From b4139cc5472079a34f0256ac9991a0222844d44c Mon Sep 17 00:00:00 2001
From: Ivan Tashkinov <ivantashkinov@gmail.com>
Date: Fri, 24 Apr 2020 22:25:27 +0300
Subject: [#2409] Made `GET /api/v1/accounts/:id/favourites` auth-optional,
 adjusted tests.

---
 lib/pleroma/web/mastodon_api/controllers/status_controller.ex | 2 +-
 lib/pleroma/web/pleroma_api/controllers/account_controller.ex | 5 ++++-
 lib/pleroma/web/router.ex                                     | 7 ++++++-
 3 files changed, 11 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
index 4fa9a2120..45601ff59 100644
--- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
@@ -357,7 +357,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
   end
 
   @doc "GET /api/v1/favourites"
-  def favourites(%{assigns: %{user: user}} = conn, params) do
+  def favourites(%{assigns: %{user: %User{} = user}} = conn, params) do
     activities =
       ActivityPub.fetch_favourites(
         user,
diff --git a/lib/pleroma/web/pleroma_api/controllers/account_controller.ex b/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
index 237c8157e..be7477867 100644
--- a/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
@@ -39,7 +39,10 @@ defmodule Pleroma.Web.PleromaAPI.AccountController do
          ]
   )
 
-  plug(OAuthScopesPlug, %{scopes: ["read:favourites"]} when action == :favourites)
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["read:favourites"], fallback: :proceed_unauthenticated} when action == :favourites
+  )
 
   plug(RateLimiter, [name: :account_confirmation_resend] when action == :confirmation_resend)
 
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 57efc3314..becce3098 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -312,10 +312,14 @@ defmodule Pleroma.Web.Router do
       post("/scrobble", ScrobbleController, :new_scrobble)
     end
 
+    scope [] do
+      pipe_through(:api)
+      get("/accounts/:id/favourites", AccountController, :favourites)
+    end
+
     scope [] do
       pipe_through(:authenticated_api)
 
-      get("/accounts/:id/favourites", AccountController, :favourites)
       post("/accounts/:id/subscribe", AccountController, :subscribe)
       post("/accounts/:id/unsubscribe", AccountController, :unsubscribe)
     end
@@ -404,6 +408,7 @@ defmodule Pleroma.Web.Router do
     put("/scheduled_statuses/:id", ScheduledActivityController, :update)
     delete("/scheduled_statuses/:id", ScheduledActivityController, :delete)
 
+    # Unlike `GET /api/v1/accounts/:id/favourites`, demands authentication
     get("/favourites", StatusController, :favourites)
     get("/bookmarks", StatusController, :bookmarks)
 
-- 
cgit v1.2.3