diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index dcdc7085f..254d91a7e 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -1530,6 +1530,18 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do # we request WebFinger here nickname = additional[:nickname_from_acct] || generate_nickname(data) + # also_known_as must be a URL + also_known_as = + data + |> Map.get("alsoKnownAs", []) + |> Enum.filter(fn url -> + case URI.parse(url) do + %URI{scheme: "http"} -> true + %URI{scheme: "https"} -> true + _ -> false + end + end) + %{ ap_id: data["id"], uri: get_actor_url(data["url"]), @@ -1547,7 +1559,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do featured_address: featured_address, bio: data["summary"] || "", actor_type: actor_type, - also_known_as: Map.get(data, "alsoKnownAs", []), + also_known_as: also_known_as, public_key: public_key, inbox: data["inbox"], shared_inbox: shared_inbox, diff --git a/test/fixtures/microblogpub/user_with_invalid_also_known_as.json b/test/fixtures/microblogpub/user_with_invalid_also_known_as.json new file mode 100644 index 000000000..a03076226 --- /dev/null +++ b/test/fixtures/microblogpub/user_with_invalid_also_known_as.json @@ -0,0 +1,57 @@ +{ + "@context": [ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1", + { + "Hashtag": "as:Hashtag", + "sensitive": "as:sensitive", + "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", + "alsoKnownAs": { + "@id": "as:alsoKnownAs", + "@type": "@id" + }, + "movedTo": { + "@id": "as:movedTo", + "@type": "@id" + }, + "toot": "http://joinmastodon.org/ns#", + "featured": { + "@id": "toot:featured", + "@type": "@id" + }, + "Emoji": "toot:Emoji", + "blurhash": "toot:blurhash", + "votersCount": "toot:votersCount", + "schema": "http://schema.org#", + "PropertyValue": "schema:PropertyValue", + "value": "schema:value", + "ostatus": "http://ostatus.org#", + "conversation": "ostatus:conversation" + } + ], + "type": "Person", + "id": "https://mbp.example.com", + "following": "https://mbp.example.com/following", + "followers": "https://mbp.example.com/followers", + "featured": "https://mbp.example.com/featured", + "inbox": "https://mbp.example.com/inbox", + "outbox": "https://mbp.example.com/outbox", + "preferredUsername": "MBP", + "name": "MBP", + "summary": "wowee", + "endpoints": { + "sharedInbox": "https://mbp.example.com/inbox" + }, + "url": "https://mbp.example.com/", + "manuallyApprovesFollowers": false, + "attachment": [], + "icon": { + "mediaType": "image/jpeg", + "type": "Image", + "url": "https://beta.4201337.xyz/static/denise.jpg" + }, + "tag": [], + "alsoKnownAs": [ + "example@elsewhere.com" + ] +} diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index 195df2a03..b67aa48bb 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -968,6 +968,24 @@ defmodule Pleroma.UserTest do assert user.last_refreshed_at == orig_user.last_refreshed_at end + + test "it doesn't fail on invalid alsoKnownAs entries" do + Tesla.Mock.mock(fn + %{url: "https://mbp.example.com/"} -> + %Tesla.Env{ + status: 200, + body: + "test/fixtures/microblogpub/user_with_invalid_also_known_as.json" + |> File.read!(), + headers: [{"content-type", "application/activity+json"}] + } + + _ -> + %Tesla.Env{status: 404} + end) + + assert {:ok, %User{also_known_as: []}} = User.get_or_fetch_by_ap_id("https://mbp.example.com/") + end end test "returns an ap_id for a user" do