mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2024-12-22 16:16:34 +00:00
Merge branch 'bugfix/1360-actorless-posts' into 'develop'
Containment: Add a catch-all clause to contain_origin. Closes #1360 See merge request pleroma/pleroma!1975
This commit is contained in:
commit
1025c526c0
2 changed files with 12 additions and 0 deletions
|
@ -64,6 +64,8 @@ defmodule Pleroma.Object.Containment do
|
|||
def contain_origin(id, %{"attributedTo" => actor} = params),
|
||||
do: contain_origin(id, Map.put(params, "actor", actor))
|
||||
|
||||
def contain_origin(_id, _data), do: :error
|
||||
|
||||
def contain_origin_from_id(id, %{"id" => other_id} = _params) when is_binary(other_id) do
|
||||
id_uri = URI.parse(id)
|
||||
other_uri = URI.parse(other_id)
|
||||
|
|
|
@ -17,6 +17,16 @@ defmodule Pleroma.Object.ContainmentTest do
|
|||
end
|
||||
|
||||
describe "general origin containment" do
|
||||
test "works for completely actorless posts" do
|
||||
assert :error ==
|
||||
Containment.contain_origin("https://glaceon.social/users/monorail", %{
|
||||
"deleted" => "2019-10-30T05:48:50.249606Z",
|
||||
"formerType" => "Note",
|
||||
"id" => "https://glaceon.social/users/monorail/statuses/103049757364029187",
|
||||
"type" => "Tombstone"
|
||||
})
|
||||
end
|
||||
|
||||
test "contain_origin_from_id() catches obvious spoofing attempts" do
|
||||
data = %{
|
||||
"id" => "http://example.com/~alyssa/activities/1234.json"
|
||||
|
|
Loading…
Reference in a new issue