mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2025-01-05 14:58:40 +00:00
Don't treat remote accepts/rejects as local.
Also, use specialized functions to get safe data.
This commit is contained in:
parent
dd9bb37893
commit
3839a11ef5
3 changed files with 42 additions and 6 deletions
|
@ -95,6 +95,17 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def reject(%{to: to, actor: actor, object: object} = params) do
|
||||||
|
# only accept false as false value
|
||||||
|
local = !(params[:local] == false)
|
||||||
|
|
||||||
|
with data <- %{"to" => to, "type" => "Reject", "actor" => actor, "object" => object},
|
||||||
|
{:ok, activity} <- insert(data, local),
|
||||||
|
:ok <- maybe_federate(activity) do
|
||||||
|
{:ok, activity}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def update(%{to: to, cc: cc, actor: actor, object: object} = params) do
|
def update(%{to: to, cc: cc, actor: actor, object: object} = params) do
|
||||||
# only accept false as false value
|
# only accept false as false value
|
||||||
local = !(params[:local] == false)
|
local = !(params[:local] == false)
|
||||||
|
|
|
@ -173,7 +173,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
|
||||||
%User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity["actor"]),
|
%User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity["actor"]),
|
||||||
follow_activity <- Utils.fetch_latest_follow(follower, followed),
|
follow_activity <- Utils.fetch_latest_follow(follower, followed),
|
||||||
false <- is_nil(follow_activity),
|
false <- is_nil(follow_activity),
|
||||||
{:ok, activity} <- ActivityPub.insert(data, true) do
|
{:ok, activity} <- ActivityPub.accept(%{to: follow_activity.data["to"], type: "Accept", actor: followed.ap_id, object: follow_activity.data["id"], local: false}) do
|
||||||
if not User.following?(follower, followed) do
|
if not User.following?(follower, followed) do
|
||||||
{:ok, follower} = User.follow(follower, followed)
|
{:ok, follower} = User.follow(follower, followed)
|
||||||
end
|
end
|
||||||
|
@ -192,7 +192,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
|
||||||
%User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity["actor"]),
|
%User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity["actor"]),
|
||||||
follow_activity <- Utils.fetch_latest_follow(follower, followed),
|
follow_activity <- Utils.fetch_latest_follow(follower, followed),
|
||||||
false <- is_nil(follow_activity),
|
false <- is_nil(follow_activity),
|
||||||
{:ok, activity} <- ActivityPub.insert(data, true) do
|
{:ok, activity} <- ActivityPub.accept(%{to: follow_activity.data["to"], type: "Accept", actor: followed.ap_id, object: follow_activity.data["id"], local: false}) do
|
||||||
User.unfollow(follower, followed)
|
User.unfollow(follower, followed)
|
||||||
|
|
||||||
{:ok, activity}
|
{:ok, activity}
|
||||||
|
|
|
@ -404,7 +404,10 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
|
||||||
accept_data =
|
accept_data =
|
||||||
Map.put(accept_data, "object", Map.put(accept_data["object"], "actor", follower.ap_id))
|
Map.put(accept_data, "object", Map.put(accept_data["object"], "actor", follower.ap_id))
|
||||||
|
|
||||||
{:ok, %Activity{data: _}} = Transmogrifier.handle_incoming(accept_data)
|
{:ok, activity} = Transmogrifier.handle_incoming(accept_data)
|
||||||
|
refute activity.local
|
||||||
|
|
||||||
|
assert activity.data["object"] == follow_activity.data["id"]
|
||||||
|
|
||||||
follower = Repo.get(User, follower.id)
|
follower = Repo.get(User, follower.id)
|
||||||
|
|
||||||
|
@ -425,7 +428,8 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
|
||||||
accept_data =
|
accept_data =
|
||||||
Map.put(accept_data, "object", Map.put(accept_data["object"], "actor", follower.ap_id))
|
Map.put(accept_data, "object", Map.put(accept_data["object"], "actor", follower.ap_id))
|
||||||
|
|
||||||
{:ok, %Activity{data: _}} = Transmogrifier.handle_incoming(accept_data)
|
{:ok, activity} = Transmogrifier.handle_incoming(accept_data)
|
||||||
|
assert activity.data["object"] == follow_activity.data["id"]
|
||||||
|
|
||||||
follower = Repo.get(User, follower.id)
|
follower = Repo.get(User, follower.id)
|
||||||
|
|
||||||
|
@ -444,7 +448,8 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
|
||||||
|> Map.put("actor", followed.ap_id)
|
|> Map.put("actor", followed.ap_id)
|
||||||
|> Map.put("object", follow_activity.data["id"])
|
|> Map.put("object", follow_activity.data["id"])
|
||||||
|
|
||||||
{:ok, %Activity{data: _}} = Transmogrifier.handle_incoming(accept_data)
|
{:ok, activity} = Transmogrifier.handle_incoming(accept_data)
|
||||||
|
assert activity.data["object"] == follow_activity.data["id"]
|
||||||
|
|
||||||
follower = Repo.get(User, follower.id)
|
follower = Repo.get(User, follower.id)
|
||||||
|
|
||||||
|
@ -470,6 +475,25 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
|
||||||
refute User.following?(follower, followed) == true
|
refute User.following?(follower, followed) == true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it fails for incoming rejects which cannot be correlated" do
|
||||||
|
follower = insert(:user)
|
||||||
|
followed = insert(:user, %{info: %{"locked" => true}})
|
||||||
|
|
||||||
|
accept_data =
|
||||||
|
File.read!("test/fixtures/mastodon-reject-activity.json")
|
||||||
|
|> Poison.decode!()
|
||||||
|
|> Map.put("actor", followed.ap_id)
|
||||||
|
|
||||||
|
accept_data =
|
||||||
|
Map.put(accept_data, "object", Map.put(accept_data["object"], "actor", follower.ap_id))
|
||||||
|
|
||||||
|
:error = Transmogrifier.handle_incoming(accept_data)
|
||||||
|
|
||||||
|
follower = Repo.get(User, follower.id)
|
||||||
|
|
||||||
|
refute User.following?(follower, followed) == true
|
||||||
|
end
|
||||||
|
|
||||||
test "it works for incoming rejects which are orphaned" do
|
test "it works for incoming rejects which are orphaned" do
|
||||||
follower = insert(:user)
|
follower = insert(:user)
|
||||||
followed = insert(:user, %{info: %{"locked" => true}})
|
followed = insert(:user, %{info: %{"locked" => true}})
|
||||||
|
@ -487,7 +511,8 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
|
||||||
reject_data =
|
reject_data =
|
||||||
Map.put(reject_data, "object", Map.put(reject_data["object"], "actor", follower.ap_id))
|
Map.put(reject_data, "object", Map.put(reject_data["object"], "actor", follower.ap_id))
|
||||||
|
|
||||||
{:ok, %Activity{data: _}} = Transmogrifier.handle_incoming(reject_data)
|
{:ok, activity} = Transmogrifier.handle_incoming(reject_data)
|
||||||
|
refute activity.local
|
||||||
|
|
||||||
follower = Repo.get(User, follower.id)
|
follower = Repo.get(User, follower.id)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue