From 88d8b6e5776abb5d28484b8543c7b022e71c1b3f Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Wed, 30 Dec 2020 12:38:34 -0800 Subject: [PATCH 1/2] Cleans up outbox function --- bookwyrm/outgoing.py | 13 +++++-------- bookwyrm/tests/test_outgoing.py | 26 +++++++++++++++++++++++++- 2 files changed, 30 insertions(+), 9 deletions(-) diff --git a/bookwyrm/outgoing.py b/bookwyrm/outgoing.py index 00154cf4..73c1f92a 100644 --- a/bookwyrm/outgoing.py +++ b/bookwyrm/outgoing.py @@ -2,8 +2,10 @@ import re from django.db import IntegrityError, transaction -from django.http import HttpResponseNotFound, JsonResponse +from django.http import JsonResponse +from django.shortcuts import get_object_or_404 from django.views.decorators.csrf import csrf_exempt +from django.views.decorators.http import require_GET from markdown import markdown from requests import HTTPError @@ -20,15 +22,10 @@ from bookwyrm.utils import regex @csrf_exempt +@require_GET def outbox(request, username): ''' outbox for the requested user ''' - if request.method != 'GET': - return HttpResponseNotFound() - - try: - user = models.User.objects.get(localname=username) - except models.User.DoesNotExist: - return HttpResponseNotFound() + user = get_object_or_404(models.User, localname=username) # collection overview return JsonResponse( diff --git a/bookwyrm/tests/test_outgoing.py b/bookwyrm/tests/test_outgoing.py index 2c1d119c..03bcb99b 100644 --- a/bookwyrm/tests/test_outgoing.py +++ b/bookwyrm/tests/test_outgoing.py @@ -3,7 +3,9 @@ import json import pathlib from unittest.mock import patch +from django.http import JsonResponse from django.test import TestCase +from django.test.client import RequestFactory import responses from bookwyrm import models, outgoing @@ -14,6 +16,7 @@ class Outgoing(TestCase): ''' sends out activities ''' def setUp(self): ''' we'll need some data ''' + self.factory = RequestFactory() with patch('bookwyrm.models.user.set_remote_server'): self.remote_user = models.User.objects.create_user( 'rat', 'rat@rat.com', 'ratword', @@ -24,7 +27,7 @@ class Outgoing(TestCase): ) self.local_user = models.User.objects.create_user( 'mouse', 'mouse@mouse.com', 'mouseword', local=True, - remote_id='https://example.com/users/mouse', + localname='mouse', remote_id='https://example.com/users/mouse', ) datafile = pathlib.Path(__file__).parent.joinpath( @@ -46,6 +49,27 @@ class Outgoing(TestCase): ) + def test_outbox(self): + ''' returns user's statuses ''' + request = self.factory.get('') + result = outgoing.outbox(request, 'mouse') + self.assertIsInstance(result, JsonResponse) + + def test_outbox_bad_method(self): + ''' can't POST to outbox ''' + request = self.factory.post('') + result = outgoing.outbox(request, 'mouse') + self.assertEqual(result.status_code, 405) + + def test_outbox_unknown_user(self): + ''' should 404 for unknown and remote users ''' + request = self.factory.post('') + result = outgoing.outbox(request, 'beepboop') + self.assertEqual(result.status_code, 405) + result = outgoing.outbox(request, 'rat') + self.assertEqual(result.status_code, 405) + + def test_handle_follow(self): ''' send a follow request ''' self.assertEqual(models.UserFollowRequest.objects.count(), 0) From babc604397e95278f767bc5eb764ba7e1273897f Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Wed, 30 Dec 2020 12:41:19 -0800 Subject: [PATCH 2/2] Fixes outbox privacy --- bookwyrm/models/user.py | 1 + bookwyrm/outgoing.py | 1 - bookwyrm/tests/test_outgoing.py | 18 ++++++++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/bookwyrm/models/user.py b/bookwyrm/models/user.py index 30eeffbc..cf6dd3b2 100644 --- a/bookwyrm/models/user.py +++ b/bookwyrm/models/user.py @@ -111,6 +111,7 @@ class User(OrderedCollectionPageMixin, AbstractUser): queryset = Status.objects.filter( user=self, deleted=False, + privacy__in=['public', 'unlisted'], ).select_subclasses().order_by('-published_date') return self.to_ordered_collection(queryset, \ remote_id=self.outbox, **kwargs) diff --git a/bookwyrm/outgoing.py b/bookwyrm/outgoing.py index 73c1f92a..de2a4cbe 100644 --- a/bookwyrm/outgoing.py +++ b/bookwyrm/outgoing.py @@ -27,7 +27,6 @@ def outbox(request, username): ''' outbox for the requested user ''' user = get_object_or_404(models.User, localname=username) - # collection overview return JsonResponse( user.to_outbox(**request.GET), encoder=activitypub.ActivityEncoder diff --git a/bookwyrm/tests/test_outgoing.py b/bookwyrm/tests/test_outgoing.py index 03bcb99b..b89e75f6 100644 --- a/bookwyrm/tests/test_outgoing.py +++ b/bookwyrm/tests/test_outgoing.py @@ -69,6 +69,24 @@ class Outgoing(TestCase): result = outgoing.outbox(request, 'rat') self.assertEqual(result.status_code, 405) + def test_outbox_privacy(self): + ''' don't show dms et cetera in outbox ''' + models.Status.objects.create( + content='PRIVATE!!', user=self.local_user, privacy='direct') + models.Status.objects.create( + content='bffs ONLY', user=self.local_user, privacy='followers') + models.Status.objects.create( + content='unlisted status', user=self.local_user, privacy='unlisted') + models.Status.objects.create( + content='look at this', user=self.local_user, privacy='public') + + request = self.factory.get('') + result = outgoing.outbox(request, 'mouse') + self.assertIsInstance(result, JsonResponse) + data = json.loads(result.content) + self.assertEqual(data['type'], 'OrderedCollection') + self.assertEqual(data['totalItems'], 2) + def test_handle_follow(self): ''' send a follow request '''