Allow profile fetching for authenticated users only.

This commit is contained in:
eal 2017-11-07 00:33:44 +02:00
parent ed1eb5deea
commit f85566324e
2 changed files with 6 additions and 3 deletions

View file

@ -138,7 +138,6 @@ def user_fetcher(username) do
get "/search", TwitterAPI.Controller, :search
get "/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline
get "/externalprofile/show", TwitterAPI.Controller, :external_profile
end
scope "/api", Pleroma.Web do
@ -176,6 +175,8 @@ def user_fetcher(username) do
get "/statuses/followers", TwitterAPI.Controller, :followers
get "/statuses/friends", TwitterAPI.Controller, :friends
get "/externalprofile/show", TwitterAPI.Controller, :external_profile
end
pipeline :ostatus do

View file

@ -405,11 +405,13 @@ test "it returns errors on a problem", %{conn: conn} do
describe "GET /api/externalprofile/show" do
test "it returns the user", %{conn: conn} do
user = insert(:user)
other_user = insert(:user)
conn = conn
|> get("/api/externalprofile/show", %{profileurl: user.ap_id})
|> assign(:user, user)
|> get("/api/externalprofile/show", %{profileurl: other_user.ap_id})
assert json_response(conn, 200) == UserView.render("show.json", %{user: user})
assert json_response(conn, 200) == UserView.render("show.json", %{user: other_user})
end
end