AP C2S: Restrict character limit on Note

This commit is contained in:
Haelwenn (lanodan) Monnier 2020-07-07 07:06:29 +02:00 committed by rinpatch
parent a781ac6ca5
commit 10ef532c63
2 changed files with 38 additions and 13 deletions

View file

@ -399,21 +399,30 @@ def read_inbox(%{assigns: %{user: %User{nickname: as_nickname}}} = conn, %{
defp handle_user_activity( defp handle_user_activity(
%User{} = user, %User{} = user,
%{"type" => "Create", "object" => %{"type" => "Note"}} = params %{"type" => "Create", "object" => %{"type" => "Note"} = object} = params
) do ) do
object = content = if is_binary(object["content"]), do: object["content"], else: ""
params["object"] name = if is_binary(object["name"]), do: object["name"], else: ""
|> Map.merge(Map.take(params, ["to", "cc"])) summary = if is_binary(object["summary"]), do: object["summary"], else: ""
|> Map.put("attributedTo", user.ap_id()) length = String.length(content <> name <> summary)
|> Transmogrifier.fix_object()
ActivityPub.create(%{ if length > Pleroma.Config.get([:instance, :limit]) do
to: params["to"], {:error, dgettext("errors", "Note is over the character limit")}
actor: user, else
context: object["context"], object =
object: object, object
additional: Map.take(params, ["cc"]) |> Map.merge(Map.take(params, ["to", "cc"]))
}) |> Map.put("attributedTo", user.ap_id())
|> Transmogrifier.fix_object()
ActivityPub.create(%{
to: params["to"],
actor: user,
context: object["context"],
object: object,
additional: Map.take(params, ["cc"])
})
end
end end
defp handle_user_activity(%User{} = user, %{"type" => "Delete"} = params) do defp handle_user_activity(%User{} = user, %{"type" => "Delete"} = params) do

View file

@ -905,6 +905,8 @@ test "it requires authentication if instance is NOT federating", %{
end end
describe "POST /users/:nickname/outbox (C2S)" do describe "POST /users/:nickname/outbox (C2S)" do
setup do: clear_config([:instance, :limit])
setup do setup do
[ [
activity: %{ activity: %{
@ -1121,6 +1123,20 @@ test "it doesn't spreads faulty attributedTo or actor fields", %{
assert cirno_object.data["actor"] == cirno.ap_id assert cirno_object.data["actor"] == cirno.ap_id
assert cirno_object.data["attributedTo"] == cirno.ap_id assert cirno_object.data["attributedTo"] == cirno.ap_id
end end
test "Character limitation", %{conn: conn, activity: activity} do
Pleroma.Config.put([:instance, :limit], 5)
user = insert(:user)
result =
conn
|> assign(:user, user)
|> put_req_header("content-type", "application/activity+json")
|> post("/users/#{user.nickname}/outbox", activity)
|> json_response(400)
assert result == "Note is over the character limit"
end
end end
describe "/relay/followers" do describe "/relay/followers" do