diff options
| author | Starfall <us@starfall.systems> | 2022-05-04 12:00:22 -0500 |
|---|---|---|
| committer | Starfall <us@starfall.systems> | 2022-05-04 12:00:22 -0500 |
| commit | e9b2e11520056d0ec822ac0862923d00c6a1289c (patch) | |
| tree | 53b22a4fecda9846fc6c77cf4067c071a6287df0 /app/controllers | |
| parent | 9ec0ecda66745c892961a917b18354f42dfc1f19 (diff) | |
| parent | 58ac5ae643dc57ffd20017c54e7be523deaef156 (diff) | |
Merge remote-tracking branch 'glitch/main'
Diffstat (limited to 'app/controllers')
4 files changed, 13 insertions, 5 deletions
diff --git a/app/controllers/api/v1/accounts/lookup_controller.rb b/app/controllers/api/v1/accounts/lookup_controller.rb index aee6be18a..8597f891d 100644 --- a/app/controllers/api/v1/accounts/lookup_controller.rb +++ b/app/controllers/api/v1/accounts/lookup_controller.rb @@ -12,5 +12,7 @@ class Api::V1::Accounts::LookupController < Api::BaseController def set_account @account = ResolveAccountService.new.call(params[:acct], skip_webfinger: true) || raise(ActiveRecord::RecordNotFound) + rescue Addressable::URI::InvalidURIError + raise(ActiveRecord::RecordNotFound) end end diff --git a/app/controllers/authorize_interactions_controller.rb b/app/controllers/authorize_interactions_controller.rb index f0bcac75b..97fe4a9ab 100644 --- a/app/controllers/authorize_interactions_controller.rb +++ b/app/controllers/authorize_interactions_controller.rb @@ -14,7 +14,7 @@ class AuthorizeInteractionsController < ApplicationController if @resource.is_a?(Account) render :show elsif @resource.is_a?(Status) - redirect_to web_url("statuses/#{@resource.id}") + redirect_to web_url("@#{@resource.account.pretty_acct}/#{@resource.id}") else render :error end @@ -26,15 +26,17 @@ class AuthorizeInteractionsController < ApplicationController else render :error end - rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError + rescue ActiveRecord::RecordNotFound render :error end private def set_resource - @resource = located_resource || render(:error) + @resource = located_resource authorize(@resource, :show?) if @resource.is_a?(Status) + rescue Mastodon::NotPermittedError + not_found end def located_resource diff --git a/app/controllers/following_accounts_controller.rb b/app/controllers/following_accounts_controller.rb index bc291c962..11c6b6d50 100644 --- a/app/controllers/following_accounts_controller.rb +++ b/app/controllers/following_accounts_controller.rb @@ -22,7 +22,10 @@ class FollowingAccountsController < ApplicationController end format.json do - raise Mastodon::NotPermittedError if page_requested? && @account.hide_collections? + if page_requested? && @account.hide_collections? + forbidden + next + end expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode?) diff --git a/app/controllers/oauth/tokens_controller.rb b/app/controllers/oauth/tokens_controller.rb index fa6d58f25..34087b20b 100644 --- a/app/controllers/oauth/tokens_controller.rb +++ b/app/controllers/oauth/tokens_controller.rb @@ -2,7 +2,8 @@ class Oauth::TokensController < Doorkeeper::TokensController def revoke - unsubscribe_for_token if authorized? && token.accessible? + unsubscribe_for_token if token.present? && authorized? && token.accessible? + super end |