Merge branch 'bugfix/relax-spam-protection' into 'develop'

activitypub: allow indirect messages from users being followed at a personal inbox See merge request pleroma/pleroma!1069
author: Haelwenn <contact+git.pleroma.social@hacktivis.me> 2019-04-16 18:38:11 +0000
committer: Haelwenn <contact+git.pleroma.social@hacktivis.me> 2019-04-16 18:38:11 +0000
commit: cde7711b12d64081f16e88a3f3ac93c811471d61 (patch)
tree: 52df398c08d2b6f9135d561a80968677d119c712 /lib
parent: 6ddaeb14e20f3a398234b4b390feefd298fe61b9 (diff)
parent: 750b369d0469ba7ec037ff953e65473e32d7fa33 (diff)
download: pleroma-cde7711b12d64081f16e88a3f3ac93c811471d61.tar.gz
2 files changed, 10 insertions, 4 deletions
diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
index 7091d6927..3331ebebd 100644
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@@ -153,9 +153,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
   end
 
   def inbox(%{assigns: %{valid_signature: true}} = conn, %{"nickname" => nickname} = params) do
-    with %User{} = user <- User.get_cached_by_nickname(nickname),
-         true <- Utils.recipient_in_message(user.ap_id, params),
-         params <- Utils.maybe_splice_recipient(user.ap_id, params) do
+    with %User{} = recipient <- User.get_cached_by_nickname(nickname),
+         %User{} = actor <- User.get_or_fetch_by_ap_id(params["actor"]),
+         true <- Utils.recipient_in_message(recipient, actor, params),
+         params <- Utils.maybe_splice_recipient(recipient.ap_id, params) do
       Federator.incoming_ap_doc(params)
       json(conn, "ok")
     end
diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex
index 0b53f71c3..ccc9da7c6 100644
--- a/lib/pleroma/web/activity_pub/utils.ex
+++ b/lib/pleroma/web/activity_pub/utils.ex
@@ -52,7 +52,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do
   defp recipient_in_collection(ap_id, coll) when is_list(coll), do: ap_id in coll
   defp recipient_in_collection(_, _), do: false
 
-  def recipient_in_message(ap_id, params) do
+  def recipient_in_message(%User{ap_id: ap_id} = recipient, %User{} = actor, params) do
     cond do
       recipient_in_collection(ap_id, params["to"]) ->
         true
@@ -71,6 +71,11 @@ defmodule Pleroma.Web.ActivityPub.Utils do
       !params["to"] && !params["cc"] && !params["bto"] && !params["bcc"] ->
         true
 
+      # if the message is sent from somebody the user is following, then assume it
+      # is addressed to the recipient
+      User.following?(recipient, actor) ->
+        true
+
       true ->
         false
     end
author	Haelwenn <contact+git.pleroma.social@hacktivis.me>	2019-04-16 18:38:11 +0000
committer	Haelwenn <contact+git.pleroma.social@hacktivis.me>	2019-04-16 18:38:11 +0000
commit	cde7711b12d64081f16e88a3f3ac93c811471d61 (patch)
tree	52df398c08d2b6f9135d561a80968677d119c712 /lib
parent	6ddaeb14e20f3a398234b4b390feefd298fe61b9 (diff)
parent	750b369d0469ba7ec037ff953e65473e32d7fa33 (diff)
download	pleroma-cde7711b12d64081f16e88a3f3ac93c811471d61.tar.gz