diff options
| author | lain <lain@soykaf.club> | 2020-04-29 14:53:53 +0200 |
|---|---|---|
| committer | lain <lain@soykaf.club> | 2020-04-29 14:53:53 +0200 |
| commit | 20587aa931262a5479c98f13450311a135c5d356 (patch) | |
| tree | 461eb6ed1b33a28a2452ad16c06693d71ac9b5c8 | |
| parent | a88734a0a22810bcc47c17fc9120ef7881d670d8 (diff) | |
| download | pleroma-20587aa931262a5479c98f13450311a135c5d356.tar.gz | |
Chat message creation: Check actor.
| -rw-r--r-- | lib/pleroma/web/activity_pub/object_validators/create_chat_message_validator.ex | 14 | ||||
| -rw-r--r-- | test/web/activity_pub/object_validator_test.exs | 13 |
2 files changed, 27 insertions, 0 deletions
diff --git a/lib/pleroma/web/activity_pub/object_validators/create_chat_message_validator.ex b/lib/pleroma/web/activity_pub/object_validators/create_chat_message_validator.ex index 88e903182..fc582400b 100644 --- a/lib/pleroma/web/activity_pub/object_validators/create_chat_message_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/create_chat_message_validator.ex @@ -45,6 +45,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CreateChatMessageValidator do |> validate_inclusion(:type, ["Create"]) |> validate_actor_presence() |> validate_recipients_match(meta) + |> validate_actors_match(meta) |> validate_object_nonexistence() end @@ -59,6 +60,19 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CreateChatMessageValidator do end) end + def validate_actors_match(cng, meta) do + object_actor = meta[:object_data]["actor"] + + cng + |> validate_change(:actor, fn :actor, actor -> + if actor == object_actor do + [] + else + [{:actor, "Actor doesn't match with object actor"}] + end + end) + end + def validate_recipients_match(cng, meta) do object_recipients = meta[:object_data]["to"] || [] diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index 41f67964a..475b7bb21 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -23,6 +23,19 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do assert {:object, {"The object to create already exists", []}} in cng.errors end + + test "it is invalid if the object data has a different `to` or `actor` field" do + user = insert(:user) + recipient = insert(:user) + {:ok, object_data, _} = Builder.chat_message(recipient, user.ap_id, "Hey") + + {:ok, create_data, _} = Builder.create(user, object_data, [recipient.ap_id]) + + {:error, cng} = ObjectValidator.validate(create_data, []) + + assert {:to, {"Recipients don't match with object recipients", []}} in cng.errors + assert {:actor, {"Actor doesn't match with object actor", []}} in cng.errors + end end describe "chat messages" do |