From 320ca7b11e163d059a3f181e2d6eb5ea300f5b55 Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Tue, 19 Jun 2018 00:36:40 +0000
Subject: user: when processing a block in User.block(), ensure all follow
 relationships are broken

this is needed for activitypub conformance

ref #213
---
 lib/pleroma/user.ex | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index b27397e13..bfa5d78a4 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -505,12 +505,25 @@ defmodule Pleroma.User do
     Repo.all(q)
   end
 
-  def block(user, %{ap_id: ap_id}) do
-    blocks = user.info["blocks"] || []
+  def block(blocker, %User{ap_id: ap_id} = blocked) do
+    # sever any follow relationships to prevent leaks per activitypub (Pleroma issue #213)
+    blocker =
+      if following?(blocker, blocked) do
+        {:ok, blocker, _} = unfollow(blocker, blocked)
+        blocker
+      else
+        blocker
+      end
+
+    if following?(blocked, blocker) do
+      unfollow(blocked, blocker)
+    end
+
+    blocks = blocker.info["blocks"] || []
     new_blocks = Enum.uniq([ap_id | blocks])
-    new_info = Map.put(user.info, "blocks", new_blocks)
+    new_info = Map.put(blocker.info, "blocks", new_blocks)
 
-    cs = User.info_changeset(user, %{info: new_info})
+    cs = User.info_changeset(blocker, %{info: new_info})
     update_and_set_cache(cs)
   end
 
-- 
cgit v1.2.3


From 056305dfa745f679ce0082c08abb06725432dc5d Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Tue, 19 Jun 2018 08:31:06 +0000
Subject: user: add helper function to fetch a user given only an ap_id (fix
 tests)

---
 lib/pleroma/user.ex | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'lib')

diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index bfa5d78a4..aba8742a0 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -527,6 +527,11 @@ defmodule Pleroma.User do
     update_and_set_cache(cs)
   end
 
+  # helper to handle the block given only an actor's AP id
+  def block(blocker, %{ap_id: ap_id}) do
+    block(blocker, User.get_by_ap_id(ap_id))
+  end
+
   def unblock(user, %{ap_id: ap_id}) do
     blocks = user.info["blocks"] || []
     new_blocks = List.delete(blocks, ap_id)
-- 
cgit v1.2.3