From 14cadce4a6a134cef68c2563390b56ef1a0edb98 Mon Sep 17 00:00:00 2001
From: Eliot Berriot <contact@eliotberriot.com>
Date: Tue, 17 Apr 2018 21:49:11 +0200
Subject: [PATCH 1/5] Allow null values for musicbrainz_id in Audio ActivityPub
 representation

---
 api/funkwhale_api/federation/serializers.py | 6 +++---
 changes/changelog.d/mbid.bugfix             | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)
 create mode 100644 changes/changelog.d/mbid.bugfix

diff --git a/api/funkwhale_api/federation/serializers.py b/api/funkwhale_api/federation/serializers.py
index b56dd3f44..6ae6abb78 100644
--- a/api/funkwhale_api/federation/serializers.py
+++ b/api/funkwhale_api/federation/serializers.py
@@ -662,17 +662,17 @@ class CollectionPageSerializer(serializers.Serializer):
 
 
 class ArtistMetadataSerializer(serializers.Serializer):
-    musicbrainz_id = serializers.UUIDField(required=False)
+    musicbrainz_id = serializers.UUIDField(required=False, allow_null=True)
     name = serializers.CharField()
 
 
 class ReleaseMetadataSerializer(serializers.Serializer):
-    musicbrainz_id = serializers.UUIDField(required=False)
+    musicbrainz_id = serializers.UUIDField(required=False, allow_null=True)
     title = serializers.CharField()
 
 
 class RecordingMetadataSerializer(serializers.Serializer):
-    musicbrainz_id = serializers.UUIDField(required=False)
+    musicbrainz_id = serializers.UUIDField(required=False, allow_null=True)
     title = serializers.CharField()
 
 
diff --git a/changes/changelog.d/mbid.bugfix b/changes/changelog.d/mbid.bugfix
new file mode 100644
index 000000000..1dfe2777a
--- /dev/null
+++ b/changes/changelog.d/mbid.bugfix
@@ -0,0 +1 @@
+Allow null values for musicbrainz_id in Audio ActivityPub representation

From 899ba311625a9941fc074a500f3455fac8268f06 Mon Sep 17 00:00:00 2001
From: Eliot Berriot <contact@eliotberriot.com>
Date: Tue, 17 Apr 2018 22:58:43 +0200
Subject: [PATCH 2/5] Do not fail on library page scan if one item is invalid

---
 api/funkwhale_api/federation/serializers.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/api/funkwhale_api/federation/serializers.py b/api/funkwhale_api/federation/serializers.py
index 6ae6abb78..735a101b4 100644
--- a/api/funkwhale_api/federation/serializers.py
+++ b/api/funkwhale_api/federation/serializers.py
@@ -616,10 +616,12 @@ class CollectionPageSerializer(serializers.Serializer):
         if not item_serializer:
             return v
         raw_items = [item_serializer(data=i, context=self.context) for i in v]
+        valid_items = []
         for i in raw_items:
-            i.is_valid(raise_exception=True)
+            if i.is_valid():
+                valid_items.append(i)
 
-        return raw_items
+        return valid_items
 
     def to_representation(self, conf):
         page = conf['page']

From c17f7eefde2beec6c125e1e462293c49676f151c Mon Sep 17 00:00:00 2001
From: Eliot Berriot <contact@eliotberriot.com>
Date: Tue, 17 Apr 2018 23:08:15 +0200
Subject: [PATCH 3/5] Ensure follower is approved to access library

---
 api/funkwhale_api/federation/permissions.py |  3 ++-
 api/tests/federation/test_permissions.py    | 17 ++++++++++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/api/funkwhale_api/federation/permissions.py b/api/funkwhale_api/federation/permissions.py
index 370328eaa..c6f0660b1 100644
--- a/api/funkwhale_api/federation/permissions.py
+++ b/api/funkwhale_api/federation/permissions.py
@@ -16,4 +16,5 @@ class LibraryFollower(BasePermission):
             return False
 
         library = actors.SYSTEM_ACTORS['library'].get_actor_instance()
-        return library.followers.filter(url=actor.url).exists()
+        return library.received_follows.filter(
+            approved=True, actor=actor).exists()
diff --git a/api/tests/federation/test_permissions.py b/api/tests/federation/test_permissions.py
index 1a6977542..9b8683210 100644
--- a/api/tests/federation/test_permissions.py
+++ b/api/tests/federation/test_permissions.py
@@ -30,11 +30,26 @@ def test_library_follower_actor_non_follower(
     assert check is False
 
 
+def test_library_follower_actor_follower_not_approved(
+        factories, api_request, anonymous_user, settings):
+    settings.FEDERATION_MUSIC_NEEDS_APPROVAL = True
+    library = actors.SYSTEM_ACTORS['library'].get_actor_instance()
+    follow = factories['federation.Follow'](target=library, approved=False)
+    view = APIView.as_view()
+    permission = permissions.LibraryFollower()
+    request = api_request.get('/')
+    setattr(request, 'user', anonymous_user)
+    setattr(request, 'actor', follow.actor)
+    check = permission.has_permission(request, view)
+
+    assert check is False
+
+
 def test_library_follower_actor_follower(
         factories, api_request, anonymous_user, settings):
     settings.FEDERATION_MUSIC_NEEDS_APPROVAL = True
     library = actors.SYSTEM_ACTORS['library'].get_actor_instance()
-    follow = factories['federation.Follow'](target=library)
+    follow = factories['federation.Follow'](target=library, approved=True)
     view = APIView.as_view()
     permission = permissions.LibraryFollower()
     request = api_request.get('/')

From f55d2b6c9dfd753090d6ce8933e06b78a018137f Mon Sep 17 00:00:00 2001
From: Eliot Berriot <contact@eliotberriot.com>
Date: Tue, 17 Apr 2018 23:09:38 +0200
Subject: [PATCH 4/5] Updated tests

---
 api/tests/federation/test_serializers.py | 13 ++++++++++---
 api/tests/federation/test_views.py       |  2 +-
 changes/changelog.d/federation-1.bugfix  |  1 +
 3 files changed, 12 insertions(+), 4 deletions(-)
 create mode 100644 changes/changelog.d/federation-1.bugfix

diff --git a/api/tests/federation/test_serializers.py b/api/tests/federation/test_serializers.py
index 6d33a529d..85208fa49 100644
--- a/api/tests/federation/test_serializers.py
+++ b/api/tests/federation/test_serializers.py
@@ -431,8 +431,14 @@ def test_collection_page_serializer_validation():
 
 
 def test_collection_page_serializer_can_validate_child():
-    base = 'https://test.federation/test'
     data = {
+        'type': 'CollectionPage',
+        'id': 'https://test.page?page=2',
+        'actor': 'https://test.actor',
+        'first': 'https://test.page?page=1',
+        'last': 'https://test.page?page=3',
+        'partOf': 'https://test.page',
+        'totalItems': 1,
         'items': [{'in': 'valid'}],
     }
 
@@ -441,8 +447,9 @@ def test_collection_page_serializer_can_validate_child():
         context={'item_serializer': serializers.AudioSerializer}
     )
 
-    assert serializer.is_valid() is False
-    assert 'items' in serializer.errors
+    # child are validated but not included in data if not valid
+    assert serializer.is_valid(raise_exception=True) is True
+    assert len(serializer.validated_data['items']) == 0
 
 
 def test_collection_page_serializer(factories):
diff --git a/api/tests/federation/test_views.py b/api/tests/federation/test_views.py
index 8c5235b8b..ae94bcdc0 100644
--- a/api/tests/federation/test_views.py
+++ b/api/tests/federation/test_views.py
@@ -43,7 +43,7 @@ def test_instance_endpoints_405_if_federation_disabled(
 
 
 def test_wellknown_webfinger_validates_resource(
-    db, api_client, settings, mocker):
+        db, api_client, settings, mocker):
     clean = mocker.spy(webfinger, 'clean_resource')
     url = reverse('federation:well-known-webfinger')
     response = api_client.get(url, data={'resource': 'something'})
diff --git a/changes/changelog.d/federation-1.bugfix b/changes/changelog.d/federation-1.bugfix
new file mode 100644
index 000000000..371208e0e
--- /dev/null
+++ b/changes/changelog.d/federation-1.bugfix
@@ -0,0 +1 @@
+Fixed broken permission check on library scanning and too aggressive page validation

From eb275b7e08dfce8a1e45ac10b57d6518a1a43ff3 Mon Sep 17 00:00:00 2001
From: Eliot Berriot <contact@eliotberriot.com>
Date: Tue, 17 Apr 2018 23:20:32 +0200
Subject: [PATCH 5/5] Version bump and changelog

---
 CHANGELOG                               | 10 ++++++++++
 api/funkwhale_api/__init__.py           |  2 +-
 changes/changelog.d/federation-1.bugfix |  1 -
 changes/changelog.d/mbid.bugfix         |  1 -
 4 files changed, 11 insertions(+), 3 deletions(-)
 delete mode 100644 changes/changelog.d/federation-1.bugfix
 delete mode 100644 changes/changelog.d/mbid.bugfix

diff --git a/CHANGELOG b/CHANGELOG
index 7cd7714af..b230b1556 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,16 @@ Changelog
 
 .. towncrier
 
+0.9.1 (2018-04-17)
+------------------
+
+Bugfixes:
+
+- Allow null values for musicbrainz_id in Audio ActivityPub representation
+- Fixed broken permission check on library scanning and too aggressive page
+  validation
+
+
 0.9 (2018-04-17)
 ----------------
 
diff --git a/api/funkwhale_api/__init__.py b/api/funkwhale_api/__init__.py
index 70cf5b1f8..f3a544e46 100644
--- a/api/funkwhale_api/__init__.py
+++ b/api/funkwhale_api/__init__.py
@@ -1,3 +1,3 @@
 # -*- coding: utf-8 -*-
-__version__ = '0.9'
+__version__ = '0.9.1'
 __version_info__ = tuple([int(num) if num.isdigit() else num for num in __version__.replace('-', '.', 1).split('.')])
diff --git a/changes/changelog.d/federation-1.bugfix b/changes/changelog.d/federation-1.bugfix
deleted file mode 100644
index 371208e0e..000000000
--- a/changes/changelog.d/federation-1.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fixed broken permission check on library scanning and too aggressive page validation
diff --git a/changes/changelog.d/mbid.bugfix b/changes/changelog.d/mbid.bugfix
deleted file mode 100644
index 1dfe2777a..000000000
--- a/changes/changelog.d/mbid.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Allow null values for musicbrainz_id in Audio ActivityPub representation