From a69e9ae2ef943f57faf803441c25aee09a86f9ca Mon Sep 17 00:00:00 2001 From: tusooa Date: Sat, 19 Nov 2022 23:51:43 -0500 Subject: [PATCH 1/5] Flag an Object, not an Activity --- lib/pleroma/web/activity_pub/utils.ex | 15 ++++++++------- .../controllers/report_controller_test.exs | 2 +- test/pleroma/web/common_api_test.exs | 10 ++++++---- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index 57a2f53c4..dacacb83b 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -695,8 +695,9 @@ defmodule Pleroma.Web.ActivityPub.Utils do Enum.map(statuses || [], &build_flag_object/1) end - defp build_flag_object(%Activity{data: %{"id" => id}, object: %{data: data}}) do - activity_actor = User.get_by_ap_id(data["actor"]) + defp build_flag_object(%Object{data: data}) do + actor = User.get_by_ap_id(data["actor"]) + id = data["id"] %{ "type" => "Note", @@ -706,7 +707,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do "actor" => AccountView.render( "show.json", - %{user: activity_actor, skip_visibility_check: true} + %{user: actor, skip_visibility_check: true} ) } end @@ -720,12 +721,12 @@ defmodule Pleroma.Web.ActivityPub.Utils do end case Activity.get_by_ap_id_with_object(id) do - %Activity{} = activity -> - build_flag_object(activity) + %Activity{object: object} = _ -> + build_flag_object(object) nil -> - if activity = Activity.get_by_object_ap_id_with_object(id) do - build_flag_object(activity) + if %Object{} = object = Object.get_by_ap_id(id) do + build_flag_object(object) else %{"id" => id, "deleted" => true} end diff --git a/test/pleroma/web/admin_api/controllers/report_controller_test.exs b/test/pleroma/web/admin_api/controllers/report_controller_test.exs index 164cbb95b..6fd3fbe5a 100644 --- a/test/pleroma/web/admin_api/controllers/report_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/report_controller_test.exs @@ -76,7 +76,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do assert response["id"] == report_id assert [status] = response["statuses"] - assert activity.data["id"] == status["uri"] + assert activity.object.data["id"] == status["uri"] assert activity.object.data["content"] == status["content"] end diff --git a/test/pleroma/web/common_api_test.exs b/test/pleroma/web/common_api_test.exs index 4dc0d9cbe..9d52bd93e 100644 --- a/test/pleroma/web/common_api_test.exs +++ b/test/pleroma/web/common_api_test.exs @@ -1100,10 +1100,11 @@ defmodule Pleroma.Web.CommonAPITest do target_user = insert(:user) {:ok, activity} = CommonAPI.post(target_user, %{status: "foobar"}) + activity = Activity.normalize(activity) reporter_ap_id = reporter.ap_id target_ap_id = target_user.ap_id - activity_ap_id = activity.data["id"] + reported_object_ap_id = activity.object.data["id"] comment = "foobar" report_data = %{ @@ -1114,7 +1115,7 @@ defmodule Pleroma.Web.CommonAPITest do note_obj = %{ "type" => "Note", - "id" => activity_ap_id, + "id" => reported_object_ap_id, "content" => "foobar", "published" => activity.object.data["published"], "actor" => AccountView.render("show.json", %{user: target_user}) @@ -1136,6 +1137,7 @@ defmodule Pleroma.Web.CommonAPITest do test "updates report state" do [reporter, target_user] = insert_pair(:user) activity = insert(:note_activity, user: target_user) + object = Object.normalize(activity) {:ok, %Activity{id: report_id}} = CommonAPI.report(reporter, %{ @@ -1148,10 +1150,10 @@ defmodule Pleroma.Web.CommonAPITest do assert report.data["state"] == "resolved" - [reported_user, activity_id] = report.data["object"] + [reported_user, object_id] = report.data["object"] assert reported_user == target_user.ap_id - assert activity_id == activity.data["id"] + assert object_id == object.data["id"] end test "updates report state, don't strip when report_strip_status is false" do From 0e0c316c76527fb5ac3a28f03628e62799e8694b Mon Sep 17 00:00:00 2001 From: tusooa Date: Sun, 20 Nov 2022 00:35:52 -0500 Subject: [PATCH 2/5] Fix report api --- lib/pleroma/web/activity_pub/utils.ex | 5 +++ lib/pleroma/web/admin_api/report.ex | 6 ++- .../controllers/report_controller_test.exs | 37 +++++++++++++++++++ 3 files changed, 46 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index dacacb83b..22057e703 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -695,6 +695,11 @@ defmodule Pleroma.Web.ActivityPub.Utils do Enum.map(statuses || [], &build_flag_object/1) end + defp build_flag_object(%Activity{} = activity) do + object = Object.normalize(activity, fetch: false) + build_flag_object(object) + end + defp build_flag_object(%Object{data: data}) do actor = User.get_by_ap_id(data["actor"]) id = data["id"] diff --git a/lib/pleroma/web/admin_api/report.ex b/lib/pleroma/web/admin_api/report.ex index 6856bfcb3..c79bee27e 100644 --- a/lib/pleroma/web/admin_api/report.ex +++ b/lib/pleroma/web/admin_api/report.ex @@ -18,10 +18,12 @@ defmodule Pleroma.Web.AdminAPI.Report do |> Enum.reject(&is_nil(&1)) |> Enum.map(fn act when is_map(act) -> - Activity.get_by_ap_id_with_object(act["id"]) || make_fake_activity(act, user) + Activity.get_create_by_object_ap_id_with_object(act["id"]) || + Activity.get_by_ap_id_with_object(act["id"]) || make_fake_activity(act, user) act when is_binary(act) -> - Activity.get_by_ap_id_with_object(act) + Activity.get_create_by_object_ap_id_with_object(act) || + Activity.get_by_ap_id_with_object(act) end) %{report: report, user: user, account: account, statuses: statuses} diff --git a/test/pleroma/web/mastodon_api/controllers/report_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/report_controller_test.exs index 6d1a63334..c7aa76122 100644 --- a/test/pleroma/web/mastodon_api/controllers/report_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/report_controller_test.exs @@ -5,6 +5,8 @@ defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do use Pleroma.Web.ConnCase, async: true + alias Pleroma.Activity + alias Pleroma.Repo alias Pleroma.Web.CommonAPI import Pleroma.Factory @@ -27,6 +29,41 @@ defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do |> json_response_and_validate_schema(200) end + test "submit a report with a fake Create", %{ + conn: conn + } do + target_user = insert(:user) + + note = insert(:note, user: target_user) + + activity_params = %{ + "object" => note.data["id"], + "actor" => note.data["actor"], + "to" => note.data["to"] || [], + "cc" => note.data["cc"] || [], + "type" => "Create" + } + + {:ok, fake_activity} = + Repo.insert(%Activity{ + data: activity_params, + recipients: activity_params["to"] ++ activity_params["cc"], + local: true, + actor: activity_params["actor"] + }) + + assert %{"action_taken" => false, "id" => _} = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/reports", %{ + "account_id" => target_user.id, + "status_ids" => [fake_activity.id], + "comment" => "bad status!", + "forward" => "false" + }) + |> json_response_and_validate_schema(200) + end + test "submit a report with statuses and comment", %{ conn: conn, target_user: target_user, From 9d99e76a3ae7c1af8b6b03bf88534f3959b62544 Mon Sep 17 00:00:00 2001 From: tusooa Date: Sun, 20 Nov 2022 00:57:04 -0500 Subject: [PATCH 3/5] Fix unit tests --- lib/pleroma/web/activity_pub/utils.ex | 44 ++++++++++++------- .../web/activity_pub/activity_pub_test.exs | 10 +++-- .../web/activity_pub/transmogrifier_test.exs | 2 +- 3 files changed, 35 insertions(+), 21 deletions(-) diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index 22057e703..b898d6fe8 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -697,24 +697,22 @@ defmodule Pleroma.Web.ActivityPub.Utils do defp build_flag_object(%Activity{} = activity) do object = Object.normalize(activity, fetch: false) - build_flag_object(object) + + # Do not allow people to report Creates. Instead, report the Object that is Created. + if activity.data["type"] != "Create" do + build_flag_object_with_actor_and_id( + object, + User.get_by_ap_id(activity.data["actor"]), + activity.data["id"] + ) + else + build_flag_object(object) + end end - defp build_flag_object(%Object{data: data}) do - actor = User.get_by_ap_id(data["actor"]) - id = data["id"] - - %{ - "type" => "Note", - "id" => id, - "content" => data["content"], - "published" => data["published"], - "actor" => - AccountView.render( - "show.json", - %{user: actor, skip_visibility_check: true} - ) - } + defp build_flag_object(%Object{} = object) do + actor = User.get_by_ap_id(object.data["actor"]) + build_flag_object_with_actor_and_id(object, actor, object.data["id"]) end defp build_flag_object(act) when is_map(act) or is_binary(act) do @@ -740,6 +738,20 @@ defmodule Pleroma.Web.ActivityPub.Utils do defp build_flag_object(_), do: [] + defp build_flag_object_with_actor_and_id(%Object{data: data}, actor, id) do + %{ + "type" => "Note", + "id" => id, + "content" => data["content"], + "published" => data["published"], + "actor" => + AccountView.render( + "show.json", + %{user: actor, skip_visibility_check: true} + ) + } + end + #### Report-related helpers def get_reports(params, page, page_size) do params = diff --git a/test/pleroma/web/activity_pub/activity_pub_test.exs b/test/pleroma/web/activity_pub/activity_pub_test.exs index 13f3d93b8..fc6fc039d 100644 --- a/test/pleroma/web/activity_pub/activity_pub_test.exs +++ b/test/pleroma/web/activity_pub/activity_pub_test.exs @@ -1504,6 +1504,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do reporter_ap_id = reporter.ap_id target_ap_id = target_account.ap_id activity_ap_id = activity.data["id"] + object_ap_id = activity.object.data["id"] activity_with_object = Activity.get_by_ap_id_with_object(activity_ap_id) @@ -1515,6 +1516,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do reported_activity: activity, content: content, activity_ap_id: activity_ap_id, + object_ap_id: object_ap_id, activity_with_object: activity_with_object, reporter_ap_id: reporter_ap_id, target_ap_id: target_ap_id @@ -1528,7 +1530,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do target_account: target_account, reported_activity: reported_activity, content: content, - activity_ap_id: activity_ap_id, + object_ap_id: object_ap_id, activity_with_object: activity_with_object, reporter_ap_id: reporter_ap_id, target_ap_id: target_ap_id @@ -1544,7 +1546,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do note_obj = %{ "type" => "Note", - "id" => activity_ap_id, + "id" => object_ap_id, "content" => content, "published" => activity_with_object.object.data["published"], "actor" => @@ -1568,6 +1570,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do context: context, target_account: target_account, reported_activity: reported_activity, + object_ap_id: object_ap_id, content: content }, Utils, @@ -1582,8 +1585,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do content: content }) - new_data = - put_in(activity.data, ["object"], [target_account.ap_id, reported_activity.data["id"]]) + new_data = put_in(activity.data, ["object"], [target_account.ap_id, object_ap_id]) assert_called(Utils.maybe_federate(%{activity | data: new_data})) end diff --git a/test/pleroma/web/activity_pub/transmogrifier_test.exs b/test/pleroma/web/activity_pub/transmogrifier_test.exs index 273f2611d..6b4636d22 100644 --- a/test/pleroma/web/activity_pub/transmogrifier_test.exs +++ b/test/pleroma/web/activity_pub/transmogrifier_test.exs @@ -61,7 +61,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do note_obj = %{ "type" => "Note", - "id" => activity.data["id"], + "id" => activity.object.data["id"], "content" => "test post", "published" => object.data["published"], "actor" => AccountView.render("show.json", %{user: user, skip_visibility_check: true}) From afe4bb2307147a160a2024f75679c97fea0cd7d1 Mon Sep 17 00:00:00 2001 From: tusooa Date: Sun, 20 Nov 2022 01:06:21 -0500 Subject: [PATCH 4/5] Fix UtilsTest --- test/pleroma/web/activity_pub/utils_test.exs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/pleroma/web/activity_pub/utils_test.exs b/test/pleroma/web/activity_pub/utils_test.exs index e42893849..365f03010 100644 --- a/test/pleroma/web/activity_pub/utils_test.exs +++ b/test/pleroma/web/activity_pub/utils_test.exs @@ -473,7 +473,7 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do content = "foobar" target_ap_id = target_account.ap_id - activity_ap_id = activity.data["id"] + object_ap_id = activity.object.data["id"] res = Utils.make_flag_data( @@ -489,7 +489,7 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do note_obj = %{ "type" => "Note", - "id" => activity_ap_id, + "id" => object_ap_id, "content" => content, "published" => activity.object.data["published"], "actor" => From da0c6843447215fadf831c673b40f7c6035c1a15 Mon Sep 17 00:00:00 2001 From: tusooa Date: Thu, 8 Dec 2022 20:51:08 -0500 Subject: [PATCH 5/5] Add tests for flagging non-Create activities --- test/pleroma/web/activity_pub/utils_test.exs | 43 ++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/test/pleroma/web/activity_pub/utils_test.exs b/test/pleroma/web/activity_pub/utils_test.exs index 365f03010..e7d1e01c4 100644 --- a/test/pleroma/web/activity_pub/utils_test.exs +++ b/test/pleroma/web/activity_pub/utils_test.exs @@ -504,6 +504,49 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do "state" => "open" } = res end + + test "returns map with Flag object with a non-Create Activity" do + reporter = insert(:user) + posting_account = insert(:user) + target_account = insert(:user) + + {:ok, activity} = CommonAPI.post(posting_account, %{status: "foobar"}) + {:ok, like} = CommonAPI.favorite(target_account, activity.id) + context = Utils.generate_context_id() + content = "foobar" + + target_ap_id = target_account.ap_id + object_ap_id = activity.object.data["id"] + + res = + Utils.make_flag_data( + %{ + actor: reporter, + context: context, + account: target_account, + statuses: [%{"id" => like.data["id"]}], + content: content + }, + %{} + ) + + note_obj = %{ + "type" => "Note", + "id" => object_ap_id, + "content" => content, + "published" => activity.object.data["published"], + "actor" => + AccountView.render("show.json", %{user: posting_account, skip_visibility_check: true}) + } + + assert %{ + "type" => "Flag", + "content" => ^content, + "context" => ^context, + "object" => [^target_ap_id, ^note_obj], + "state" => "open" + } = res + end end describe "add_announce_to_object/2" do