Merge branch 'fix/apc2s-limits' into 'develop'

AP C2S: Restrict character limit on Note

Closes #2

See merge request pleroma/secteam/pleroma!9
This commit is contained in:
rinpatch 2020-09-07 16:38:16 +00:00
parent 73dd5bdb7d
commit 718c7cc847
2 changed files with 38 additions and 13 deletions

View file

@ -399,10 +399,18 @@ def read_inbox(%{assigns: %{user: %User{nickname: as_nickname}}} = conn, %{
defp handle_user_activity( defp handle_user_activity(
%User{} = user, %User{} = user,
%{"type" => "Create", "object" => %{"type" => "Note"}} = params %{"type" => "Create", "object" => %{"type" => "Note"} = object} = params
) do ) do
content = if is_binary(object["content"]), do: object["content"], else: ""
name = if is_binary(object["name"]), do: object["name"], else: ""
summary = if is_binary(object["summary"]), do: object["summary"], else: ""
length = String.length(content <> name <> summary)
if length > Pleroma.Config.get([:instance, :limit]) do
{:error, dgettext("errors", "Note is over the character limit")}
else
object = object =
params["object"] object
|> Map.merge(Map.take(params, ["to", "cc"])) |> Map.merge(Map.take(params, ["to", "cc"]))
|> Map.put("attributedTo", user.ap_id()) |> Map.put("attributedTo", user.ap_id())
|> Transmogrifier.fix_object() |> Transmogrifier.fix_object()
@ -415,6 +423,7 @@ defp handle_user_activity(
additional: Map.take(params, ["cc"]) additional: Map.take(params, ["cc"])
}) })
end end
end
defp handle_user_activity(%User{} = user, %{"type" => "Delete"} = params) do defp handle_user_activity(%User{} = user, %{"type" => "Delete"} = params) do
with %Object{} = object <- Object.normalize(params["object"]), with %Object{} = object <- Object.normalize(params["object"]),

View file

@ -905,6 +905,8 @@ test "it requires authentication if instance is NOT federating", %{
end end
describe "POST /users/:nickname/outbox (C2S)" do describe "POST /users/:nickname/outbox (C2S)" do
setup do: clear_config([:instance, :limit])
setup do setup do
[ [
activity: %{ activity: %{
@ -1121,6 +1123,20 @@ test "it doesn't spreads faulty attributedTo or actor fields", %{
assert cirno_object.data["actor"] == cirno.ap_id assert cirno_object.data["actor"] == cirno.ap_id
assert cirno_object.data["attributedTo"] == cirno.ap_id assert cirno_object.data["attributedTo"] == cirno.ap_id
end end
test "Character limitation", %{conn: conn, activity: activity} do
Pleroma.Config.put([:instance, :limit], 5)
user = insert(:user)
result =
conn
|> assign(:user, user)
|> put_req_header("content-type", "application/activity+json")
|> post("/users/#{user.nickname}/outbox", activity)
|> json_response(400)
assert result == "Note is over the character limit"
end
end end
describe "/relay/followers" do describe "/relay/followers" do