diff options
| author | lain <lain@soykaf.club> | 2018-05-26 14:07:46 +0200 |
|---|---|---|
| committer | lain <lain@soykaf.club> | 2018-05-26 14:07:46 +0200 |
| commit | 3839a11ef51a7602bd4c0b5c5d1318bb9cedd213 (patch) | |
| tree | df7bdc8631d4b024b3c790f702968b99e45531db | |
| parent | dd9bb3789302f1f8e0e6cc61623b37251ff4ad4c (diff) | |
| download | pleroma-3839a11ef51a7602bd4c0b5c5d1318bb9cedd213.tar.gz | |
Don't treat remote accepts/rejects as local.
Also, use specialized functions to get safe data.
| -rw-r--r-- | lib/pleroma/web/activity_pub/activity_pub.ex | 11 | ||||
| -rw-r--r-- | lib/pleroma/web/activity_pub/transmogrifier.ex | 4 | ||||
| -rw-r--r-- | test/web/activity_pub/transmogrifier_test.exs | 33 |
3 files changed, 42 insertions, 6 deletions
diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 30211072b..1a1bfbffd 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -95,6 +95,17 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end end + def reject(%{to: to, actor: actor, object: object} = params) do + # only accept false as false value + local = !(params[:local] == false) + + with data <- %{"to" => to, "type" => "Reject", "actor" => actor, "object" => object}, + {:ok, activity} <- insert(data, local), + :ok <- maybe_federate(activity) do + {:ok, activity} + end + end + def update(%{to: to, cc: cc, actor: actor, object: object} = params) do # only accept false as false value local = !(params[:local] == false) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 690ca62ec..b2224514c 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -173,7 +173,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do %User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity["actor"]), follow_activity <- Utils.fetch_latest_follow(follower, followed), false <- is_nil(follow_activity), - {:ok, activity} <- ActivityPub.insert(data, true) do + {:ok, activity} <- ActivityPub.accept(%{to: follow_activity.data["to"], type: "Accept", actor: followed.ap_id, object: follow_activity.data["id"], local: false}) do if not User.following?(follower, followed) do {:ok, follower} = User.follow(follower, followed) end @@ -192,7 +192,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do %User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity["actor"]), follow_activity <- Utils.fetch_latest_follow(follower, followed), false <- is_nil(follow_activity), - {:ok, activity} <- ActivityPub.insert(data, true) do + {:ok, activity} <- ActivityPub.accept(%{to: follow_activity.data["to"], type: "Accept", actor: followed.ap_id, object: follow_activity.data["id"], local: false}) do User.unfollow(follower, followed) {:ok, activity} diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index e4cff898d..761d9d992 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -404,7 +404,10 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do accept_data = Map.put(accept_data, "object", Map.put(accept_data["object"], "actor", follower.ap_id)) - {:ok, %Activity{data: _}} = Transmogrifier.handle_incoming(accept_data) + {:ok, activity} = Transmogrifier.handle_incoming(accept_data) + refute activity.local + + assert activity.data["object"] == follow_activity.data["id"] follower = Repo.get(User, follower.id) @@ -425,7 +428,8 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do accept_data = Map.put(accept_data, "object", Map.put(accept_data["object"], "actor", follower.ap_id)) - {:ok, %Activity{data: _}} = Transmogrifier.handle_incoming(accept_data) + {:ok, activity} = Transmogrifier.handle_incoming(accept_data) + assert activity.data["object"] == follow_activity.data["id"] follower = Repo.get(User, follower.id) @@ -444,7 +448,8 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do |> Map.put("actor", followed.ap_id) |> Map.put("object", follow_activity.data["id"]) - {:ok, %Activity{data: _}} = Transmogrifier.handle_incoming(accept_data) + {:ok, activity} = Transmogrifier.handle_incoming(accept_data) + assert activity.data["object"] == follow_activity.data["id"] follower = Repo.get(User, follower.id) @@ -470,6 +475,25 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do refute User.following?(follower, followed) == true end + test "it fails for incoming rejects which cannot be correlated" do + follower = insert(:user) + followed = insert(:user, %{info: %{"locked" => true}}) + + accept_data = + File.read!("test/fixtures/mastodon-reject-activity.json") + |> Poison.decode!() + |> Map.put("actor", followed.ap_id) + + accept_data = + Map.put(accept_data, "object", Map.put(accept_data["object"], "actor", follower.ap_id)) + + :error = Transmogrifier.handle_incoming(accept_data) + + follower = Repo.get(User, follower.id) + + refute User.following?(follower, followed) == true + end + test "it works for incoming rejects which are orphaned" do follower = insert(:user) followed = insert(:user, %{info: %{"locked" => true}}) @@ -487,7 +511,8 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do reject_data = Map.put(reject_data, "object", Map.put(reject_data["object"], "actor", follower.ap_id)) - {:ok, %Activity{data: _}} = Transmogrifier.handle_incoming(reject_data) + {:ok, activity} = Transmogrifier.handle_incoming(reject_data) + refute activity.local follower = Repo.get(User, follower.id) |