added code of mr#2067
This commit is contained in:
parent
bdd71669da
commit
933dc12043
@ -16,7 +16,12 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do
|
||||
|
||||
@status_types ["Article", "Event", "Note", "Video", "Page", "Question"]
|
||||
|
||||
plug(OAuthScopesPlug, %{scopes: ["follow", "write:follows"]} when action in [:do_follow])
|
||||
# Note: follower can submit the form (with password auth) not being signed in (having no token)
|
||||
plug(
|
||||
OAuthScopesPlug,
|
||||
%{fallback: :proceed_unauthenticated, scopes: ["follow", "write:follows"]}
|
||||
when action in [:do_follow]
|
||||
)
|
||||
|
||||
# GET /ostatus_subscribe
|
||||
#
|
||||
@ -61,6 +66,16 @@ defp is_status?(acct) do
|
||||
|
||||
# POST /ostatus_subscribe
|
||||
#
|
||||
def do_follow(%{assigns: %{user: %User{} = user}} = conn, %{"user" => %{"id" => id}}) do
|
||||
with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)},
|
||||
{:ok, _, _, _} <- CommonAPI.follow(user, followee) do
|
||||
render(conn, "followed.html", %{error: false})
|
||||
else
|
||||
error ->
|
||||
handle_follow_error(conn, error)
|
||||
end
|
||||
end
|
||||
|
||||
def do_follow(conn, %{"authorization" => %{"name" => _, "password" => _, "id" => id}}) do
|
||||
with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)},
|
||||
{_, {:ok, user}, _} <- {:auth, Authenticator.get_user(conn), followee},
|
||||
@ -72,14 +87,9 @@ def do_follow(conn, %{"authorization" => %{"name" => _, "password" => _, "id" =>
|
||||
end
|
||||
end
|
||||
|
||||
def do_follow(%{assigns: %{user: user}} = conn, %{"user" => %{"id" => id}}) do
|
||||
with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)},
|
||||
{:ok, _, _, _} <- CommonAPI.follow(user, followee) do
|
||||
render(conn, "followed.html", %{error: false})
|
||||
else
|
||||
error ->
|
||||
handle_follow_error(conn, error)
|
||||
end
|
||||
def do_follow(%{assigns: %{user: nil}} = conn, _) do
|
||||
Logger.debug("Insufficient permissions: follow | write:follows.")
|
||||
render(conn, "followed.html", %{error: "Insufficient permissions: follow | write:follows."})
|
||||
end
|
||||
|
||||
defp handle_follow_error(conn, {:auth, _, followee} = _) do
|
||||
|
@ -70,7 +70,24 @@ test "show follow page with error when user cannot fecth by `acct` link", %{conn
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST /ostatus_subscribe - do_remote_follow/2 with assigned user " do
|
||||
describe "POST /ostatus_subscribe - do_follow/2 with assigned user " do
|
||||
test "required `follow | write:follows` scope", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
user2 = insert(:user)
|
||||
read_token = insert(:oauth_token, user: user, scopes: ["read"])
|
||||
|
||||
assert capture_log(fn ->
|
||||
response =
|
||||
conn
|
||||
|> assign(:user, user)
|
||||
|> assign(:token, read_token)
|
||||
|> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => user2.id}})
|
||||
|> response(200)
|
||||
|
||||
assert response =~ "Error following account"
|
||||
end) =~ "Insufficient permissions: follow | write:follows."
|
||||
end
|
||||
|
||||
test "follows user", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
user2 = insert(:user)
|
||||
@ -141,7 +158,7 @@ test "returns success result when user already in followers", %{conn: conn} do
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST /ostatus_subscribe - do_remote_follow/2 without assigned user " do
|
||||
describe "POST /ostatus_subscribe - follow/2 without assigned user " do
|
||||
test "follows", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
user2 = insert(:user)
|
||||
|
Loading…
Reference in New Issue
Block a user