Prevent AP collection page number being < 1
Closes #1184 Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
7a4ff475d5
commit
3e15048843
@ -191,6 +191,7 @@ defmodule Mobilizon.Web.ActivityPubController do
|
|||||||
|
|
||||||
defp actor_collection(conn, collection, %{"name" => name, "page" => page}) do
|
defp actor_collection(conn, collection, %{"name" => name, "page" => page}) do
|
||||||
with {page, ""} <- Integer.parse(page),
|
with {page, ""} <- Integer.parse(page),
|
||||||
|
page <- max(page, 1),
|
||||||
%Actor{} = actor <- Actors.get_local_actor_by_name_with_preload(name) do
|
%Actor{} = actor <- Actors.get_local_actor_by_name_with_preload(name) do
|
||||||
conn
|
conn
|
||||||
|> put_resp_header("content-type", "application/activity+json")
|
|> put_resp_header("content-type", "application/activity+json")
|
||||||
|
@ -243,6 +243,34 @@ defmodule Mobilizon.Web.ActivityPubControllerTest do
|
|||||||
assert length(result["orderedItems"]) == 5
|
assert length(result["orderedItems"]) == 5
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it can't be called for a page < 1", %{conn: conn} do
|
||||||
|
actor = insert(:actor, visibility: :public)
|
||||||
|
|
||||||
|
Enum.each(1..15, fn _ ->
|
||||||
|
insert(:event, organizer_actor: actor)
|
||||||
|
end)
|
||||||
|
|
||||||
|
result =
|
||||||
|
conn
|
||||||
|
|> get(Actor.build_url(actor.preferred_username, :outbox))
|
||||||
|
|> json_response(200)
|
||||||
|
|
||||||
|
assert length(result["first"]["orderedItems"]) == 10
|
||||||
|
assert result["totalItems"] == 15
|
||||||
|
|
||||||
|
page_0_result =
|
||||||
|
conn
|
||||||
|
|> get(Actor.build_url(actor.preferred_username, :outbox, page: 0))
|
||||||
|
|> json_response(200)
|
||||||
|
|
||||||
|
page_1_result =
|
||||||
|
conn
|
||||||
|
|> get(Actor.build_url(actor.preferred_username, :outbox, page: 1))
|
||||||
|
|> json_response(200)
|
||||||
|
|
||||||
|
assert page_0_result == page_1_result
|
||||||
|
end
|
||||||
|
|
||||||
test "it returns an empty collection if the actor has private visibility", %{conn: conn} do
|
test "it returns an empty collection if the actor has private visibility", %{conn: conn} do
|
||||||
actor = insert(:actor, visibility: :private)
|
actor = insert(:actor, visibility: :private)
|
||||||
insert(:event, organizer_actor: actor)
|
insert(:event, organizer_actor: actor)
|
||||||
|
Loading…
Reference in New Issue
Block a user