Merge branch 'strip-object-actor' into 'develop'

Strip actor from objects before federating

Closes #3269

See merge request pleroma/pleroma!4105
This commit is contained in:
feld 2024-05-15 20:51:47 +00:00
commit e944b15298
6 changed files with 9 additions and 10 deletions

View file

@ -0,0 +1 @@
Strip actor property from objects before federating

View file

@ -9,6 +9,7 @@ defmodule Pleroma.Constants do
const(object_internal_fields, const(object_internal_fields,
do: [ do: [
"actor",
"reactions", "reactions",
"reaction_count", "reaction_count",
"likes", "likes",

View file

@ -1,10 +1,10 @@
{ {
"actor": "http://2hu.gensokyo/users/raymoo", "actor": "http://mastodon.example.org/users/admin",
"id": "http://2hu.gensokyo/objects/1", "id": "http://mastodon.example.org/objects/1",
"object": { "object": {
"attributedTo": "http://2hu.gensokyo/users/raymoo", "attributedTo": "http://mastodon.example.org/users/admin",
"content": "You expected a cute girl? Too bad. <script>alert('XSS')</script>", "content": "You expected a cute girl? Too bad. <script>alert('XSS')</script>",
"id": "http://2hu.gensokyo/objects/2", "id": "http://mastodon.example.org/objects/2",
"published": "2020-02-12T14:08:20Z", "published": "2020-02-12T14:08:20Z",
"to": [ "to": [
"http://2hu.gensokyo/users/marisa" "http://2hu.gensokyo/users/marisa"

View file

@ -221,7 +221,6 @@ defmodule Pleroma.User.BackupTest do
"orderedItems" => [ "orderedItems" => [
%{ %{
"object" => %{ "object" => %{
"actor" => "http://cofe.io/users/cofe",
"content" => "status1", "content" => "status1",
"type" => "Note" "type" => "Note"
}, },
@ -229,7 +228,6 @@ defmodule Pleroma.User.BackupTest do
}, },
%{ %{
"object" => %{ "object" => %{
"actor" => "http://cofe.io/users/cofe",
"content" => "status2" "content" => "status2"
} }
}, },

View file

@ -116,8 +116,6 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.ChatMessageTest do
data = data =
File.read!("test/fixtures/create-chat-message.json") File.read!("test/fixtures/create-chat-message.json")
|> Jason.decode!() |> Jason.decode!()
|> Map.put("actor", "http://mastodon.example.org/users/admin")
|> put_in(["object", "actor"], "http://mastodon.example.org/users/admin")
_recipient = insert(:user, ap_id: List.first(data["to"]), local: true) _recipient = insert(:user, ap_id: List.first(data["to"]), local: true)

View file

@ -169,7 +169,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
{:ok, modified} = Transmogrifier.prepare_outgoing(announce_activity.data) {:ok, modified} = Transmogrifier.prepare_outgoing(announce_activity.data)
assert modified["object"]["content"] == "hey" assert modified["object"]["content"] == "hey"
assert modified["object"]["actor"] == modified["object"]["attributedTo"] assert activity.actor == modified["object"]["attributedTo"]
end end
test "it turns mentions into tags" do test "it turns mentions into tags" do
@ -220,7 +220,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
{:ok, activity} = CommonAPI.post(user, %{status: "hey"}) {:ok, activity} = CommonAPI.post(user, %{status: "hey"})
{:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
assert modified["object"]["actor"] == modified["object"]["attributedTo"] assert activity.actor == modified["object"]["attributedTo"]
end end
test "it strips internal hashtag data" do test "it strips internal hashtag data" do
@ -266,6 +266,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
assert is_nil(modified["object"]["announcements"]) assert is_nil(modified["object"]["announcements"])
assert is_nil(modified["object"]["announcement_count"]) assert is_nil(modified["object"]["announcement_count"])
assert is_nil(modified["object"]["generator"]) assert is_nil(modified["object"]["generator"])
assert is_nil(modified["object"]["actor"])
end end
test "it strips internal fields of article" do test "it strips internal fields of article" do