activitypub: user view: do not expose oAuth endpoints for instance users

2019-02-14 02:41:21 +00:00 · 2019-02-14 02:41:21 +00:00 · 64620d8980
commit 64620d8980
parent d54c483964
2 changed files with 16 additions and 1 deletions
--- a/test/web/activity_pub/views/user_view_test.exs
+++ b/test/web/activity_pub/views/user_view_test.exs
@ -42,5 +42,16 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do
      assert result["id"] == user.ap_id
      assert result["endpoints"] == %{}
    end
+
+    test "instance users do not expose oAuth endpoints" do
+      user = insert(:user, nickname: nil, local: true)
+      {:ok, user} = Pleroma.Web.WebFinger.ensure_keys_present(user)
+
+      result = UserView.render("user.json", %{user: user})
+
+      refute result["endpoints"]["oauthAuthorizationEndpoint"]
+      refute result["endpoints"]["oauthRegistrationEndpoint"]
+      refute result["endpoints"]["oauthTokenEndpoint"]
+    end
  end
 end