Don't treat remote accepts/rejects as local.
Also, use specialized functions to get safe data.
This commit is contained in:
parent
dd9bb37893
commit
3839a11ef5
|
@ -95,6 +95,17 @@ def accept(%{to: to, actor: actor, object: object} = params) do
|
|||
end
|
||||
end
|
||||
|
||||
def reject(%{to: to, actor: actor, object: object} = params) do
|
||||
# only accept false as false value
|
||||
local = !(params[:local] == false)
|
||||
|
||||
with data <- %{"to" => to, "type" => "Reject", "actor" => actor, "object" => object},
|
||||
{:ok, activity} <- insert(data, local),
|
||||
:ok <- maybe_federate(activity) do
|
||||
{:ok, activity}
|
||||
end
|
||||
end
|
||||
|
||||
def update(%{to: to, cc: cc, actor: actor, object: object} = params) do
|
||||
# only accept false as false value
|
||||
local = !(params[:local] == false)
|
||||
|
|
|
@ -173,7 +173,7 @@ def handle_incoming(
|
|||
%User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity["actor"]),
|
||||
follow_activity <- Utils.fetch_latest_follow(follower, followed),
|
||||
false <- is_nil(follow_activity),
|
||||
{:ok, activity} <- ActivityPub.insert(data, true) do
|
||||
{:ok, activity} <- ActivityPub.accept(%{to: follow_activity.data["to"], type: "Accept", actor: followed.ap_id, object: follow_activity.data["id"], local: false}) do
|
||||
if not User.following?(follower, followed) do
|
||||
{:ok, follower} = User.follow(follower, followed)
|
||||
end
|
||||
|
@ -192,7 +192,7 @@ def handle_incoming(
|
|||
%User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity["actor"]),
|
||||
follow_activity <- Utils.fetch_latest_follow(follower, followed),
|
||||
false <- is_nil(follow_activity),
|
||||
{:ok, activity} <- ActivityPub.insert(data, true) do
|
||||
{:ok, activity} <- ActivityPub.accept(%{to: follow_activity.data["to"], type: "Accept", actor: followed.ap_id, object: follow_activity.data["id"], local: false}) do
|
||||
User.unfollow(follower, followed)
|
||||
|
||||
{:ok, activity}
|
||||
|
|
|
@ -404,7 +404,10 @@ test "it works for incoming accepts which were pre-accepted" do
|
|||
accept_data =
|
||||
Map.put(accept_data, "object", Map.put(accept_data["object"], "actor", follower.ap_id))
|
||||
|
||||
{:ok, %Activity{data: _}} = Transmogrifier.handle_incoming(accept_data)
|
||||
{:ok, activity} = Transmogrifier.handle_incoming(accept_data)
|
||||
refute activity.local
|
||||
|
||||
assert activity.data["object"] == follow_activity.data["id"]
|
||||
|
||||
follower = Repo.get(User, follower.id)
|
||||
|
||||
|
@ -425,7 +428,8 @@ test "it works for incoming accepts which were orphaned" do
|
|||
accept_data =
|
||||
Map.put(accept_data, "object", Map.put(accept_data["object"], "actor", follower.ap_id))
|
||||
|
||||
{:ok, %Activity{data: _}} = Transmogrifier.handle_incoming(accept_data)
|
||||
{:ok, activity} = Transmogrifier.handle_incoming(accept_data)
|
||||
assert activity.data["object"] == follow_activity.data["id"]
|
||||
|
||||
follower = Repo.get(User, follower.id)
|
||||
|
||||
|
@ -444,7 +448,8 @@ test "it works for incoming accepts which are referenced by IRI only" do
|
|||
|> Map.put("actor", followed.ap_id)
|
||||
|> Map.put("object", follow_activity.data["id"])
|
||||
|
||||
{:ok, %Activity{data: _}} = Transmogrifier.handle_incoming(accept_data)
|
||||
{:ok, activity} = Transmogrifier.handle_incoming(accept_data)
|
||||
assert activity.data["object"] == follow_activity.data["id"]
|
||||
|
||||
follower = Repo.get(User, follower.id)
|
||||
|
||||
|
@ -470,6 +475,25 @@ test "it fails for incoming accepts which cannot be correlated" do
|
|||
refute User.following?(follower, followed) == true
|
||||
end
|
||||
|
||||
test "it fails for incoming rejects which cannot be correlated" do
|
||||
follower = insert(:user)
|
||||
followed = insert(:user, %{info: %{"locked" => true}})
|
||||
|
||||
accept_data =
|
||||
File.read!("test/fixtures/mastodon-reject-activity.json")
|
||||
|> Poison.decode!()
|
||||
|> Map.put("actor", followed.ap_id)
|
||||
|
||||
accept_data =
|
||||
Map.put(accept_data, "object", Map.put(accept_data["object"], "actor", follower.ap_id))
|
||||
|
||||
:error = Transmogrifier.handle_incoming(accept_data)
|
||||
|
||||
follower = Repo.get(User, follower.id)
|
||||
|
||||
refute User.following?(follower, followed) == true
|
||||
end
|
||||
|
||||
test "it works for incoming rejects which are orphaned" do
|
||||
follower = insert(:user)
|
||||
followed = insert(:user, %{info: %{"locked" => true}})
|
||||
|
@ -487,7 +511,8 @@ test "it works for incoming rejects which are orphaned" do
|
|||
reject_data =
|
||||
Map.put(reject_data, "object", Map.put(reject_data["object"], "actor", follower.ap_id))
|
||||
|
||||
{:ok, %Activity{data: _}} = Transmogrifier.handle_incoming(reject_data)
|
||||
{:ok, activity} = Transmogrifier.handle_incoming(reject_data)
|
||||
refute activity.local
|
||||
|
||||
follower = Repo.get(User, follower.id)
|
||||
|
||||
|
|
Loading…
Reference in New Issue