activitypub: user view: do not expose oAuth endpoints for instance users

author: William Pitcock <nenolod@dereferenced.org> 2019-02-14 02:41:21 +0000
committer: William Pitcock <nenolod@dereferenced.org> 2019-02-14 02:41:21 +0000
commit: 64620d8980e3e93791d3f880296be2060ffc4d39 (patch)
tree: e6721b1a57d96da6781373e0356c2ad7324683e0 /test
parent: d54c483964692e1ca6b813d6b35a0635d3c0abf9 (diff)
download: pleroma-64620d8980e3e93791d3f880296be2060ffc4d39.tar.gz
pleroma-64620d8980e3e93791d3f880296be2060ffc4d39.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/test/web/activity_pub/views/user_view_test.exs b/test/web/activity_pub/views/user_view_test.exs
index 95d736c50..0bc1d4728 100644
--- a/test/web/activity_pub/views/user_view_test.exs
+++ b/test/web/activity_pub/views/user_view_test.exs
@@ -42,5 +42,16 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do
       assert result["id"] == user.ap_id
       assert result["endpoints"] == %{}
     end
+
+    test "instance users do not expose oAuth endpoints" do
+      user = insert(:user, nickname: nil, local: true)
+      {:ok, user} = Pleroma.Web.WebFinger.ensure_keys_present(user)
+
+      result = UserView.render("user.json", %{user: user})
+
+      refute result["endpoints"]["oauthAuthorizationEndpoint"]
+      refute result["endpoints"]["oauthRegistrationEndpoint"]
+      refute result["endpoints"]["oauthTokenEndpoint"]
+    end
   end
 end
author	William Pitcock <nenolod@dereferenced.org>	2019-02-14 02:41:21 +0000
committer	William Pitcock <nenolod@dereferenced.org>	2019-02-14 02:41:21 +0000
commit	64620d8980e3e93791d3f880296be2060ffc4d39 (patch)
tree	e6721b1a57d96da6781373e0356c2ad7324683e0 /test
parent	d54c483964692e1ca6b813d6b35a0635d3c0abf9 (diff)
download	pleroma-64620d8980e3e93791d3f880296be2060ffc4d39.tar.gz pleroma-64620d8980e3e93791d3f880296be2060ffc4d39.zip