Make sure a person profile page returns 404

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2020-10-12 12:16:36 +02:00
parent ff51c5bd1e
commit cd5418825b
No known key found for this signature in database
GPG key ID: A061B9DDE0CA0773
8 changed files with 57 additions and 24 deletions

View file

@ -1,5 +1,6 @@
import { PERSON_MEMBERSHIPS, CURRENT_ACTOR_CLIENT } from "@/graphql/actor"; import { PERSON_MEMBERSHIPS, CURRENT_ACTOR_CLIENT } from "@/graphql/actor";
import { FETCH_GROUP } from "@/graphql/group"; import { FETCH_GROUP } from "@/graphql/group";
import RouteName from "@/router/name";
import { Group, IActor, IGroup, IPerson, MemberRole } from "@/types/actor"; import { Group, IActor, IGroup, IPerson, MemberRole } from "@/types/actor";
import { Component, Vue } from "vue-property-decorator"; import { Component, Vue } from "vue-property-decorator";
@ -16,6 +17,9 @@ import { Component, Vue } from "vue-property-decorator";
skip() { skip() {
return !this.$route.params.preferredUsername; return !this.$route.params.preferredUsername;
}, },
error({ graphQLErrors }) {
this.handleErrors(graphQLErrors);
},
}, },
person: { person: {
query: PERSON_MEMBERSHIPS, query: PERSON_MEMBERSHIPS,
@ -46,4 +50,13 @@ export default class GroupMixin extends Vue {
) )
); );
} }
handleErrors(errors: any[]) {
if (
errors.some((error) => error.status_code === 404) ||
errors.some(({ message }) => message.includes("has invalid value $uuid"))
) {
this.$router.replace({ name: RouteName.PAGE_NOT_FOUND });
}
}
} }

View file

@ -87,6 +87,7 @@ defmodule Mobilizon.GraphQL.Error do
defp metadata(:user_not_found), do: {404, dgettext("errors", "User not found")} defp metadata(:user_not_found), do: {404, dgettext("errors", "User not found")}
defp metadata(:post_not_found), do: {404, dgettext("errors", "Post not found")} defp metadata(:post_not_found), do: {404, dgettext("errors", "Post not found")}
defp metadata(:event_not_found), do: {404, dgettext("errors", "Event not found")} defp metadata(:event_not_found), do: {404, dgettext("errors", "Event not found")}
defp metadata(:group_not_found), do: {404, dgettext("errors", "Group not found")}
defp metadata(:unknown), do: {500, dgettext("errors", "Something went wrong")} defp metadata(:unknown), do: {500, dgettext("errors", "Something went wrong")}
defp metadata(code) do defp metadata(code) do

View file

@ -38,7 +38,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Group do
find_group(parent, args, nil) find_group(parent, args, nil)
_ -> _ ->
{:error, dgettext("errors", "Group with name %{name} not found", name: name)} {:error, :group_not_found}
end end
end end
@ -52,7 +52,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Group do
{:ok, actor} {:ok, actor}
else else
_ -> _ ->
{:error, dgettext("errors", "Group with name %{name} not found", name: name)} {:error, :group_not_found}
end end
end end

View file

@ -4,6 +4,7 @@ defmodule Mobilizon.Web.PageController do
""" """
use Mobilizon.Web, :controller use Mobilizon.Web, :controller
alias Mobilizon.Actors.Actor
alias Mobilizon.Discussions.Comment alias Mobilizon.Discussions.Comment
alias Mobilizon.Events.Event alias Mobilizon.Events.Event
alias Mobilizon.Federation.ActivityPub alias Mobilizon.Federation.ActivityPub
@ -28,7 +29,7 @@ defmodule Mobilizon.Web.PageController do
@spec actor(Plug.Conn.t(), map) :: {:error, :not_found} | Plug.Conn.t() @spec actor(Plug.Conn.t(), map) :: {:error, :not_found} | Plug.Conn.t()
def actor(conn, %{"name" => name}) do def actor(conn, %{"name" => name}) do
{status, actor} = Cache.get_actor_by_name(name) {status, actor} = Cache.get_actor_by_name(name)
render_or_error(conn, &ok_status?/3, status, :actor, actor) render_or_error(conn, &checks?/3, status, :actor, actor)
end end
@spec event(Plug.Conn.t(), map) :: {:error, :not_found} | Plug.Conn.t() @spec event(Plug.Conn.t(), map) :: {:error, :not_found} | Plug.Conn.t()
@ -140,15 +141,19 @@ defmodule Mobilizon.Web.PageController do
defp is_visible?(_), do: true defp is_visible?(_), do: true
defp ok_status?(status), do: status in [:ok, :commit] defp ok_status?(status), do: status in [:ok, :commit]
defp ok_status?(_conn, status, _), do: ok_status?(status)
defp ok_status_and_is_visible?(_conn, status, o), defp ok_status_and_is_visible?(_conn, status, o),
do: ok_status?(status) and is_visible?(o) do: ok_status?(status) and is_visible?(o)
defp checks?(conn, status, o) do defp checks?(conn, status, o) do
if ok_status_and_is_visible?(conn, status, o) do cond do
ok_status_and_is_visible?(conn, status, o) ->
if is_local?(o) == :remote && get_format(conn) == "activity-json", do: :remote, else: true if is_local?(o) == :remote && get_format(conn) == "activity-json", do: :remote, else: true
else
is_person?(o) && get_format(conn) == "activity-json" ->
true
true ->
false false
end end
end end
@ -162,4 +167,7 @@ defmodule Mobilizon.Web.PageController do
end end
defp maybe_add_noindex_header(conn, _), do: conn defp maybe_add_noindex_header(conn, _), do: conn
defp is_person?(%Actor{type: :Person}), do: true
defp is_person?(_), do: false
end end

View file

@ -19,7 +19,9 @@ defmodule Mobilizon.Web.Views.Utils do
@spec replace_meta(String.t(), String.t()) :: String.t() @spec replace_meta(String.t(), String.t()) :: String.t()
defp replace_meta(index_content, tags) do defp replace_meta(index_content, tags) do
String.replace(index_content, "<meta name=\"server-injected-data\">", tags) index_content
|> String.replace("<meta name=\"server-injected-data\">", tags)
|> String.replace("<meta name=\"server-injected-data\" />", tags)
end end
@spec do_replacements(String.t(), String.t(), String.t()) :: {:safe, String.t()} @spec do_replacements(String.t(), String.t(), String.t()) :: {:safe, String.t()}

View file

@ -454,12 +454,12 @@ msgstr "Participant·e non trouvé·e"
#, elixir-format #, elixir-format
#: lib/graphql/resolvers/person.ex:31 #: lib/graphql/resolvers/person.ex:31
msgid "Person with ID %{id} not found" msgid "Person with ID %{id} not found"
msgstr "Groupe avec l'ID %{id} non trouvé" msgstr "Personne avec l'ID %{id} non trouvé"
#, elixir-format #, elixir-format
#: lib/graphql/resolvers/person.ex:52 #: lib/graphql/resolvers/person.ex:52
msgid "Person with username %{username} not found" msgid "Person with username %{username} not found"
msgstr "Groupe avec le nom %{name} non trouvé" msgstr "Personne avec le nom %{name} non trouvé"
#, elixir-format #, elixir-format
#: lib/graphql/resolvers/picture.ex:45 #: lib/graphql/resolvers/picture.ex:45

View file

@ -210,8 +210,7 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
assert res["data"]["group"] == nil assert res["data"]["group"] == nil
assert hd(res["errors"])["message"] == assert hd(res["errors"])["message"] == "Group not found"
"Group with name #{@non_existent_username} not found"
end end
test "find_group doesn't list group members access if group is private", %{ test "find_group doesn't list group members access if group is private", %{

View file

@ -13,21 +13,31 @@ defmodule Mobilizon.Web.PageControllerTest do
{:ok, conn: conn} {:ok, conn: conn}
end end
describe "GET /" do
test "GET /", %{conn: conn} do test "GET /", %{conn: conn} do
conn = get(conn, "/") conn = get(conn, "/")
assert html_response(conn, 200) assert html_response(conn, 200)
end end
end
test "GET /@actor with existing actor", %{conn: conn} do describe "GET /@actor" do
actor = insert(:actor) test "GET /@actor with existing group", %{conn: conn} do
actor = insert(:group)
conn = get(conn, Actor.build_url(actor.preferred_username, :page)) conn = get(conn, Actor.build_url(actor.preferred_username, :page))
assert html_response(conn, 200) =~ actor.preferred_username assert html_response(conn, 200) =~ actor.preferred_username
end end
test "GET /@actor with not existing actor", %{conn: conn} do test "GET /@actor with existing person", %{conn: conn} do
actor = insert(:actor, visibility: :private)
conn = get(conn, Actor.build_url(actor.preferred_username, :page))
assert html_response(conn, 404)
end
test "GET /@actor with not existing group", %{conn: conn} do
conn = get(conn, Actor.build_url("not_existing", :page)) conn = get(conn, Actor.build_url("not_existing", :page))
assert html_response(conn, 404) assert html_response(conn, 404)
end end
end
test "GET /events/:uuid", %{conn: conn} do test "GET /events/:uuid", %{conn: conn} do
event = insert(:event, visibility: :public) event = insert(:event, visibility: :public)