mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2025-01-24 16:08:09 +00:00
Merge branch 'bugfix/relax-spam-protection' into 'develop'
activitypub: allow indirect messages from users being followed at a personal inbox See merge request pleroma/pleroma!1069
This commit is contained in:
commit
cde7711b12
3 changed files with 40 additions and 4 deletions
|
@ -153,9 +153,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
|
||||||
end
|
end
|
||||||
|
|
||||||
def inbox(%{assigns: %{valid_signature: true}} = conn, %{"nickname" => nickname} = params) do
|
def inbox(%{assigns: %{valid_signature: true}} = conn, %{"nickname" => nickname} = params) do
|
||||||
with %User{} = user <- User.get_cached_by_nickname(nickname),
|
with %User{} = recipient <- User.get_cached_by_nickname(nickname),
|
||||||
true <- Utils.recipient_in_message(user.ap_id, params),
|
%User{} = actor <- User.get_or_fetch_by_ap_id(params["actor"]),
|
||||||
params <- Utils.maybe_splice_recipient(user.ap_id, params) do
|
true <- Utils.recipient_in_message(recipient, actor, params),
|
||||||
|
params <- Utils.maybe_splice_recipient(recipient.ap_id, params) do
|
||||||
Federator.incoming_ap_doc(params)
|
Federator.incoming_ap_doc(params)
|
||||||
json(conn, "ok")
|
json(conn, "ok")
|
||||||
end
|
end
|
||||||
|
|
|
@ -52,7 +52,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do
|
||||||
defp recipient_in_collection(ap_id, coll) when is_list(coll), do: ap_id in coll
|
defp recipient_in_collection(ap_id, coll) when is_list(coll), do: ap_id in coll
|
||||||
defp recipient_in_collection(_, _), do: false
|
defp recipient_in_collection(_, _), do: false
|
||||||
|
|
||||||
def recipient_in_message(ap_id, params) do
|
def recipient_in_message(%User{ap_id: ap_id} = recipient, %User{} = actor, params) do
|
||||||
cond do
|
cond do
|
||||||
recipient_in_collection(ap_id, params["to"]) ->
|
recipient_in_collection(ap_id, params["to"]) ->
|
||||||
true
|
true
|
||||||
|
@ -71,6 +71,11 @@ defmodule Pleroma.Web.ActivityPub.Utils do
|
||||||
!params["to"] && !params["cc"] && !params["bto"] && !params["bcc"] ->
|
!params["to"] && !params["cc"] && !params["bto"] && !params["bcc"] ->
|
||||||
true
|
true
|
||||||
|
|
||||||
|
# if the message is sent from somebody the user is following, then assume it
|
||||||
|
# is addressed to the recipient
|
||||||
|
User.following?(recipient, actor) ->
|
||||||
|
true
|
||||||
|
|
||||||
true ->
|
true ->
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
|
|
|
@ -253,6 +253,36 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
|
||||||
assert Activity.get_by_ap_id(data["id"])
|
assert Activity.get_by_ap_id(data["id"])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it accepts messages from actors that are followed by the user", %{conn: conn} do
|
||||||
|
recipient = insert(:user)
|
||||||
|
actor = insert(:user, %{ap_id: "http://mastodon.example.org/users/actor"})
|
||||||
|
|
||||||
|
{:ok, recipient} = User.follow(recipient, actor)
|
||||||
|
|
||||||
|
data =
|
||||||
|
File.read!("test/fixtures/mastodon-post-activity.json")
|
||||||
|
|> Poison.decode!()
|
||||||
|
|
||||||
|
object =
|
||||||
|
data["object"]
|
||||||
|
|> Map.put("attributedTo", actor.ap_id)
|
||||||
|
|
||||||
|
data =
|
||||||
|
data
|
||||||
|
|> Map.put("actor", actor.ap_id)
|
||||||
|
|> Map.put("object", object)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> assign(:valid_signature, true)
|
||||||
|
|> put_req_header("content-type", "application/activity+json")
|
||||||
|
|> post("/users/#{recipient.nickname}/inbox", data)
|
||||||
|
|
||||||
|
assert "ok" == json_response(conn, 200)
|
||||||
|
:timer.sleep(500)
|
||||||
|
assert Activity.get_by_ap_id(data["id"])
|
||||||
|
end
|
||||||
|
|
||||||
test "it rejects reads from other users", %{conn: conn} do
|
test "it rejects reads from other users", %{conn: conn} do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
otheruser = insert(:user)
|
otheruser = insert(:user)
|
||||||
|
|
Loading…
Reference in a new issue