ActivityPub controller: do not render remote users

This commit is contained in:
rinpatch 2019-11-25 17:19:33 +03:00
parent 9f29930440
commit 02f7383891
2 changed files with 15 additions and 1 deletions

View file

@ -45,7 +45,7 @@ def relay_active?(conn, _) do
end
def user(conn, %{"nickname" => nickname}) do
with %User{} = user <- User.get_cached_by_nickname(nickname),
with %User{local: true} = user <- User.get_cached_by_nickname(nickname),
{:ok, user} <- User.ensure_keys_present(user) do
conn
|> put_resp_content_type("application/activity+json")
@ -53,6 +53,7 @@ def user(conn, %{"nickname" => nickname}) do
|> render("user.json", %{user: user})
else
nil -> {:error, :not_found}
%{local: false} -> {:error, :not_found}
end
end

View file

@ -110,6 +110,19 @@ test "it returns a json representation of the user with accept application/ld+js
assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
end
test "it returns 404 for remote users", %{
conn: conn
} do
user = insert(:user, local: false, nickname: "remoteuser@example.com")
conn =
conn
|> put_req_header("accept", "application/json")
|> get("/users/#{user.nickname}.json")
assert json_response(conn, 404)
end
end
describe "/object/:uuid" do