Merge e2a56efa9e into 74fc4dbacf

refactor: Only remove pointer-events when necessary (#35390 )
Move disallow unauthenticated config to x.mastodon area
2025-07-17 17:58:14 +00:00 · 2025-07-15 17:05:58 +00:00 · 2025-07-15 15:57:31 +00:00 · 2025-07-03 18:28:53 -04:00
6 changed files with 17 additions and 13 deletions
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@ -92,7 +92,7 @@ class Api::BaseController < ApplicationController
  end

  def disallow_unauthenticated_api_access?
-    ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'true' || Rails.configuration.x.mastodon.limited_federation_mode
+    Rails.configuration.x.mastodon.disallow_unauthenticated_api_access || Rails.configuration.x.mastodon.limited_federation_mode
  end

  private
--- a/app/javascript/styles/mastodon/components.scss
+++ b/app/javascript/styles/mastodon/components.scss
@ -2848,7 +2848,6 @@ a.account__display-name {
    &__pane {
      height: 100%;
      overflow: hidden;
-      pointer-events: none;
      display: flex;
      justify-content: flex-end;
      min-width: 285px;
@ -2860,7 +2859,6 @@ a.account__display-name {
      &__inner {
        position: fixed;
        width: 285px;
-        pointer-events: auto;
        height: 100%;
      }
    }
--- a/app/serializers/webfinger_serializer.rb
+++ b/app/serializers/webfinger_serializer.rb
@ -30,12 +30,15 @@ class WebfingerSerializer < ActiveModel::Serializer
  private

  def show_avatar?
-    media_present = object.avatar.present? && object.avatar.content_type.present?
+    media_present? && config_allows_public_access?
+  end

-    # Show avatar only if an instance shows profiles to logged out users
-    allowed_by_config = ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] != 'true' && !Rails.configuration.x.mastodon.limited_federation_mode
+  def media_present?
+    object.avatar.present? && object.avatar.content_type.present?
+  end

-    media_present && allowed_by_config
+  def config_allows_public_access?
+    !Rails.configuration.x.mastodon.disallow_unauthenticated_api_access && !Rails.configuration.x.mastodon.limited_federation_mode
  end

  def profile_page_href
--- a/config/mastodon.yml
+++ b/config/mastodon.yml
@ -1,5 +1,6 @@
 ---
 shared:
+  disallow_unauthenticated_api_access: <%= ENV.fetch('DISALLOW_UNAUTHENTICATED_API_ACCESS', nil) == 'true' %>
  experimental_features: <%= ENV.fetch('EXPERIMENTAL_FEATURES', nil) %>
  limited_federation_mode: <%= (ENV.fetch('LIMITED_FEDERATION_MODE', nil) || ENV.fetch('WHITELIST_MODE', nil)) == 'true' %>
  self_destruct_value: <%= ENV.fetch('SELF_DESTRUCT', nil)&.to_json %>
--- a/spec/requests/cache_spec.rb
+++ b/spec/requests/cache_spec.rb
@ -555,9 +555,10 @@ RSpec.describe 'Caching behavior' do

  context 'when enabling DISALLOW_UNAUTHENTICATED_API_ACCESS' do
    around do |example|
-      ClimateControl.modify DISALLOW_UNAUTHENTICATED_API_ACCESS: 'true' do
-        example.run
-      end
+      original = Rails.configuration.x.mastodon.disallow_unauthenticated_api_access
+      Rails.configuration.x.mastodon.disallow_unauthenticated_api_access = true
+      example.run
+      Rails.configuration.x.mastodon.disallow_unauthenticated_api_access = original
    end

    context 'when anonymously accessed' do
--- a/spec/requests/well_known/webfinger_spec.rb
+++ b/spec/requests/well_known/webfinger_spec.rb
@ -189,9 +189,10 @@ RSpec.describe 'The /.well-known/webfinger endpoint' do

    context 'when enabling DISALLOW_UNAUTHENTICATED_API_ACCESS' do
      around do |example|
-        ClimateControl.modify DISALLOW_UNAUTHENTICATED_API_ACCESS: 'true' do
-          example.run
-        end
+        original = Rails.configuration.x.mastodon.disallow_unauthenticated_api_access
+        Rails.configuration.x.mastodon.disallow_unauthenticated_api_access = true
+        example.run
+        Rails.configuration.x.mastodon.disallow_unauthenticated_api_access = original
      end

      it 'does not return avatar in response' do
Author	SHA1	Message	Date
Matt Jankowski	da71ce43d5	Merge `e2a56efa9e` into `74fc4dbacf`	2025-07-15 17:05:58 +00:00
diondiondion	74fc4dbacf	refactor: Only remove pointer-events when necessary (#35390 ) Some checks failed Check i18n / check-i18n (push) Waiting to run Details Chromatic / Run Chromatic (push) Waiting to run Details CodeQL / Analyze (javascript) (push) Waiting to run Details CodeQL / Analyze (ruby) (push) Waiting to run Details Check formatting / lint (push) Waiting to run Details CSS Linting / lint (push) Waiting to run Details Ruby Testing / build (production) (push) Waiting to run Details Ruby Testing / build (test) (push) Waiting to run Details Ruby Testing / test (.ruby-version) (push) Blocked by required conditions Details Ruby Testing / test (3.2) (push) Blocked by required conditions Details Ruby Testing / test (3.3) (push) Blocked by required conditions Details Ruby Testing / ImageMagick tests (.ruby-version) (push) Blocked by required conditions Details Ruby Testing / ImageMagick tests (3.2) (push) Blocked by required conditions Details Ruby Testing / ImageMagick tests (3.3) (push) Blocked by required conditions Details Ruby Testing / End to End testing (.ruby-version) (push) Blocked by required conditions Details Ruby Testing / End to End testing (3.2) (push) Blocked by required conditions Details Ruby Testing / End to End testing (3.3) (push) Blocked by required conditions Details Ruby Testing / Elastic Search integration testing (.ruby-version, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions Details Ruby Testing / Elastic Search integration testing (.ruby-version, docker.elastic.co/elasticsearch/elasticsearch:8.10.2) (push) Blocked by required conditions Details Ruby Testing / Elastic Search integration testing (.ruby-version, opensearchproject/opensearch:2) (push) Blocked by required conditions Details Ruby Testing / Elastic Search integration testing (3.2, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions Details Ruby Testing / Elastic Search integration testing (3.3, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions Details Crowdin / Upload translations / upload-translations (push) Has been cancelled Details Haml Linting / lint (push) Has been cancelled Details Ruby Linting / lint (push) Has been cancelled Details Historical data migration test / test (14-alpine) (push) Has been cancelled Details Historical data migration test / test (15-alpine) (push) Has been cancelled Details Historical data migration test / test (16-alpine) (push) Has been cancelled Details Historical data migration test / test (17-alpine) (push) Has been cancelled Details	2025-07-15 15:57:31 +00:00
Matt Jankowski	e2a56efa9e	Move disallow unauthenticated config to `x.mastodon` area	2025-07-03 18:28:53 -04:00