[#1973] Fixed accounts rendering in GET /api/v1/pleroma/chats with truish :restrict_unauthenticated.

Made `Pleroma.Web.MastodonAPI.AccountView.render("show.json", _)` demand :for or :force option in order to prevent incorrect rendering of empty map instead of expected user representation with truish :restrict_unauthenticated setting.

test/web/mastodon_api/views/account_view_test.exs

@@ -95,7 +95,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       }
     }
 
-    assert expected == AccountView.render("show.json", %{user: user})
+    assert expected == AccountView.render("show.json", %{user: user, force: true})
   end
 
   test "Favicon is nil when :instances_favicons is disabled" do
@@ -108,11 +108,12 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
                favicon:
                  "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png"
              }
-           } = AccountView.render("show.json", %{user: user})
+           } = AccountView.render("show.json", %{user: user, force: true})
 
     Config.put([:instances_favicons, :enabled], false)
 
-    assert %{pleroma: %{favicon: nil}} = AccountView.render("show.json", %{user: user})
+    assert %{pleroma: %{favicon: nil}} =
+             AccountView.render("show.json", %{user: user, force: true})
   end
 
   test "Represent the user account for the account owner" do
@@ -189,7 +190,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       }
     }
 
-    assert expected == AccountView.render("show.json", %{user: user})
+    assert expected == AccountView.render("show.json", %{user: user, force: true})
   end
 
   test "Represent a Funkwhale channel" do
@@ -198,7 +199,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         "https://channels.tests.funkwhale.audio/federation/actors/compositions"
       )
 
-    assert represented = AccountView.render("show.json", %{user: user})
+    assert represented = AccountView.render("show.json", %{user: user, force: true})
     assert represented.acct == "compositions@channels.tests.funkwhale.audio"
     assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions"
   end
@@ -223,6 +224,21 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
     assert expected == AccountView.render("mention.json", %{user: user})
   end
 
+  test "demands :for or :force option for account rendering" do
+    clear_config([:restrict_unauthenticated, :profiles, :local], false)
+
+    user = insert(:user)
+    user_id = user.id
+
+    assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: nil})
+    assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: user})
+    assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, force: true})
+
+    assert_raise RuntimeError, ~r/:force or :for option is required/, fn ->
+      AccountView.render("show.json", %{user: user})
+    end
+  end
+
   describe "relationship" do
     defp test_relationship_rendering(user, other_user, expected_result) do
       opts = %{user: user, target: other_user, relationships: nil}
@@ -336,7 +352,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
 
     assert result.pleroma.settings_store == %{:fe => "test"}
 
-    result = AccountView.render("show.json", %{user: user, with_pleroma_settings: true})
+    result = AccountView.render("show.json", %{user: user, for: nil, with_pleroma_settings: true})
     assert result.pleroma[:settings_store] == nil
 
     result = AccountView.render("show.json", %{user: user, for: user})
@@ -345,13 +361,13 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
 
   test "doesn't sanitize display names" do
     user = insert(:user, name: "<marquee> username </marquee>")
-    result = AccountView.render("show.json", %{user: user})
+    result = AccountView.render("show.json", %{user: user, force: true})
     assert result.display_name == "<marquee> username </marquee>"
   end
 
   test "never display nil user follow counts" do
     user = insert(:user, following_count: 0, follower_count: 0)
-    result = AccountView.render("show.json", %{user: user})
+    result = AccountView.render("show.json", %{user: user, force: true})
 
     assert result.following_count == 0
     assert result.followers_count == 0
@@ -375,7 +391,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
                followers_count: 0,
                following_count: 0,
                pleroma: %{hide_follows_count: true, hide_followers_count: true}
-             } = AccountView.render("show.json", %{user: user})
+             } = AccountView.render("show.json", %{user: user, force: true})
     end
 
     test "shows when follows/followers are hidden" do
@@ -388,7 +404,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
                followers_count: 1,
                following_count: 1,
                pleroma: %{hide_follows: true, hide_followers: true}
-             } = AccountView.render("show.json", %{user: user})
+             } = AccountView.render("show.json", %{user: user, force: true})
     end
 
     test "shows actual follower/following count to the account owner" do
@@ -531,7 +547,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         emoji: %{"joker_smile" => "https://evil.website/society.png"}
       )
 
-    AccountView.render("show.json", %{user: user})
+    AccountView.render("show.json", %{user: user, force: true})
     |> Enum.all?(fn
       {key, url} when key in [:avatar, :avatar_static, :header, :header_static] ->
         String.starts_with?(url, Pleroma.Web.base_url())

test/web/mastodon_api/views/status_view_test.exs

@@ -177,7 +177,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
       id: to_string(note.id),
       uri: object_data["id"],
       url: Pleroma.Web.Router.Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, note),
-      account: AccountView.render("show.json", %{user: user}),
+      account: AccountView.render("show.json", %{user: user, force: true}),
       in_reply_to_id: nil,
       in_reply_to_account_id: nil,
       card: nil,