about summary refs log tree commit diff
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/api/v1/accounts/lookup_controller.rb2
-rw-r--r--app/controllers/authorize_interactions_controller.rb8
-rw-r--r--app/controllers/following_accounts_controller.rb5
-rw-r--r--app/controllers/oauth/tokens_controller.rb3
4 files changed, 13 insertions, 5 deletions
diff --git a/app/controllers/api/v1/accounts/lookup_controller.rb b/app/controllers/api/v1/accounts/lookup_controller.rb
index aee6be18a..8597f891d 100644
--- a/app/controllers/api/v1/accounts/lookup_controller.rb
+++ b/app/controllers/api/v1/accounts/lookup_controller.rb
@@ -12,5 +12,7 @@ class Api::V1::Accounts::LookupController < Api::BaseController
 
   def set_account
     @account = ResolveAccountService.new.call(params[:acct], skip_webfinger: true) || raise(ActiveRecord::RecordNotFound)
+  rescue Addressable::URI::InvalidURIError
+    raise(ActiveRecord::RecordNotFound)
   end
 end
diff --git a/app/controllers/authorize_interactions_controller.rb b/app/controllers/authorize_interactions_controller.rb
index f0bcac75b..97fe4a9ab 100644
--- a/app/controllers/authorize_interactions_controller.rb
+++ b/app/controllers/authorize_interactions_controller.rb
@@ -14,7 +14,7 @@ class AuthorizeInteractionsController < ApplicationController
     if @resource.is_a?(Account)
       render :show
     elsif @resource.is_a?(Status)
-      redirect_to web_url("statuses/#{@resource.id}")
+      redirect_to web_url("@#{@resource.account.pretty_acct}/#{@resource.id}")
     else
       render :error
     end
@@ -26,15 +26,17 @@ class AuthorizeInteractionsController < ApplicationController
     else
       render :error
     end
-  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound
     render :error
   end
 
   private
 
   def set_resource
-    @resource = located_resource || render(:error)
+    @resource = located_resource
     authorize(@resource, :show?) if @resource.is_a?(Status)
+  rescue Mastodon::NotPermittedError
+    not_found
   end
 
   def located_resource
diff --git a/app/controllers/following_accounts_controller.rb b/app/controllers/following_accounts_controller.rb
index bc291c962..11c6b6d50 100644
--- a/app/controllers/following_accounts_controller.rb
+++ b/app/controllers/following_accounts_controller.rb
@@ -22,7 +22,10 @@ class FollowingAccountsController < ApplicationController
       end
 
       format.json do
-        raise Mastodon::NotPermittedError if page_requested? && @account.hide_collections?
+        if page_requested? && @account.hide_collections?
+          forbidden
+          next
+        end
 
         expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode?)
 
diff --git a/app/controllers/oauth/tokens_controller.rb b/app/controllers/oauth/tokens_controller.rb
index fa6d58f25..34087b20b 100644
--- a/app/controllers/oauth/tokens_controller.rb
+++ b/app/controllers/oauth/tokens_controller.rb
@@ -2,7 +2,8 @@
 
 class Oauth::TokensController < Doorkeeper::TokensController
   def revoke
-    unsubscribe_for_token if authorized? && token.accessible?
+    unsubscribe_for_token if token.present? && authorized? && token.accessible?
+
     super
   end
generated by cgit-pink (git 2.37.1) at 2024-07-03 08:17:20 +0000