mirror of
https://github.com/mastodon/mastodon.git
synced 2025-07-12 15:33:14 +00:00
Compare commits
2 Commits
f67d972692
...
314f0460d6
Author | SHA1 | Date | |
---|---|---|---|
![]() |
314f0460d6 | ||
![]() |
e2a56efa9e |
|
@ -92,7 +92,7 @@ class Api::BaseController < ApplicationController
|
|||
end
|
||||
|
||||
def disallow_unauthenticated_api_access?
|
||||
ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'true' || Rails.configuration.x.mastodon.limited_federation_mode
|
||||
Rails.configuration.x.mastodon.disallow_unauthenticated_api_access || Rails.configuration.x.mastodon.limited_federation_mode
|
||||
end
|
||||
|
||||
private
|
||||
|
|
|
@ -30,12 +30,15 @@ class WebfingerSerializer < ActiveModel::Serializer
|
|||
private
|
||||
|
||||
def show_avatar?
|
||||
media_present = object.avatar.present? && object.avatar.content_type.present?
|
||||
media_present? && config_allows_public_access?
|
||||
end
|
||||
|
||||
# Show avatar only if an instance shows profiles to logged out users
|
||||
allowed_by_config = ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] != 'true' && !Rails.configuration.x.mastodon.limited_federation_mode
|
||||
def media_present?
|
||||
object.avatar.present? && object.avatar.content_type.present?
|
||||
end
|
||||
|
||||
media_present && allowed_by_config
|
||||
def config_allows_public_access?
|
||||
!Rails.configuration.x.mastodon.disallow_unauthenticated_api_access && !Rails.configuration.x.mastodon.limited_federation_mode
|
||||
end
|
||||
|
||||
def profile_page_href
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
shared:
|
||||
disallow_unauthenticated_api_access: <%= ENV.fetch('DISALLOW_UNAUTHENTICATED_API_ACCESS', nil) == 'true' %>
|
||||
experimental_features: <%= ENV.fetch('EXPERIMENTAL_FEATURES', nil) %>
|
||||
limited_federation_mode: <%= (ENV.fetch('LIMITED_FEDERATION_MODE', nil) || ENV.fetch('WHITELIST_MODE', nil)) == 'true' %>
|
||||
self_destruct_value: <%= ENV.fetch('SELF_DESTRUCT', nil)&.to_json %>
|
||||
|
|
|
@ -555,9 +555,10 @@ RSpec.describe 'Caching behavior' do
|
|||
|
||||
context 'when enabling DISALLOW_UNAUTHENTICATED_API_ACCESS' do
|
||||
around do |example|
|
||||
ClimateControl.modify DISALLOW_UNAUTHENTICATED_API_ACCESS: 'true' do
|
||||
example.run
|
||||
end
|
||||
original = Rails.configuration.x.mastodon.disallow_unauthenticated_api_access
|
||||
Rails.configuration.x.mastodon.disallow_unauthenticated_api_access = true
|
||||
example.run
|
||||
Rails.configuration.x.mastodon.disallow_unauthenticated_api_access = original
|
||||
end
|
||||
|
||||
context 'when anonymously accessed' do
|
||||
|
|
|
@ -189,9 +189,10 @@ RSpec.describe 'The /.well-known/webfinger endpoint' do
|
|||
|
||||
context 'when enabling DISALLOW_UNAUTHENTICATED_API_ACCESS' do
|
||||
around do |example|
|
||||
ClimateControl.modify DISALLOW_UNAUTHENTICATED_API_ACCESS: 'true' do
|
||||
example.run
|
||||
end
|
||||
original = Rails.configuration.x.mastodon.disallow_unauthenticated_api_access
|
||||
Rails.configuration.x.mastodon.disallow_unauthenticated_api_access = true
|
||||
example.run
|
||||
Rails.configuration.x.mastodon.disallow_unauthenticated_api_access = original
|
||||
end
|
||||
|
||||
it 'does not return avatar in response' do
|
||||
|
|
Loading…
Reference in New Issue
Block a user