Merge pull request #2910 from WesleyAC/no-unauthed-remote-profile-view

Don't show remote profiles to unauthenticated users
2023-07-20 19:06:50 -07:00 · 2023-07-20 19:06:50 -07:00 · c947360da8
commit c947360da8
parent 2f2dae074b aae1d10eea
2 changed files with 28 additions and 1 deletions
--- a/bookwyrm/views/user.py
+++ b/bookwyrm/views/user.py
@ -23,6 +23,9 @@ class User(View):
        """profile page for a user"""
        user = get_user_from_username(request.user, username)

+        if not user.local and not request.user.is_authenticated:
+            return redirect(user.remote_id)
+
        if is_api_request(request):
            # we have a json request
            return ActivitypubResponse(user.to_activity())