From e58f2240d337b3828bb6d5f58d3ed328112f0de7 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Tue, 28 Jun 2022 14:59:30 +0100 Subject: [PATCH 1/6] Add visibility check in context path --- lib/pleroma/web/mastodon_api/controllers/status_controller.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index 2eff4d9d0..60f4c44d7 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -384,11 +384,13 @@ def reblogged_by(%{assigns: %{user: user}} = conn, %{id: id}) do def context(%{assigns: %{user: user}} = conn, %{id: id}) do with %Activity{} = activity <- Activity.get_by_id(id) do activities = - ActivityPub.fetch_activities_for_context(activity.data["context"], %{ + activity.data["context"] + |> ActivityPub.fetch_activities_for_context(%{ blocking_user: user, user: user, exclude_id: activity.id }) + |> Enum.filter(fn activity -> Visibility.visible_for_user?(activity, user) end) render(conn, "context.json", activity: activity, activities: activities, user: user) end -- 2.43.0 From 1f2fdc0f8e1d670672e81fede1de7bbc7ac948a5 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Tue, 28 Jun 2022 16:06:21 +0100 Subject: [PATCH 2/6] Add test for context leak --- .../controllers/status_controller_test.exs | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index ed66d370a..7cbf33034 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -1810,6 +1810,37 @@ test "context" do } = response end + test "context when restrict_unauthenticated is on" do + user = insert(:user) + remote_user = insert(:user, local: false) + + {:ok, %{id: id1}} = CommonAPI.post(user, %{status: "1"}) + {:ok, %{id: id2}} = CommonAPI.post(user, %{status: "2", in_reply_to_status_id: id1}) + {:ok, %{id: id3}} = CommonAPI.post(remote_user, %{status: "3", in_reply_to_status_id: id2, local: false}) + + response = + build_conn() + |> get("/api/v1/statuses/#{id2}/context") + |> json_response_and_validate_schema(:ok) + + assert %{ + "ancestors" => [%{"id" => ^id1}], + "descendants" => [%{"id" => ^id3}] + } = response + + clear_config([:restrict_unauthenticated, :activities, :local], true) + + response = + build_conn() + |> get("/api/v1/statuses/#{id2}/context") + |> json_response_and_validate_schema(:ok) + + assert %{ + "ancestors" => [], + "descendants" => [] + } = response + end + test "favorites paginate correctly" do %{user: user, conn: conn} = oauth_access(["read:favourites"]) other_user = insert(:user) -- 2.43.0 From 167c511041f7c08448088edede83760c11867d50 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Tue, 28 Jun 2022 16:08:31 +0100 Subject: [PATCH 3/6] run mix format --- .../web/mastodon_api/controllers/status_controller_test.exs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index 7cbf33034..3e0660031 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -1816,7 +1816,9 @@ test "context when restrict_unauthenticated is on" do {:ok, %{id: id1}} = CommonAPI.post(user, %{status: "1"}) {:ok, %{id: id2}} = CommonAPI.post(user, %{status: "2", in_reply_to_status_id: id1}) - {:ok, %{id: id3}} = CommonAPI.post(remote_user, %{status: "3", in_reply_to_status_id: id2, local: false}) + + {:ok, %{id: id3}} = + CommonAPI.post(remote_user, %{status: "3", in_reply_to_status_id: id2, local: false}) response = build_conn() -- 2.43.0 From 9e6d237708a20c484fb5345daf8ef9e80b69009c Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Tue, 28 Jun 2022 16:09:42 +0100 Subject: [PATCH 4/6] release on merge --- .woodpecker/.release.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.woodpecker/.release.yml b/.woodpecker/.release.yml index 335f3c8e8..28043aa65 100644 --- a/.woodpecker/.release.yml +++ b/.woodpecker/.release.yml @@ -16,7 +16,9 @@ pipeline: glibc: when: event: - - tag + - push + branch: + - develop secrets: - SCW_ACCESS_KEY - SCW_SECRET_KEY @@ -44,7 +46,9 @@ pipeline: musl: when: event: - - tag + - push + branch: + - develop secrets: - SCW_ACCESS_KEY - SCW_SECRET_KEY -- 2.43.0 From 93ca72792cc290aaf5b225c6d87251a629bf82fd Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Tue, 28 Jun 2022 16:12:19 +0100 Subject: [PATCH 5/6] run test on PR --- .woodpecker/.test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.woodpecker/.test.yml b/.woodpecker/.test.yml index cef743643..6724d363d 100644 --- a/.woodpecker/.test.yml +++ b/.woodpecker/.test.yml @@ -11,6 +11,7 @@ pipeline: when: event: - push + - pull_request environment: MIX_ENV: test commands: @@ -25,6 +26,7 @@ pipeline: when: event: - push + - pull_request environment: MIX_ENV: test POSTGRES_DB: pleroma_test -- 2.43.0 From 1e806b6d1dbe96f39ce20ad65e098b790629d47e Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Wed, 29 Jun 2022 10:33:31 +0100 Subject: [PATCH 6/6] re-add gopher to url schemes --- config/config.exs | 1 + 1 file changed, 1 insertion(+) diff --git a/config/config.exs b/config/config.exs index ea0b23360..00f9af797 100644 --- a/config/config.exs +++ b/config/config.exs @@ -97,6 +97,7 @@ "http", "dat", "dweb", + "gopher", "hyper", "ipfs", "ipns", -- 2.43.0