[FIX] [#1732] Made AP C2S :followers and :following endpoints serve on no auth (!2463) · Merge requests · Pleroma / pleroma

Ivan Tashkinov requested to merge fix/1732-authless-following-followers into develop May 02, 2020

As for related :api pipeline endpoints, :followers and :following endpoints should be accessible on no auth.

Issue details:

ActivityPub.fetch_follow_information_for_user/1 calls:

Fetcher.fetch_and_contain_remote_object_from_id(user.following_address)
Fetcher.fetch_and_contain_remote_object_from_id(user.follower_address)

Those sign the fetch but only if Pleroma.Config.get([:activitypub, :sign_object_fetches]) is tru-ish. So, we shouldn't rely on signature presence here. The signature is ignored anyways if present since the above routes do not go through plug(:http_signature).

So, providing auth-less access to the above endpoints.

Edited May 02, 2020 by Ivan Tashkinov

[FIX] [#1732] Made AP C2S :followers and :following endpoints serve on no auth

Merge request reports