From 482647dab9e638a4474e1f30a4609653fedb2ceb Mon Sep 17 00:00:00 2001
From: Agate <me@agate.blue>
Date: Fri, 28 Aug 2020 20:19:08 +0200
Subject: [PATCH] Fix #1210: Enforce authentication when viewing remote
 channels, profiles and libraries

---
 api/funkwhale_api/federation/tasks.py   | 2 +-
 changes/changelog.d/1210.enhancement    | 1 +
 front/src/views/auth/ProfileBase.vue    | 7 ++++++-
 front/src/views/channels/DetailBase.vue | 4 ++++
 front/src/views/library/DetailBase.vue  | 4 ++++
 5 files changed, 16 insertions(+), 2 deletions(-)
 create mode 100644 changes/changelog.d/1210.enhancement

diff --git a/api/funkwhale_api/federation/tasks.py b/api/funkwhale_api/federation/tasks.py
index 86bef50e11..c2bdfad347 100644
--- a/api/funkwhale_api/federation/tasks.py
+++ b/api/funkwhale_api/federation/tasks.py
@@ -429,7 +429,7 @@ def fetch(fetch_obj):
                 )
             except Exception:
                 logger.exception(
-                    "Error while fetching actor outbox: %s", obj.actor.outbox.url
+                    "Error while fetching actor outbox: %s", obj.actor.outbox_url
                 )
             else:
                 if result.get("next_page"):
diff --git a/changes/changelog.d/1210.enhancement b/changes/changelog.d/1210.enhancement
new file mode 100644
index 0000000000..a41d714e51
--- /dev/null
+++ b/changes/changelog.d/1210.enhancement
@@ -0,0 +1 @@
+Enforce authentication when viewing remote channels, profiles and libraries (#1210)
\ No newline at end of file
diff --git a/front/src/views/auth/ProfileBase.vue b/front/src/views/auth/ProfileBase.vue
index 353ab1581c..2569e2ce04 100644
--- a/front/src/views/auth/ProfileBase.vue
+++ b/front/src/views/auth/ProfileBase.vue
@@ -93,7 +93,12 @@ export default {
     }
   },
   created() {
-    this.fetch()
+    let authenticated = this.$store.state.auth.authenticated
+    if (!authenticated && this.domain && this.$store.getters['instance/domain'] != this.domain) {
+      this.$router.push({name: 'login', query: {next: this.$route.fullPath}})
+    } else {
+     this.fetch()
+    }
   },
   beforeRouteUpdate (to, from, next) {
     to.meta.preserveScrollPosition = true
diff --git a/front/src/views/channels/DetailBase.vue b/front/src/views/channels/DetailBase.vue
index be8481dafb..f111967524 100644
--- a/front/src/views/channels/DetailBase.vue
+++ b/front/src/views/channels/DetailBase.vue
@@ -270,6 +270,10 @@ export default {
   },
   async created() {
     await this.fetchData()
+    let authenticated = this.$store.state.auth.authenticated
+    if (!authenticated && this.$store.getters['instance/domain'] != this.object.actor.domain) {
+      this.$router.push({name: 'login', query: {next: this.$route.fullPath}})
+    }
   },
   methods: {
     async fetchData() {
diff --git a/front/src/views/library/DetailBase.vue b/front/src/views/library/DetailBase.vue
index a58a179be6..efd0d18fc8 100644
--- a/front/src/views/library/DetailBase.vue
+++ b/front/src/views/library/DetailBase.vue
@@ -148,6 +148,10 @@ export default {
   },
   async created() {
     await this.fetchData()
+    let authenticated = this.$store.state.auth.authenticated
+    if (!authenticated && this.$store.getters['instance/domain'] != this.object.actor.domain) {
+      this.$router.push({name: 'login', query: {next: this.$route.fullPath}})
+    }
   },
   methods: {
     async fetchData() {
-- 
GitLab