diff options
| author | lambda <pleromagit@rogerbraun.net> | 2018-06-19 09:42:45 +0000 |
|---|---|---|
| committer | lambda <pleromagit@rogerbraun.net> | 2018-06-19 09:42:45 +0000 |
| commit | be800d793605db8dcb46cedd233b672b8e79e1a4 (patch) | |
| tree | fd66a81a38509813c447be6af2fc5c74a83ee158 | |
| parent | db0731b6ac077c341f6e6779af2c2d5a94d3d14a (diff) | |
| parent | 590e8d555557c7f375c15bcbb00ea46cf2dcc4b9 (diff) | |
| download | pleroma-be800d793605db8dcb46cedd233b672b8e79e1a4.tar.gz | |
Merge branch 'bugfix/block-follow-relationships' into 'develop'
fix follow relationship leaks when blocked
See merge request pleroma/pleroma!230
| -rw-r--r-- | lib/pleroma/user.ex | 26 | ||||
| -rw-r--r-- | test/user_test.exs | 55 | ||||
| -rw-r--r-- | test/web/activity_pub/transmogrifier_test.exs | 31 | ||||
| -rw-r--r-- | test/web/mastodon_api/account_view_test.exs | 2 |
4 files changed, 109 insertions, 5 deletions
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index b27397e13..aba8742a0 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -505,15 +505,33 @@ defmodule Pleroma.User do Repo.all(q) end - def block(user, %{ap_id: ap_id}) do - blocks = user.info["blocks"] || [] + def block(blocker, %User{ap_id: ap_id} = blocked) do + # sever any follow relationships to prevent leaks per activitypub (Pleroma issue #213) + blocker = + if following?(blocker, blocked) do + {:ok, blocker, _} = unfollow(blocker, blocked) + blocker + else + blocker + end + + if following?(blocked, blocker) do + unfollow(blocked, blocker) + end + + blocks = blocker.info["blocks"] || [] new_blocks = Enum.uniq([ap_id | blocks]) - new_info = Map.put(user.info, "blocks", new_blocks) + new_info = Map.put(blocker.info, "blocks", new_blocks) - cs = User.info_changeset(user, %{info: new_info}) + cs = User.info_changeset(blocker, %{info: new_info}) update_and_set_cache(cs) end + # helper to handle the block given only an actor's AP id + def block(blocker, %{ap_id: ap_id}) do + block(blocker, User.get_by_ap_id(ap_id)) + end + def unblock(user, %{ap_id: ap_id}) do blocks = user.info["blocks"] || [] new_blocks = List.delete(blocks, ap_id) diff --git a/test/user_test.exs b/test/user_test.exs index 200352981..352a16687 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -359,6 +359,61 @@ defmodule Pleroma.UserTest do refute User.blocks?(user, blocked_user) end + + test "blocks tear down cyclical follow relationships" do + blocker = insert(:user) + blocked = insert(:user) + + {:ok, blocker} = User.follow(blocker, blocked) + {:ok, blocked} = User.follow(blocked, blocker) + + assert User.following?(blocker, blocked) + assert User.following?(blocked, blocker) + + {:ok, blocker} = User.block(blocker, blocked) + blocked = Repo.get(User, blocked.id) + + assert User.blocks?(blocker, blocked) + + refute User.following?(blocker, blocked) + refute User.following?(blocked, blocker) + end + + test "blocks tear down blocker->blocked follow relationships" do + blocker = insert(:user) + blocked = insert(:user) + + {:ok, blocker} = User.follow(blocker, blocked) + + assert User.following?(blocker, blocked) + refute User.following?(blocked, blocker) + + {:ok, blocker} = User.block(blocker, blocked) + blocked = Repo.get(User, blocked.id) + + assert User.blocks?(blocker, blocked) + + refute User.following?(blocker, blocked) + refute User.following?(blocked, blocker) + end + + test "blocks tear down blocked->blocker follow relationships" do + blocker = insert(:user) + blocked = insert(:user) + + {:ok, blocked} = User.follow(blocked, blocker) + + refute User.following?(blocker, blocked) + assert User.following?(blocked, blocker) + + {:ok, blocker} = User.block(blocker, blocked) + blocked = Repo.get(User, blocked.id) + + assert User.blocks?(blocker, blocked) + + refute User.following?(blocker, blocked) + refute User.following?(blocked, blocker) + end end describe "domain blocking" do diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index 3b3a0c703..838ae169d 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -392,6 +392,37 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do assert User.blocks?(blocker, user) end + test "incoming blocks successfully tear down any follow relationship" do + blocker = insert(:user) + blocked = insert(:user) + + data = + File.read!("test/fixtures/mastodon-block-activity.json") + |> Poison.decode!() + |> Map.put("object", blocked.ap_id) + |> Map.put("actor", blocker.ap_id) + + {:ok, blocker} = User.follow(blocker, blocked) + {:ok, blocked} = User.follow(blocked, blocker) + + assert User.following?(blocker, blocked) + assert User.following?(blocked, blocker) + + {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + + assert data["type"] == "Block" + assert data["object"] == blocked.ap_id + assert data["actor"] == blocker.ap_id + + blocker = User.get_by_ap_id(data["actor"]) + blocked = User.get_by_ap_id(data["object"]) + + assert User.blocks?(blocker, blocked) + + refute User.following?(blocker, blocked) + refute User.following?(blocked, blocker) + end + test "it works for incoming unblocks with an existing block" do user = insert(:user) diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/account_view_test.exs index 597690bf7..f7b8d7438 100644 --- a/test/web/mastodon_api/account_view_test.exs +++ b/test/web/mastodon_api/account_view_test.exs @@ -60,7 +60,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do expected = %{ id: to_string(other_user.id), - following: true, + following: false, followed_by: false, blocking: true, muting: false, |