Prevent AP collection page number being < 1

Closes #1184 Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-21 16:56:20 +01:00 · 2022-11-21 16:56:20 +01:00 · 3e15048843
commit 3e15048843
parent 7a4ff475d5
2 changed files with 29 additions and 0 deletions
--- a/lib/web/controllers/activity_pub_controller.ex
+++ b/lib/web/controllers/activity_pub_controller.ex
@ -191,6 +191,7 @@ defmodule Mobilizon.Web.ActivityPubController do

  defp actor_collection(conn, collection, %{"name" => name, "page" => page}) do
    with {page, ""} <- Integer.parse(page),
+         page <- max(page, 1),
         %Actor{} = actor <- Actors.get_local_actor_by_name_with_preload(name) do
      conn
      |> put_resp_header("content-type", "application/activity+json")
--- a/test/web/controllers/activity_pub_controller_test.exs
+++ b/test/web/controllers/activity_pub_controller_test.exs
@ -243,6 +243,34 @@ defmodule Mobilizon.Web.ActivityPubControllerTest do
      assert length(result["orderedItems"]) == 5
    end

+    test "it can't be called for a page < 1", %{conn: conn} do
+      actor = insert(:actor, visibility: :public)
+
+      Enum.each(1..15, fn _ ->
+        insert(:event, organizer_actor: actor)
+      end)
+
+      result =
+        conn
+        |> get(Actor.build_url(actor.preferred_username, :outbox))
+        |> json_response(200)
+
+      assert length(result["first"]["orderedItems"]) == 10
+      assert result["totalItems"] == 15
+
+      page_0_result =
+        conn
+        |> get(Actor.build_url(actor.preferred_username, :outbox, page: 0))
+        |> json_response(200)
+
+      page_1_result =
+        conn
+        |> get(Actor.build_url(actor.preferred_username, :outbox, page: 1))
+        |> json_response(200)
+
+      assert page_0_result == page_1_result
+    end
+
    test "it returns an empty collection if the actor has private visibility", %{conn: conn} do
      actor = insert(:actor, visibility: :private)
      insert(:event, organizer_actor: actor)