Merge pull request #635 from mouse-reeve/outbox-useragent

Outbox sensitive to user agent strings
This commit is contained in:
Mouse Reeve 2021-02-23 13:07:27 -08:00 committed by GitHub
commit 4386607276
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 53 additions and 11 deletions

View file

@ -282,7 +282,7 @@ class OrderedCollectionPageMixin(ObjectMixin):
def to_ordered_collection(self, queryset, \ def to_ordered_collection(self, queryset, \
remote_id=None, page=False, collection_only=False, **kwargs): remote_id=None, page=False, collection_only=False, **kwargs):
''' an ordered collection of whatevers ''' 'pure=pure, '' an ordered collection of whatevers '''
if not queryset.ordered: if not queryset.ordered:
raise RuntimeError('queryset must be ordered') raise RuntimeError('queryset must be ordered')
@ -472,7 +472,7 @@ def sign_and_send(sender, data, destination):
# pylint: disable=unused-argument # pylint: disable=unused-argument
def to_ordered_collection_page( def to_ordered_collection_page(
queryset, remote_id, id_only=False, page=1, **kwargs): queryset, remote_id, id_only=False, page=1, pure=False, **kwargs):
''' serialize and pagiante a queryset ''' ''' serialize and pagiante a queryset '''
paginated = Paginator(queryset, PAGE_LENGTH) paginated = Paginator(queryset, PAGE_LENGTH)
@ -480,7 +480,7 @@ def to_ordered_collection_page(
if id_only: if id_only:
items = [s.remote_id for s in activity_page.object_list] items = [s.remote_id for s in activity_page.object_list]
else: else:
items = [s.to_activity() for s in activity_page.object_list] items = [s.to_activity(pure=pure) for s in activity_page.object_list]
prev_page = next_page = None prev_page = next_page = None
if activity_page.has_next(): if activity_page.has_next():

View file

@ -188,18 +188,18 @@ class ViewsHelpers(TestCase):
def test_is_bookwyrm_request(self): def test_is_bookwyrm_request(self):
''' checks if a request came from a bookwyrm instance ''' ''' checks if a request came from a bookwyrm instance '''
request = self.factory.get('', {'q': 'Test Book'}) request = self.factory.get('', {'q': 'Test Book'})
self.assertFalse(views.helpers.is_bookworm_request(request)) self.assertFalse(views.helpers.is_bookwyrm_request(request))
request = self.factory.get( request = self.factory.get(
'', {'q': 'Test Book'}, '', {'q': 'Test Book'},
HTTP_USER_AGENT=\ HTTP_USER_AGENT=\
"http.rb/4.4.1 (Mastodon/3.3.0; +https://mastodon.social/)" "http.rb/4.4.1 (Mastodon/3.3.0; +https://mastodon.social/)"
) )
self.assertFalse(views.helpers.is_bookworm_request(request)) self.assertFalse(views.helpers.is_bookwyrm_request(request))
request = self.factory.get( request = self.factory.get(
'', {'q': 'Test Book'}, HTTP_USER_AGENT=USER_AGENT) '', {'q': 'Test Book'}, HTTP_USER_AGENT=USER_AGENT)
self.assertTrue(views.helpers.is_bookworm_request(request)) self.assertTrue(views.helpers.is_bookwyrm_request(request))
def test_existing_user(self): def test_existing_user(self):

View file

@ -7,6 +7,7 @@ from django.test import TestCase
from django.test.client import RequestFactory from django.test.client import RequestFactory
from bookwyrm import models, views from bookwyrm import models, views
from bookwyrm.settings import USER_AGENT
# pylint: disable=too-many-public-methods # pylint: disable=too-many-public-methods
@ -90,3 +91,39 @@ class OutboxView(TestCase):
data = json.loads(result.content) data = json.loads(result.content)
self.assertEqual(data['type'], 'OrderedCollection') self.assertEqual(data['type'], 'OrderedCollection')
self.assertEqual(data['totalItems'], 1) self.assertEqual(data['totalItems'], 1)
def test_outbox_bookwyrm_request_true(self):
''' should differentiate between bookwyrm and outside requests '''
with patch('bookwyrm.models.activitypub_mixin.broadcast_task.delay'):
models.Review.objects.create(
name='hi',
content='look at this',
user=self.local_user,
book=self.book,
privacy='public',
)
request = self.factory.get('', {'page': 1}, HTTP_USER_AGENT=USER_AGENT)
result = views.Outbox.as_view()(request, 'mouse')
data = json.loads(result.content)
self.assertEqual(len(data['orderedItems']), 1)
self.assertEqual(data['orderedItems'][0]['type'], 'Review')
def test_outbox_bookwyrm_request_false(self):
''' should differentiate between bookwyrm and outside requests '''
with patch('bookwyrm.models.activitypub_mixin.broadcast_task.delay'):
models.Review.objects.create(
name='hi',
content='look at this',
user=self.local_user,
book=self.book,
privacy='public',
)
request = self.factory.get('', {'page': 1})
result = views.Outbox.as_view()(request, 'mouse')
data = json.loads(result.content)
self.assertEqual(len(data['orderedItems']), 1)
self.assertEqual(data['orderedItems'][0]['type'], 'Article')

View file

@ -13,7 +13,7 @@ from bookwyrm.activitypub import ActivitypubResponse
from bookwyrm.settings import PAGE_LENGTH from bookwyrm.settings import PAGE_LENGTH
from .helpers import get_activity_feed from .helpers import get_activity_feed
from .helpers import get_user_from_username from .helpers import get_user_from_username
from .helpers import is_api_request, is_bookworm_request, object_visible_to_user from .helpers import is_api_request, is_bookwyrm_request, object_visible_to_user
# pylint: disable= no-self-use # pylint: disable= no-self-use
@ -107,7 +107,7 @@ class Status(View):
if is_api_request(request): if is_api_request(request):
return ActivitypubResponse( return ActivitypubResponse(
status.to_activity(pure=not is_bookworm_request(request))) status.to_activity(pure=not is_bookwyrm_request(request)))
data = {**feed_page_data(request.user), **{ data = {**feed_page_data(request.user), **{
'title': 'Status by %s' % user.username, 'title': 'Status by %s' % user.username,

View file

@ -24,8 +24,8 @@ def is_api_request(request):
request.path[-5:] == '.json' request.path[-5:] == '.json'
def is_bookworm_request(request): def is_bookwyrm_request(request):
''' check if the request is coming from another bookworm instance ''' ''' check if the request is coming from another bookwyrm instance '''
user_agent = request.headers.get('User-Agent') user_agent = request.headers.get('User-Agent')
if user_agent is None or \ if user_agent is None or \
re.search(regex.bookwyrm_user_agent, user_agent) is None: re.search(regex.bookwyrm_user_agent, user_agent) is None:

View file

@ -4,6 +4,7 @@ from django.shortcuts import get_object_or_404
from django.views import View from django.views import View
from bookwyrm import activitypub, models from bookwyrm import activitypub, models
from .helpers import is_bookwyrm_request
# pylint: disable= no-self-use # pylint: disable= no-self-use
@ -17,6 +18,10 @@ class Outbox(View):
filter_type = None filter_type = None
return JsonResponse( return JsonResponse(
user.to_outbox(**request.GET, filter_type=filter_type), user.to_outbox(
**request.GET,
filter_type=filter_type,
pure=not is_bookwyrm_request(request)
),
encoder=activitypub.ActivityEncoder encoder=activitypub.ActivityEncoder
) )