From 7bd0bca2abadb96aa13ace36b968d57872681f7a Mon Sep 17 00:00:00 2001
From: Maksim Pechnikov <parallel588@gmail.com>
Date: Fri, 20 Dec 2019 16:33:44 +0300
Subject: fixed remote follow

---
 lib/pleroma/web/activity_pub/publisher.ex | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib')

diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex
index 4073d3d63..0cc8fab27 100644
--- a/lib/pleroma/web/activity_pub/publisher.ex
+++ b/lib/pleroma/web/activity_pub/publisher.ex
@@ -264,6 +264,10 @@ defmodule Pleroma.Web.ActivityPub.Publisher do
         "rel" => "self",
         "type" => "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"",
         "href" => user.ap_id
+      },
+      %{
+        "rel" => "http://ostatus.org/schema/1.0/subscribe",
+        "template" => "#{Pleroma.Web.base_url()}/ostatus_subscribe?acct={uri}"
       }
     ]
   end
-- 
cgit v1.2.3


From 5b8415601346447b9a66b1eabfc7538191892a76 Mon Sep 17 00:00:00 2001
From: Maksim Pechnikov <parallel588@gmail.com>
Date: Fri, 20 Dec 2019 16:34:14 +0300
Subject: moved remote follow in separate controller

---
 lib/pleroma/web/router.ex                          |   4 +-
 .../twitter_api/remote_follow/follow.html.eex      |  11 +++
 .../remote_follow/follow_login.html.eex            |  14 +++
 .../twitter_api/remote_follow/followed.html.eex    |   6 ++
 .../web/templates/twitter_api/util/follow.html.eex |  11 ---
 .../twitter_api/util/follow_login.html.eex         |  14 ---
 .../templates/twitter_api/util/followed.html.eex   |   6 --
 .../controllers/remote_follow_controller.ex        | 102 +++++++++++++++++++++
 .../web/twitter_api/controllers/util_controller.ex |  91 ------------------
 .../web/twitter_api/views/remote_follow_view.ex    |  10 ++
 10 files changed, 145 insertions(+), 124 deletions(-)
 create mode 100644 lib/pleroma/web/templates/twitter_api/remote_follow/follow.html.eex
 create mode 100644 lib/pleroma/web/templates/twitter_api/remote_follow/follow_login.html.eex
 create mode 100644 lib/pleroma/web/templates/twitter_api/remote_follow/followed.html.eex
 delete mode 100644 lib/pleroma/web/templates/twitter_api/util/follow.html.eex
 delete mode 100644 lib/pleroma/web/templates/twitter_api/util/follow_login.html.eex
 delete mode 100644 lib/pleroma/web/templates/twitter_api/util/followed.html.eex
 create mode 100644 lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex
 create mode 100644 lib/pleroma/web/twitter_api/views/remote_follow_view.ex

(limited to 'lib')

diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index f6c128283..9654ab8a3 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -229,9 +229,9 @@ defmodule Pleroma.Web.Router do
     pipe_through(:pleroma_html)
 
     post("/main/ostatus", UtilController, :remote_subscribe)
-    get("/ostatus_subscribe", UtilController, :remote_follow)
+    get("/ostatus_subscribe", RemoteFollowController, :follow)
 
-    post("/ostatus_subscribe", UtilController, :do_remote_follow)
+    post("/ostatus_subscribe", RemoteFollowController, :do_follow)
   end
 
   scope "/api/pleroma", Pleroma.Web.TwitterAPI do
diff --git a/lib/pleroma/web/templates/twitter_api/remote_follow/follow.html.eex b/lib/pleroma/web/templates/twitter_api/remote_follow/follow.html.eex
new file mode 100644
index 000000000..5ba192cd7
--- /dev/null
+++ b/lib/pleroma/web/templates/twitter_api/remote_follow/follow.html.eex
@@ -0,0 +1,11 @@
+<%= if @error == :error do %>
+    <h2>Error fetching user</h2>
+<% else %>
+    <h2>Remote follow</h2>
+    <img height="128" width="128" src="<%= avatar_url(@followee) %>">
+    <p><%= @followee.nickname %></p>
+    <%= form_for @conn, remote_follow_path(@conn, :do_follow), [as: "user"], fn f -> %>
+    <%= hidden_input f, :id, value: @followee.id %>
+    <%= submit "Authorize" %>
+    <% end %>
+<% end %>
diff --git a/lib/pleroma/web/templates/twitter_api/remote_follow/follow_login.html.eex b/lib/pleroma/web/templates/twitter_api/remote_follow/follow_login.html.eex
new file mode 100644
index 000000000..df44988ee
--- /dev/null
+++ b/lib/pleroma/web/templates/twitter_api/remote_follow/follow_login.html.eex
@@ -0,0 +1,14 @@
+<%= if @error do %>
+<h2><%= @error %></h2>
+<% end %>
+<h2>Log in to follow</h2>
+<p><%= @followee.nickname %></p>
+<img height="128" width="128" src="<%= avatar_url(@followee) %>">
+<%= form_for @conn, remote_follow_path(@conn, :do_follow), [as: "authorization"], fn f -> %>
+<%= text_input f, :name, placeholder: "Username", required: true %>
+<br>
+<%= password_input f, :password, placeholder: "Password", required: true %>
+<br>
+<%= hidden_input f, :id, value: @followee.id %>
+<%= submit "Authorize" %>
+<% end %>
diff --git a/lib/pleroma/web/templates/twitter_api/remote_follow/followed.html.eex b/lib/pleroma/web/templates/twitter_api/remote_follow/followed.html.eex
new file mode 100644
index 000000000..da473d502
--- /dev/null
+++ b/lib/pleroma/web/templates/twitter_api/remote_follow/followed.html.eex
@@ -0,0 +1,6 @@
+<%= if @error do %>
+<p>Error following account</p>
+<% else %>
+<h2>Account followed!</h2>
+<% end %>
+
diff --git a/lib/pleroma/web/templates/twitter_api/util/follow.html.eex b/lib/pleroma/web/templates/twitter_api/util/follow.html.eex
deleted file mode 100644
index 06359fa6c..000000000
--- a/lib/pleroma/web/templates/twitter_api/util/follow.html.eex
+++ /dev/null
@@ -1,11 +0,0 @@
-<%= if @error == :error do %>
-    <h2>Error fetching user</h2>
-<% else %>
-    <h2>Remote follow</h2>
-    <img width="128" height="128" src="<%= @avatar %>">
-    <p><%= @name %></p>
-    <%= form_for @conn, util_path(@conn, :do_remote_follow), [as: "user"], fn f -> %>
-    <%= hidden_input f, :id, value: @id %>
-    <%= submit "Authorize" %>
-    <% end %>
-<% end %>
diff --git a/lib/pleroma/web/templates/twitter_api/util/follow_login.html.eex b/lib/pleroma/web/templates/twitter_api/util/follow_login.html.eex
deleted file mode 100644
index 4e3a2be67..000000000
--- a/lib/pleroma/web/templates/twitter_api/util/follow_login.html.eex
+++ /dev/null
@@ -1,14 +0,0 @@
-<%= if @error do %>
-    <h2><%= @error %></h2>
-<% end %>
-<h2>Log in to follow</h2>
-<p><%= @name %></p>
-<img height="128" width="128" src="<%= @avatar %>">
-<%= form_for @conn, util_path(@conn, :do_remote_follow), [as: "authorization"], fn f -> %>
-<%= text_input f, :name, placeholder: "Username" %>
-<br>
-<%= password_input f, :password, placeholder: "Password" %>
-<br>
-<%= hidden_input f, :id, value: @id %>
-<%= submit "Authorize" %>
-<% end %>
diff --git a/lib/pleroma/web/templates/twitter_api/util/followed.html.eex b/lib/pleroma/web/templates/twitter_api/util/followed.html.eex
deleted file mode 100644
index da473d502..000000000
--- a/lib/pleroma/web/templates/twitter_api/util/followed.html.eex
+++ /dev/null
@@ -1,6 +0,0 @@
-<%= if @error do %>
-<p>Error following account</p>
-<% else %>
-<h2>Account followed!</h2>
-<% end %>
-
diff --git a/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex b/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex
new file mode 100644
index 000000000..460a42566
--- /dev/null
+++ b/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex
@@ -0,0 +1,102 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do
+  use Pleroma.Web, :controller
+
+  require Logger
+
+  alias Pleroma.Activity
+  alias Pleroma.Object.Fetcher
+  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.User
+  alias Pleroma.Web.Auth.Authenticator
+  alias Pleroma.Web.CommonAPI
+
+  @status_types ["Article", "Event", "Note", "Video", "Page", "Question"]
+
+  plug(OAuthScopesPlug, %{scopes: ["follow", "write:follows"]} when action in [:do_follow])
+
+  # GET /ostatus_subscribe
+  #
+  def follow(%{assigns: %{user: user}} = conn, %{"acct" => acct}) do
+    case is_status?(acct) do
+      true -> follow_status(conn, user, acct)
+      _ -> follow_account(conn, user, acct)
+    end
+  end
+
+  defp follow_status(conn, _user, acct) do
+    with {:ok, object} <- Fetcher.fetch_object_from_id(acct),
+         %Activity{id: activity_id} <- Activity.get_create_by_object_ap_id(object.data["id"]) do
+      redirect(conn, to: "/notice/#{activity_id}")
+    else
+      error ->
+        handle_follow_error(conn, error)
+    end
+  end
+
+  defp follow_account(conn, user, acct) do
+    with {:ok, followee} <- User.get_or_fetch(acct) do
+      render(conn, follow_template(user), %{error: false, followee: followee, acct: acct})
+    else
+      {:error, _reason} ->
+        render(conn, follow_template(user), %{error: :error})
+    end
+  end
+
+  defp follow_template(%User{} = _user), do: "follow.html"
+  defp follow_template(_), do: "follow_login.html"
+
+  defp is_status?(acct) do
+    case Fetcher.fetch_and_contain_remote_object_from_id(acct) do
+      {:ok, %{"type" => type}} when type in @status_types ->
+        true
+
+      _ ->
+        false
+    end
+  end
+
+  # POST  /ostatus_subscribe
+  #
+  def do_follow(conn, %{"authorization" => %{"name" => _, "password" => _, "id" => id}}) do
+    with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)},
+         {_, {:ok, user}, _} <- {:auth, Authenticator.get_user(conn), followee},
+         {:ok, _, _, _} <- CommonAPI.follow(user, followee) do
+      render(conn, "followed.html", %{error: false})
+    else
+      error ->
+        handle_follow_error(conn, error)
+    end
+  end
+
+  def do_follow(%{assigns: %{user: user}} = conn, %{"user" => %{"id" => id}}) do
+    with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)},
+         {:ok, _, _, _} <- CommonAPI.follow(user, followee) do
+      render(conn, "followed.html", %{error: false})
+    else
+      error ->
+        handle_follow_error(conn, error)
+    end
+  end
+
+  defp handle_follow_error(conn, {:auth, _, followee} = _) do
+    render(conn, "follow_login.html", %{error: "Wrong username or password", followee: followee})
+  end
+
+  defp handle_follow_error(conn, {:fetch_user, error} = _) do
+    Logger.debug("Remote follow failed with error #{inspect(error)}")
+    render(conn, "followed.html", %{error: "Could not find user"})
+  end
+
+  defp handle_follow_error(conn, {:error, "Could not follow user:" <> _} = _) do
+    render(conn, "followed.html", %{error: "Error following account"})
+  end
+
+  defp handle_follow_error(conn, error) do
+    Logger.debug("Remote follow failed with error #{inspect(error)}")
+    render(conn, "followed.html", %{error: "Something went wrong."})
+  end
+end
diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
index 799dd17ae..a61f891c7 100644
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@@ -7,12 +7,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
 
   require Logger
 
-  alias Pleroma.Activity
   alias Pleroma.Config
   alias Pleroma.Emoji
   alias Pleroma.Healthcheck
   alias Pleroma.Notification
-  alias Pleroma.Plugs.AuthenticationPlug
   alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
   alias Pleroma.Web
@@ -77,95 +75,6 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
     end
   end
 
-  def remote_follow(%{assigns: %{user: user}} = conn, %{"acct" => acct}) do
-    if is_status?(acct) do
-      {:ok, object} = Pleroma.Object.Fetcher.fetch_object_from_id(acct)
-      %Activity{id: activity_id} = Activity.get_create_by_object_ap_id(object.data["id"])
-      redirect(conn, to: "/notice/#{activity_id}")
-    else
-      with {:ok, followee} <- User.get_or_fetch(acct) do
-        conn
-        |> render(follow_template(user), %{
-          error: false,
-          acct: acct,
-          avatar: User.avatar_url(followee),
-          name: followee.nickname,
-          id: followee.id
-        })
-      else
-        {:error, _reason} ->
-          render(conn, follow_template(user), %{error: :error})
-      end
-    end
-  end
-
-  defp follow_template(%User{} = _user), do: "follow.html"
-  defp follow_template(_), do: "follow_login.html"
-
-  defp is_status?(acct) do
-    case Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id(acct) do
-      {:ok, %{"type" => type}}
-      when type in ["Article", "Event", "Note", "Video", "Page", "Question"] ->
-        true
-
-      _ ->
-        false
-    end
-  end
-
-  def do_remote_follow(conn, %{
-        "authorization" => %{"name" => username, "password" => password, "id" => id}
-      }) do
-    with %User{} = followee <- User.get_cached_by_id(id),
-         {_, %User{} = user, _} <- {:auth, User.get_cached_by_nickname(username), followee},
-         {_, true, _} <- {
-           :auth,
-           AuthenticationPlug.checkpw(password, user.password_hash),
-           followee
-         },
-         {:ok, _follower, _followee, _activity} <- CommonAPI.follow(user, followee) do
-      conn
-      |> render("followed.html", %{error: false})
-    else
-      # Was already following user
-      {:error, "Could not follow user:" <> _rest} ->
-        render(conn, "followed.html", %{error: "Error following account"})
-
-      {:auth, _, followee} ->
-        conn
-        |> render("follow_login.html", %{
-          error: "Wrong username or password",
-          id: id,
-          name: followee.nickname,
-          avatar: User.avatar_url(followee)
-        })
-
-      e ->
-        Logger.debug("Remote follow failed with error #{inspect(e)}")
-        render(conn, "followed.html", %{error: "Something went wrong."})
-    end
-  end
-
-  def do_remote_follow(%{assigns: %{user: user}} = conn, %{"user" => %{"id" => id}}) do
-    with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)},
-         {:ok, _follower, _followee, _activity} <- CommonAPI.follow(user, followee) do
-      conn
-      |> render("followed.html", %{error: false})
-    else
-      # Was already following user
-      {:error, "Could not follow user:" <> _rest} ->
-        render(conn, "followed.html", %{error: "Error following account"})
-
-      {:fetch_user, error} ->
-        Logger.debug("Remote follow failed with error #{inspect(error)}")
-        render(conn, "followed.html", %{error: "Could not find user"})
-
-      e ->
-        Logger.debug("Remote follow failed with error #{inspect(e)}")
-        render(conn, "followed.html", %{error: "Something went wrong."})
-    end
-  end
-
   def notifications_read(%{assigns: %{user: user}} = conn, %{"id" => notification_id}) do
     with {:ok, _} <- Notification.read_one(user, notification_id) do
       json(conn, %{status: "success"})
diff --git a/lib/pleroma/web/twitter_api/views/remote_follow_view.ex b/lib/pleroma/web/twitter_api/views/remote_follow_view.ex
new file mode 100644
index 000000000..8f1f21bce
--- /dev/null
+++ b/lib/pleroma/web/twitter_api/views/remote_follow_view.ex
@@ -0,0 +1,10 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.TwitterAPI.RemoteFollowView do
+  use Pleroma.Web, :view
+  import Phoenix.HTML.Form
+
+  def avatar_url(user), do: Pleroma.User.avatar_url(user)
+end
-- 
cgit v1.2.3


From c9a44ec4a6f7b98145e2b192519dfa6933f430d0 Mon Sep 17 00:00:00 2001
From: Maksim <parallel588@gmail.com>
Date: Sun, 22 Dec 2019 17:58:45 +0000
Subject: Apply suggestion to
 lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex

---
 lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex b/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex
index 460a42566..e5e52a7e8 100644
--- a/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex
@@ -30,7 +30,7 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do
   defp follow_status(conn, _user, acct) do
     with {:ok, object} <- Fetcher.fetch_object_from_id(acct),
          %Activity{id: activity_id} <- Activity.get_create_by_object_ap_id(object.data["id"]) do
-      redirect(conn, to: "/notice/#{activity_id}")
+      redirect(conn, to: o_status_path(conn, :notice, activity_id))
     else
       error ->
         handle_follow_error(conn, error)
-- 
cgit v1.2.3


From 4c505bc615b0e698db4f6d16c3b1f0b159f30e02 Mon Sep 17 00:00:00 2001
From: Maksim <parallel588@gmail.com>
Date: Sun, 22 Dec 2019 17:58:54 +0000
Subject: Apply suggestion to
 lib/pleroma/web/twitter_api/views/remote_follow_view.ex

---
 lib/pleroma/web/twitter_api/views/remote_follow_view.ex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/twitter_api/views/remote_follow_view.ex b/lib/pleroma/web/twitter_api/views/remote_follow_view.ex
index 8f1f21bce..fb6109906 100644
--- a/lib/pleroma/web/twitter_api/views/remote_follow_view.ex
+++ b/lib/pleroma/web/twitter_api/views/remote_follow_view.ex
@@ -6,5 +6,5 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowView do
   use Pleroma.Web, :view
   import Phoenix.HTML.Form
 
-  def avatar_url(user), do: Pleroma.User.avatar_url(user)
+  defdelegate avatar_url(user), to: Pleroma.User.avatar_url
 end
-- 
cgit v1.2.3


From bdd71669da43698716be6494528b6e1813d0cd3d Mon Sep 17 00:00:00 2001
From: Maksim Pechnikov <parallel588@gmail.com>
Date: Sun, 22 Dec 2019 21:17:19 +0300
Subject: update test

---
 lib/pleroma/web/twitter_api/views/remote_follow_view.ex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/twitter_api/views/remote_follow_view.ex b/lib/pleroma/web/twitter_api/views/remote_follow_view.ex
index fb6109906..d469c4726 100644
--- a/lib/pleroma/web/twitter_api/views/remote_follow_view.ex
+++ b/lib/pleroma/web/twitter_api/views/remote_follow_view.ex
@@ -6,5 +6,5 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowView do
   use Pleroma.Web, :view
   import Phoenix.HTML.Form
 
-  defdelegate avatar_url(user), to: Pleroma.User.avatar_url
+  defdelegate avatar_url(user), to: Pleroma.User
 end
-- 
cgit v1.2.3


From 933dc120438d14502e4bc4c29db904114fb6e438 Mon Sep 17 00:00:00 2001
From: Maksim Pechnikov <parallel588@gmail.com>
Date: Wed, 25 Dec 2019 15:12:43 +0300
Subject: added code of mr#2067

---
 .../controllers/remote_follow_controller.ex            | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex b/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex
index e5e52a7e8..e0d4d5632 100644
--- a/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex
@@ -16,7 +16,12 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do
 
   @status_types ["Article", "Event", "Note", "Video", "Page", "Question"]
 
-  plug(OAuthScopesPlug, %{scopes: ["follow", "write:follows"]} when action in [:do_follow])
+  # Note: follower can submit the form (with password auth) not being signed in (having no token)
+  plug(
+    OAuthScopesPlug,
+    %{fallback: :proceed_unauthenticated, scopes: ["follow", "write:follows"]}
+    when action in [:do_follow]
+  )
 
   # GET /ostatus_subscribe
   #
@@ -61,9 +66,8 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do
 
   # POST  /ostatus_subscribe
   #
-  def do_follow(conn, %{"authorization" => %{"name" => _, "password" => _, "id" => id}}) do
+  def do_follow(%{assigns: %{user: %User{} = user}} = conn, %{"user" => %{"id" => id}}) do
     with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)},
-         {_, {:ok, user}, _} <- {:auth, Authenticator.get_user(conn), followee},
          {:ok, _, _, _} <- CommonAPI.follow(user, followee) do
       render(conn, "followed.html", %{error: false})
     else
@@ -72,8 +76,9 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do
     end
   end
 
-  def do_follow(%{assigns: %{user: user}} = conn, %{"user" => %{"id" => id}}) do
+  def do_follow(conn, %{"authorization" => %{"name" => _, "password" => _, "id" => id}}) do
     with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)},
+         {_, {:ok, user}, _} <- {:auth, Authenticator.get_user(conn), followee},
          {:ok, _, _, _} <- CommonAPI.follow(user, followee) do
       render(conn, "followed.html", %{error: false})
     else
@@ -82,6 +87,11 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do
     end
   end
 
+  def do_follow(%{assigns: %{user: nil}} = conn, _) do
+    Logger.debug("Insufficient permissions: follow | write:follows.")
+    render(conn, "followed.html", %{error: "Insufficient permissions: follow | write:follows."})
+  end
+
   defp handle_follow_error(conn, {:auth, _, followee} = _) do
     render(conn, "follow_login.html", %{error: "Wrong username or password", followee: followee})
   end
-- 
cgit v1.2.3