is contained in:
kaniini 2019-07-29 20:10:59 +00:00
commit 677df5ceb3

View File

@ -15,7 +15,6 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
alias Pleroma.Plugs.AuthenticationPlug alias Pleroma.Plugs.AuthenticationPlug
alias Pleroma.User alias Pleroma.User
alias Pleroma.Web alias Pleroma.Web
alias Pleroma.Web.ActivityPub.ActivityPub
alias Pleroma.Web.CommonAPI alias Pleroma.Web.CommonAPI
alias Pleroma.Web.WebFinger alias Pleroma.Web.WebFinger
@ -100,8 +99,7 @@ def do_remote_follow(conn, %{
with %User{} = user <- User.get_cached_by_nickname(username), with %User{} = user <- User.get_cached_by_nickname(username),
true <- AuthenticationPlug.checkpw(password, user.password_hash), true <- AuthenticationPlug.checkpw(password, user.password_hash),
%User{} = _followed <- User.get_cached_by_id(id), %User{} = _followed <- User.get_cached_by_id(id),
{:ok, follower} <- User.follow(user, followee), {:ok, _follower, _followee, _activity} <- CommonAPI.follow(user, followee) do
{:ok, _activity} <- ActivityPub.follow(follower, followee) do
conn conn
|> render("followed.html", %{error: false}) |> render("followed.html", %{error: false})
else else
@ -122,8 +120,7 @@ def do_remote_follow(conn, %{
def do_remote_follow(%{assigns: %{user: user}} = conn, %{"user" => %{"id" => id}}) do def do_remote_follow(%{assigns: %{user: user}} = conn, %{"user" => %{"id" => id}}) do
with %User{} = followee <- User.get_cached_by_id(id), with %User{} = followee <- User.get_cached_by_id(id),
{:ok, follower} <- User.follow(user, followee), {:ok, _follower, _followee, _activity} <- CommonAPI.follow(user, followee) do
{:ok, _activity} <- ActivityPub.follow(follower, followee) do
conn conn
|> render("followed.html", %{error: false}) |> render("followed.html", %{error: false})
else else