From 63739c5a58ccb65dd4a63019b270429d5a462e71 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 18 Feb 2021 17:23:17 -0600 Subject: [PATCH] Tests to validate client disclosure obeys user setting --- .../controllers/status_controller.ex | 10 ++++++--- .../controllers/status_controller_test.exs | 22 +++++++++++++++++-- 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index 2e63c8869..2655d6b6e 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -420,9 +420,13 @@ def bookmarks(%{assigns: %{user: user}} = conn, params) do ) end - defp put_application(params, %{assigns: %{token: %Token{} = token}} = _conn) do - %{client_name: client_name, website: website} = Repo.preload(token, :app).app - Map.put(params, :application, %{name: client_name, website: website}) + defp put_application(params, %{assigns: %{token: %Token{user: %User{} = user} = token}} = _conn) do + if user.disclose_client do + %{client_name: client_name, website: website} = Repo.preload(token, :app).app + Map.put(params, :application, %{name: client_name, website: website}) + else + Map.put(params, :application, nil) + end end defp put_application(params, _), do: Map.put(params, :application, nil) diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index 1ca829544..bae2ad4bf 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -358,8 +358,9 @@ test "posting a direct status", %{conn: conn} do assert activity.data["cc"] == [] end - test "preserves client application metadata" do - %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"]) + test "discloses application metadata when enabled" do + user = insert(:user, disclose_client: true) + %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"], user: user) %Pleroma.Web.OAuth.Token{ app: %Pleroma.Web.OAuth.App{ @@ -383,6 +384,23 @@ test "preserves client application metadata" do } } = json_response_and_validate_schema(result, 200) end + + test "hides application metadata when disabled" do + user = insert(:user, disclose_client: false) + %{user: _user, token: _token, conn: conn} = oauth_access(["write:statuses"], user: user) + + result = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/statuses", %{ + "status" => "club mate is my wingman" + }) + + assert %{ + "content" => "club mate is my wingman", + "application" => nil + } = json_response_and_validate_schema(result, 200) + end end describe "posting scheduled statuses" do