Merge branch 'bugfix/containment-no-id' into 'develop'

object containment: handle all cases where ID is invalid (missing, nil, non-string)

Closes #1387

See merge request pleroma/pleroma!1955
This commit is contained in:
rinpatch 2019-11-08 21:12:23 +00:00
commit d8e99189d0
2 changed files with 17 additions and 3 deletions

View file

@ -64,15 +64,15 @@ def contain_origin(id, %{"actor" => _actor} = params) do
def contain_origin(id, %{"attributedTo" => actor} = params), def contain_origin(id, %{"attributedTo" => actor} = params),
do: contain_origin(id, Map.put(params, "actor", actor)) do: contain_origin(id, Map.put(params, "actor", actor))
def contain_origin_from_id(_id, %{"id" => nil}), do: :error def contain_origin_from_id(id, %{"id" => other_id} = _params) when is_binary(other_id) do
def contain_origin_from_id(id, %{"id" => other_id} = _params) do
id_uri = URI.parse(id) id_uri = URI.parse(id)
other_uri = URI.parse(other_id) other_uri = URI.parse(other_id)
compare_uris(id_uri, other_uri) compare_uris(id_uri, other_uri)
end end
def contain_origin_from_id(_id, _data), do: :error
def contain_child(%{"object" => %{"id" => id, "attributedTo" => _} = object}), def contain_child(%{"object" => %{"id" => id, "attributedTo" => _} = object}),
do: contain_origin(id, object) do: contain_origin(id, object)

View file

@ -67,6 +67,20 @@ test "users cannot be collided through fake direction spoofing attempts" do
end) =~ end) =~
"[error] Could not decode user at fetch https://n1u.moe/users/rye" "[error] Could not decode user at fetch https://n1u.moe/users/rye"
end end
test "contain_origin_from_id() gracefully handles cases where no ID is present" do
data = %{
"type" => "Create",
"object" => %{
"id" => "http://example.net/~alyssa/activities/1234",
"attributedTo" => "http://example.org/~alyssa"
},
"actor" => "http://example.com/~bob"
}
:error =
Containment.contain_origin_from_id("http://example.net/~alyssa/activities/1234", data)
end
end end
describe "containment of children" do describe "containment of children" do