Merge branch 'fix/ap-disable-remote-render' into 'develop'

Disable rendering AP representation for remote users and objects See merge request pleroma/pleroma!2010
2019-11-25 15:23:45 +00:00 · 2019-11-25 15:23:45 +00:00 · dc9090810d
parent 5f981178d0 4b10804f21
commit dc9090810d
6 changed files with 48 additions and 99 deletions
--- a/lib/pleroma/object.ex
+++ b/lib/pleroma/object.ex
@ -255,4 +255,8 @@ defmodule Pleroma.Object do
    |> Object.change(%{data: Map.merge(data || %{}, attrs)})
    |> Repo.update()
  end
+
+  def local?(%Object{data: %{"id" => id}}) do
+    String.starts_with?(id, Pleroma.Web.base_url() <> "/")
+  end
 end
--- a/lib/pleroma/object/fetcher.ex
+++ b/lib/pleroma/object/fetcher.ex
@ -49,7 +49,7 @@ defmodule Pleroma.Object.Fetcher do
  end

  def refetch_object(%Object{data: %{"id" => id}} = object) do
-    with {:local, false} <- {:local, String.starts_with?(id, Pleroma.Web.base_url() <> "/")},
+    with {:local, false} <- {:local, Object.local?(object)},
         {:ok, data} <- fetch_and_contain_remote_object_from_id(id),
         {:ok, object} <- reinject_object(object, data) do
      {:ok, object}
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@ -45,7 +45,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
  end

  def user(conn, %{"nickname" => nickname}) do
-    with %User{} = user <- User.get_cached_by_nickname(nickname),
+    with %User{local: true} = user <- User.get_cached_by_nickname(nickname),
         {:ok, user} <- User.ensure_keys_present(user) do
      conn
      |> put_resp_content_type("application/activity+json")
@ -53,6 +53,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
      |> render("user.json", %{user: user})
    else
      nil -> {:error, :not_found}
+      %{local: false} -> {:error, :not_found}
    end
  end

--- a/lib/pleroma/web/ostatus/ostatus_controller.ex
+++ b/lib/pleroma/web/ostatus/ostatus_controller.ex
@ -11,7 +11,6 @@ defmodule Pleroma.Web.OStatus.OStatusController do
  alias Pleroma.Plugs.RateLimiter
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPubController
-  alias Pleroma.Web.ActivityPub.ObjectView
  alias Pleroma.Web.ActivityPub.Visibility
  alias Pleroma.Web.Endpoint
  alias Pleroma.Web.Metadata.PlayerView
@ -38,11 +37,9 @@ defmodule Pleroma.Web.OStatus.OStatusController do
    with id <- o_status_url(conn, :object, uuid),
         {_, %Activity{} = activity} <-
           {:activity, Activity.get_create_by_object_ap_id_with_object(id)},
-         {_, true} <- {:public?, Visibility.is_public?(activity)},
-         %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
+         {_, true} <- {:public?, Visibility.is_public?(activity)} do
      case format do
-        "html" -> redirect(conn, to: "/notice/#{activity.id}")
-        _ -> represent_activity(conn, nil, activity, user)
+        _ -> redirect(conn, to: "/notice/#{activity.id}")
      end
    else
      reason when reason in [{:public?, false}, {:activity, nil}] ->
@ -61,11 +58,9 @@ defmodule Pleroma.Web.OStatus.OStatusController do
  def activity(%{assigns: %{format: format}} = conn, %{"uuid" => uuid}) do
    with id <- o_status_url(conn, :activity, uuid),
         {_, %Activity{} = activity} <- {:activity, Activity.normalize(id)},
-         {_, true} <- {:public?, Visibility.is_public?(activity)},
-         %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
+         {_, true} <- {:public?, Visibility.is_public?(activity)} do
      case format do
-        "html" -> redirect(conn, to: "/notice/#{activity.id}")
-        _ -> represent_activity(conn, format, activity, user)
+        _ -> redirect(conn, to: "/notice/#{activity.id}")
      end
    else
      reason when reason in [{:public?, false}, {:activity, nil}] ->
@ -81,7 +76,15 @@ defmodule Pleroma.Web.OStatus.OStatusController do
         {_, true} <- {:public?, Visibility.is_public?(activity)},
         %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
      cond do
-        format == "html" && activity.data["type"] == "Create" ->
+        format in ["json", "activity+json"] ->
+          if activity.local do
+            %{data: %{"id" => redirect_url}} = Object.normalize(activity)
+            redirect(conn, external: redirect_url)
+          else
+            {:error, :not_found}
+          end
+
+        activity.data["type"] == "Create" ->
          %Object{} = object = Object.normalize(activity)

          RedirectController.redirector_with_meta(
@ -94,11 +97,8 @@ defmodule Pleroma.Web.OStatus.OStatusController do
            }
          )

-        format == "html" ->
-          RedirectController.redirector(conn, nil)
-
        true ->
-          represent_activity(conn, format, activity, user)
+          RedirectController.redirector(conn, nil)
      end
    else
      reason when reason in [{:public?, false}, {:activity, nil}] ->
@ -135,24 +135,6 @@ defmodule Pleroma.Web.OStatus.OStatusController do
    end
  end

-  defp represent_activity(
-         conn,
-         "activity+json",
-         %Activity{data: %{"type" => "Create"}} = activity,
-         _user
-       ) do
-    object = Object.normalize(activity)
-
-    conn
-    |> put_resp_header("content-type", "application/activity+json")
-    |> put_view(ObjectView)
-    |> render("object.json", %{object: object})
-  end
-
-  defp represent_activity(_conn, _, _, _) do
-    {:error, :not_found}
-  end
-
  def errors(conn, {:error, :not_found}) do
    render_error(conn, :not_found, "Not found")
  end
--- a/test/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/web/activity_pub/activity_pub_controller_test.exs
@ -110,6 +110,19 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do

      assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
    end
+
+    test "it returns 404 for remote users", %{
+      conn: conn
+    } do
+      user = insert(:user, local: false, nickname: "remoteuser@example.com")
+
+      conn =
+        conn
+        |> put_req_header("accept", "application/json")
+        |> get("/users/#{user.nickname}.json")
+
+      assert json_response(conn, 404)
+    end
  end

  describe "/object/:uuid" do
--- a/test/web/ostatus/ostatus_controller_test.exs
+++ b/test/web/ostatus/ostatus_controller_test.exs
@ -35,23 +35,6 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
      assert redirected_to(conn) == "/notice/#{note_activity.id}"
    end

-    test "500s when user not found", %{conn: conn} do
-      note_activity = insert(:note_activity)
-      object = Object.normalize(note_activity)
-      user = User.get_cached_by_ap_id(note_activity.data["actor"])
-      User.invalidate_cache(user)
-      Pleroma.Repo.delete(user)
-      [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, object.data["id"]))
-      url = "/objects/#{uuid}"
-
-      conn =
-        conn
-        |> put_req_header("accept", "application/xml")
-        |> get(url)
-
-      assert response(conn, 500) == ~S({"error":"Something went wrong"})
-    end
-
    test "404s on private objects", %{conn: conn} do
      note_activity = insert(:direct_note_activity)
      object = Object.normalize(note_activity)
@ -82,21 +65,6 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
      assert redirected_to(conn) == "/notice/#{note_activity.id}"
    end

-    test "505s when user not found", %{conn: conn} do
-      note_activity = insert(:note_activity)
-      [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))
-      user = User.get_cached_by_ap_id(note_activity.data["actor"])
-      User.invalidate_cache(user)
-      Pleroma.Repo.delete(user)
-
-      conn =
-        conn
-        |> put_req_header("accept", "text/html")
-        |> get("/activities/#{uuid}")
-
-      assert response(conn, 500) == ~S({"error":"Something went wrong"})
-    end
-
    test "404s on private activities", %{conn: conn} do
      note_activity = insert(:direct_note_activity)
      [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))
@ -127,21 +95,28 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
  end

  describe "GET notice/2" do
-    test "gets a notice in xml format", %{conn: conn} do
+    test "redirects to a proper object URL when json requested and the object is local", %{
+      conn: conn
+    } do
      note_activity = insert(:note_activity)
+      expected_redirect_url = Object.normalize(note_activity).data["id"]

-      conn
-      |> get("/notice/#{note_activity.id}")
-      |> response(200)
+      redirect_url =
+        conn
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/notice/#{note_activity.id}")
+        |> redirected_to()
+
+      assert redirect_url == expected_redirect_url
    end

-    test "gets a notice in AS2 format", %{conn: conn} do
-      note_activity = insert(:note_activity)
+    test "returns a 404 on remote notice when json requested", %{conn: conn} do
+      note_activity = insert(:note_activity, local: false)

      conn
      |> put_req_header("accept", "application/activity+json")
      |> get("/notice/#{note_activity.id}")
-      |> json_response(200)
+      |> response(404)
    end

    test "500s when actor not found", %{conn: conn} do
@ -157,32 +132,6 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
      assert response(conn, 500) == ~S({"error":"Something went wrong"})
    end

-    test "only gets a notice in AS2 format for Create messages", %{conn: conn} do
-      note_activity = insert(:note_activity)
-      url = "/notice/#{note_activity.id}"
-
-      conn =
-        conn
-        |> put_req_header("accept", "application/activity+json")
-        |> get(url)
-
-      assert json_response(conn, 200)
-
-      user = insert(:user)
-
-      {:ok, like_activity, _} = CommonAPI.favorite(note_activity.id, user)
-      url = "/notice/#{like_activity.id}"
-
-      assert like_activity.data["type"] == "Like"
-
-      conn =
-        build_conn()
-        |> put_req_header("accept", "application/activity+json")
-        |> get(url)
-
-      assert response(conn, 404)
-    end
-
    test "render html for redirect for html format", %{conn: conn} do
      note_activity = insert(:note_activity)