diff options
| author | eugenijm <eugenijm@protonmail.com> | 2020-04-27 17:41:38 +0300 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2020-05-02 19:05:13 +0300 |
| commit | 66a8e1312dc82fa755a635984f89a5314917d209 (patch) | |
| tree | 3fc0c1647d954227604268d7dd94e8cdad16bf3c | |
| parent | e55876409b523d81bc19db876bc90f29ba80a47c (diff) | |
Mastodon API: do not create a following relationship if the corresponding follow request doesn't exist when calling `POST /api/v1/follow_requests/:id/authorize`
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | lib/pleroma/web/common_api/common_api.ex | 4 | ||||
| -rw-r--r-- | test/web/common_api/common_api_test.exs | 8 |
3 files changed, 11 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 97704917d..54a0561b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -41,6 +41,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Logger configuration through AdminFE - HTTP Basic Authentication permissions issue - ObjectAgePolicy didn't filter out old messages +- Mastodon API: do not create a following relationship if the corresponding follow request doesn't exist when calling `POST /api/v1/follow_requests/:id/authorize` ### Added - NodeInfo: ObjectAgePolicy settings to the `federation` list. diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 4618b4bbf..f9db97d24 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -43,8 +43,8 @@ defmodule Pleroma.Web.CommonAPI do end def accept_follow_request(follower, followed) do - with {:ok, follower} <- User.follow(follower, followed), - %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed), + with %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed), + {:ok, follower} <- User.follow(follower, followed), {:ok, follow_activity} <- Utils.update_follow_state_for_all(follow_activity, "accept"), {:ok, _relationship} <- FollowingRelationship.update(follower, followed, :follow_accept), {:ok, _activity} <- diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index c6ccc02c4..bc0c1a791 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -697,6 +697,14 @@ defmodule Pleroma.Web.CommonAPITest do assert Repo.get(Activity, follow_activity_two.id).data["state"] == "reject" assert Repo.get(Activity, follow_activity_three.id).data["state"] == "pending" end + + test "doesn't create a following relationship if the corresponding follow request doesn't exist" do + user = insert(:user, locked: true) + not_follower = insert(:user) + CommonAPI.accept_follow_request(not_follower, user) + + assert Pleroma.FollowingRelationship.following?(not_follower, user) == false + end end describe "vote/3" do |