Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into features/poll-validation

This commit is contained in:
lain 2020-08-05 11:12:14 +02:00
commit 19c108170e
17 changed files with 118 additions and 33 deletions

View file

@ -120,6 +120,8 @@ config :pleroma, Pleroma.Uploaders.S3,
config :tzdata, :autoupdate, :disabled config :tzdata, :autoupdate, :disabled
config :pleroma, :mrf, policies: []
if File.exists?("./config/test.secret.exs") do if File.exists?("./config/test.secret.exs") do
import_config "test.secret.exs" import_config "test.secret.exs"
else else

View file

@ -21,8 +21,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.ActivityExpirationPolicy do
@impl true @impl true
def describe, do: {:ok, %{}} def describe, do: {:ok, %{}}
defp local?(%{"id" => id}) do defp local?(%{"actor" => actor}) do
String.starts_with?(id, Pleroma.Web.Endpoint.url()) String.starts_with?(actor, Pleroma.Web.Endpoint.url())
end end
defp note?(activity) do defp note?(activity) do

View file

@ -34,10 +34,15 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations do
cng cng
|> validate_change(field_name, fn field_name, actor -> |> validate_change(field_name, fn field_name, actor ->
if User.get_cached_by_ap_id(actor) do case User.get_cached_by_ap_id(actor) do
[] %User{deactivated: true} ->
else [{field_name, "user is deactivated"}]
[{field_name, "can't find user"}]
%User{} ->
[]
_ ->
[{field_name, "can't find user"}]
end end
end) end)
end end

View file

@ -9,6 +9,11 @@ defmodule Pleroma.Web.RichMedia.Helpers do
alias Pleroma.Object alias Pleroma.Object
alias Pleroma.Web.RichMedia.Parser alias Pleroma.Web.RichMedia.Parser
@rich_media_options [
pool: :media,
max_body: 2_000_000
]
@spec validate_page_url(URI.t() | binary()) :: :ok | :error @spec validate_page_url(URI.t() | binary()) :: :ok | :error
defp validate_page_url(page_url) when is_binary(page_url) do defp validate_page_url(page_url) when is_binary(page_url) do
validate_tld = Pleroma.Config.get([Pleroma.Formatter, :validate_tld]) validate_tld = Pleroma.Config.get([Pleroma.Formatter, :validate_tld])
@ -77,4 +82,20 @@ defmodule Pleroma.Web.RichMedia.Helpers do
fetch_data_for_activity(activity) fetch_data_for_activity(activity)
:ok :ok
end end
def rich_media_get(url) do
headers = [{"user-agent", Pleroma.Application.user_agent() <> "; Bot"}]
options =
if Application.get_env(:tesla, :adapter) == Tesla.Adapter.Hackney do
Keyword.merge(@rich_media_options,
recv_timeout: 2_000,
with_body: true
)
else
@rich_media_options
end
Pleroma.HTTP.get(url, headers, options)
end
end end

View file

@ -3,11 +3,6 @@
# SPDX-License-Identifier: AGPL-3.0-only # SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.RichMedia.Parser do defmodule Pleroma.Web.RichMedia.Parser do
@options [
pool: :media,
max_body: 2_000_000
]
defp parsers do defp parsers do
Pleroma.Config.get([:rich_media, :parsers]) Pleroma.Config.get([:rich_media, :parsers])
end end
@ -75,21 +70,8 @@ defmodule Pleroma.Web.RichMedia.Parser do
end end
defp parse_url(url) do defp parse_url(url) do
opts =
if Application.get_env(:tesla, :adapter) == Tesla.Adapter.Hackney do
Keyword.merge(@options,
recv_timeout: 2_000,
with_body: true
)
else
@options
end
try do try do
rich_media_agent = Pleroma.Application.user_agent() <> "; Bot" {:ok, %Tesla.Env{body: html}} = Pleroma.Web.RichMedia.Helpers.rich_media_get(url)
{:ok, %Tesla.Env{body: html}} =
Pleroma.HTTP.get(url, [{"user-agent", rich_media_agent}], adapter: opts)
html html
|> parse_html() |> parse_html()

View file

@ -22,7 +22,7 @@ defmodule Pleroma.Web.RichMedia.Parsers.OEmbed do
end end
defp get_oembed_data(url) do defp get_oembed_data(url) do
with {:ok, %Tesla.Env{body: json}} <- Pleroma.HTTP.get(url, [], adapter: [pool: :media]) do with {:ok, %Tesla.Env{body: json}} <- Pleroma.Web.RichMedia.Helpers.rich_media_get(url) do
Jason.decode(json) Jason.decode(json)
end end
end end

View file

@ -37,7 +37,7 @@
} }
a { a {
color: color: #d8a070; color: #d8a070;
text-decoration: none; text-decoration: none;
} }

View file

@ -214,7 +214,8 @@ defmodule Pleroma.Mixfile do
"ecto.setup": ["ecto.create", "ecto.migrate", "run priv/repo/seeds.exs"], "ecto.setup": ["ecto.create", "ecto.migrate", "run priv/repo/seeds.exs"],
"ecto.reset": ["ecto.drop", "ecto.setup"], "ecto.reset": ["ecto.drop", "ecto.setup"],
test: ["ecto.create --quiet", "ecto.migrate", "test"], test: ["ecto.create --quiet", "ecto.migrate", "test"],
docs: ["pleroma.docs", "docs"] docs: ["pleroma.docs", "docs"],
analyze: ["credo --strict --only=warnings,todo,fixme,consistency,readability"]
] ]
end end

View file

@ -0,0 +1,19 @@
defmodule Pleroma.Repo.Migrations.RemoveNonlocalExpirations do
use Ecto.Migration
def up do
statement = """
DELETE FROM
activity_expirations A USING activities B
WHERE
A.activity_id = B.id
AND B.local = false;
"""
execute(statement)
end
def down do
:ok
end
end

View file

@ -0,0 +1,7 @@
defmodule Pleroma.Repo.Migrations.AddUniqueIndexToAppClientId do
use Ecto.Migration
def change do
create(unique_index(:apps, [:client_id]))
end
end

View file

@ -50,13 +50,13 @@ defmodule Mix.Tasks.Pleroma.AppTest do
defp assert_app(name, redirect, scopes) do defp assert_app(name, redirect, scopes) do
app = Repo.get_by(Pleroma.Web.OAuth.App, client_name: name) app = Repo.get_by(Pleroma.Web.OAuth.App, client_name: name)
assert_received {:mix_shell, :info, [message]} assert_receive {:mix_shell, :info, [message]}
assert message == "#{name} successfully created:" assert message == "#{name} successfully created:"
assert_received {:mix_shell, :info, [message]} assert_receive {:mix_shell, :info, [message]}
assert message == "App client_id: #{app.client_id}" assert message == "App client_id: #{app.client_id}"
assert_received {:mix_shell, :info, [message]} assert_receive {:mix_shell, :info, [message]}
assert message == "App client_secret: #{app.client_secret}" assert message == "App client_secret: #{app.client_secret}"
assert app.scopes == scopes assert app.scopes == scopes

View file

@ -7,11 +7,13 @@ defmodule Pleroma.Web.ActivityPub.MRF.ActivityExpirationPolicyTest do
alias Pleroma.Web.ActivityPub.MRF.ActivityExpirationPolicy alias Pleroma.Web.ActivityPub.MRF.ActivityExpirationPolicy
@id Pleroma.Web.Endpoint.url() <> "/activities/cofe" @id Pleroma.Web.Endpoint.url() <> "/activities/cofe"
@local_actor Pleroma.Web.Endpoint.url() <> "/users/cofe"
test "adds `expires_at` property" do test "adds `expires_at` property" do
assert {:ok, %{"type" => "Create", "expires_at" => expires_at}} = assert {:ok, %{"type" => "Create", "expires_at" => expires_at}} =
ActivityExpirationPolicy.filter(%{ ActivityExpirationPolicy.filter(%{
"id" => @id, "id" => @id,
"actor" => @local_actor,
"type" => "Create", "type" => "Create",
"object" => %{"type" => "Note"} "object" => %{"type" => "Note"}
}) })
@ -25,6 +27,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.ActivityExpirationPolicyTest do
assert {:ok, %{"type" => "Create", "expires_at" => ^expires_at}} = assert {:ok, %{"type" => "Create", "expires_at" => ^expires_at}} =
ActivityExpirationPolicy.filter(%{ ActivityExpirationPolicy.filter(%{
"id" => @id, "id" => @id,
"actor" => @local_actor,
"type" => "Create", "type" => "Create",
"expires_at" => expires_at, "expires_at" => expires_at,
"object" => %{"type" => "Note"} "object" => %{"type" => "Note"}
@ -37,6 +40,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.ActivityExpirationPolicyTest do
assert {:ok, %{"type" => "Create", "expires_at" => expires_at}} = assert {:ok, %{"type" => "Create", "expires_at" => expires_at}} =
ActivityExpirationPolicy.filter(%{ ActivityExpirationPolicy.filter(%{
"id" => @id, "id" => @id,
"actor" => @local_actor,
"type" => "Create", "type" => "Create",
"expires_at" => too_distant_future, "expires_at" => too_distant_future,
"object" => %{"type" => "Note"} "object" => %{"type" => "Note"}
@ -49,6 +53,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.ActivityExpirationPolicyTest do
assert {:ok, activity} = assert {:ok, activity} =
ActivityExpirationPolicy.filter(%{ ActivityExpirationPolicy.filter(%{
"id" => "https://example.com/123", "id" => "https://example.com/123",
"actor" => "https://example.com/users/cofe",
"type" => "Create", "type" => "Create",
"object" => %{"type" => "Note"} "object" => %{"type" => "Note"}
}) })
@ -60,6 +65,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.ActivityExpirationPolicyTest do
assert {:ok, activity} = assert {:ok, activity} =
ActivityExpirationPolicy.filter(%{ ActivityExpirationPolicy.filter(%{
"id" => "https://example.com/123", "id" => "https://example.com/123",
"actor" => "https://example.com/users/cofe",
"type" => "Follow" "type" => "Follow"
}) })
@ -68,6 +74,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.ActivityExpirationPolicyTest do
assert {:ok, activity} = assert {:ok, activity} =
ActivityExpirationPolicy.filter(%{ ActivityExpirationPolicy.filter(%{
"id" => "https://example.com/123", "id" => "https://example.com/123",
"actor" => "https://example.com/users/cofe",
"type" => "Create", "type" => "Create",
"object" => %{"type" => "Cofe"} "object" => %{"type" => "Cofe"}
}) })

View file

@ -124,6 +124,24 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.ChatMessageTest do
{:ok, %Activity{} = _activity} = Transmogrifier.handle_incoming(data) {:ok, %Activity{} = _activity} = Transmogrifier.handle_incoming(data)
end end
test "it doesn't work for deactivated users" do
data =
File.read!("test/fixtures/create-chat-message.json")
|> Poison.decode!()
_author =
insert(:user,
ap_id: data["actor"],
local: false,
last_refreshed_at: DateTime.utc_now(),
deactivated: true
)
_recipient = insert(:user, ap_id: List.first(data["to"]), local: true)
assert {:error, _} = Transmogrifier.handle_incoming(data)
end
test "it inserts it and creates a chat" do test "it inserts it and creates a chat" do
data = data =
File.read!("test/fixtures/create-chat-message.json") File.read!("test/fixtures/create-chat-message.json")

View file

@ -163,6 +163,14 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
end) =~ "[warn] Couldn't fetch \"https://404.site/whatever\", error: nil" end) =~ "[warn] Couldn't fetch \"https://404.site/whatever\", error: nil"
end end
test "it does not work for deactivated users" do
data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
insert(:user, ap_id: data["actor"], deactivated: true)
assert {:error, _} = Transmogrifier.handle_incoming(data)
end
test "it works for incoming notices" do test "it works for incoming notices" do
data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!() data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()

View file

@ -458,6 +458,11 @@ defmodule Pleroma.Web.CommonAPITest do
end end
describe "posting" do describe "posting" do
test "deactivated users can't post" do
user = insert(:user, deactivated: true)
assert {:error, _} = CommonAPI.post(user, %{status: "ye"})
end
test "it supports explicit addressing" do test "it supports explicit addressing" do
user = insert(:user) user = insert(:user)
user_two = insert(:user) user_two = insert(:user)

View file

@ -17,8 +17,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPITest do
test "returns error when followed user is deactivated" do test "returns error when followed user is deactivated" do
follower = insert(:user) follower = insert(:user)
user = insert(:user, local: true, deactivated: true) user = insert(:user, local: true, deactivated: true)
{:error, error} = MastodonAPI.follow(follower, user) assert {:error, _error} = MastodonAPI.follow(follower, user)
assert error == :rejected
end end
test "following for user" do test "following for user" do

View file

@ -29,5 +29,16 @@ defmodule Pleroma.Web.OAuth.AppTest do
assert exist_app.id == app.id assert exist_app.id == app.id
assert exist_app.scopes == ["read", "write", "follow", "push"] assert exist_app.scopes == ["read", "write", "follow", "push"]
end end
test "has unique client_id" do
insert(:oauth_app, client_name: "", redirect_uris: "", client_id: "boop")
error =
catch_error(insert(:oauth_app, client_name: "", redirect_uris: "", client_id: "boop"))
assert %Ecto.ConstraintError{} = error
assert error.constraint == "apps_client_id_index"
assert error.type == :unique
end
end end
end end