Skip to content
Snippets Groups Projects
Commit 64620d89 authored by kaniini's avatar kaniini
Browse files

activitypub: user view: do not expose oAuth endpoints for instance users

parent d54c4839
Branches
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/pleroma/web/activity_pub/views/user_view.ex
+ 5
1
View file @ 64620d89
......@@ -17,7 +17,11 @@ defmodule Pleroma.Web.ActivityPub.UserView do
import Ecto.Query
def render("endpoints.json", %{user: %User{nickname: _nickname, local: true} = _user}) do
def render("endpoints.json", %{user: %User{nickname: nil, local: true} = _user}) do
%{"sharedInbox" => Helpers.activity_pub_url(Endpoint, :inbox)}
end
def render("endpoints.json", %{user: %User{local: true} = _user}) do
%{
"oauthAuthorizationEndpoint" => Helpers.o_auth_url(Endpoint, :authorize),
"oauthRegistrationEndpoint" => Helpers.mastodon_api_url(Endpoint, :create_app),
......
test/web/activity_pub/views/user_view_test.exs
+ 11
0
View file @ 64620d89
......@@ -42,5 +42,16 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do
assert result["id"] == user.ap_id
assert result["endpoints"] == %{}
end
test "instance users do not expose oAuth endpoints" do
user = insert(:user, nickname: nil, local: true)
{:ok, user} = Pleroma.Web.WebFinger.ensure_keys_present(user)
result = UserView.render("user.json", %{user: user})
refute result["endpoints"]["oauthAuthorizationEndpoint"]
refute result["endpoints"]["oauthRegistrationEndpoint"]
refute result["endpoints"]["oauthTokenEndpoint"]
end
end
end
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment