Merge branch 'mrf/simple_policy/check_actor' into 'develop'

mrf/simple_policy: check actor against accept/reject

See merge request 
This commit is contained in:
kaniini 2019-10-07 10:19:24 +00:00
commit 93bdc55306
3 changed files with 25 additions and 6 deletions
CHANGELOG.md
lib/pleroma/web/activity_pub/mrf
test/web/activity_pub/mrf

View file

@ -24,6 +24,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Admin API: Return `total` when querying for reports - Admin API: Return `total` when querying for reports
- Mastodon API: Return `pleroma.direct_conversation_id` when creating a direct message (`POST /api/v1/statuses`) - Mastodon API: Return `pleroma.direct_conversation_id` when creating a direct message (`POST /api/v1/statuses`)
- Admin API: Return link alongside with token on password reset - Admin API: Return link alongside with token on password reset
- MRF (Simple Policy): Also use `:accept`/`:reject` on the actors rather than only their activities
### Fixed ### Fixed
- Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`) - Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`)

View file

@ -168,7 +168,9 @@ def filter(%{"id" => actor, "type" => obj_type} = object)
when obj_type in ["Application", "Group", "Organization", "Person", "Service"] do when obj_type in ["Application", "Group", "Organization", "Person", "Service"] do
actor_info = URI.parse(actor) actor_info = URI.parse(actor)
with {:ok, object} <- check_avatar_removal(actor_info, object), with {:ok, object} <- check_accept(actor_info, object),
{:ok, object} <- check_reject(actor_info, object),
{:ok, object} <- check_avatar_removal(actor_info, object),
{:ok, object} <- check_banner_removal(actor_info, object) do {:ok, object} <- check_banner_removal(actor_info, object) do
{:ok, object} {:ok, object}
else else

View file

@ -236,7 +236,7 @@ test "is empty" do
assert SimplePolicy.filter(remote_message) == {:ok, remote_message} assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
end end
test "has a matching host" do test "activity has a matching host" do
Config.put([:mrf_simple, :reject], ["remote.instance"]) Config.put([:mrf_simple, :reject], ["remote.instance"])
remote_message = build_remote_message() remote_message = build_remote_message()
@ -244,13 +244,21 @@ test "has a matching host" do
assert SimplePolicy.filter(remote_message) == {:reject, nil} assert SimplePolicy.filter(remote_message) == {:reject, nil}
end end
test "match with wildcard domain" do test "activity matches with wildcard domain" do
Config.put([:mrf_simple, :reject], ["*.remote.instance"]) Config.put([:mrf_simple, :reject], ["*.remote.instance"])
remote_message = build_remote_message() remote_message = build_remote_message()
assert SimplePolicy.filter(remote_message) == {:reject, nil} assert SimplePolicy.filter(remote_message) == {:reject, nil}
end end
test "actor has a matching host" do
Config.put([:mrf_simple, :reject], ["remote.instance"])
remote_user = build_remote_user()
assert SimplePolicy.filter(remote_user) == {:reject, nil}
end
end end
describe "when :accept" do describe "when :accept" do
@ -264,7 +272,7 @@ test "is empty" do
assert SimplePolicy.filter(remote_message) == {:ok, remote_message} assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
end end
test "is not empty but it doesn't have a matching host" do test "is not empty but activity doesn't have a matching host" do
Config.put([:mrf_simple, :accept], ["non.matching.remote"]) Config.put([:mrf_simple, :accept], ["non.matching.remote"])
local_message = build_local_message() local_message = build_local_message()
@ -274,7 +282,7 @@ test "is not empty but it doesn't have a matching host" do
assert SimplePolicy.filter(remote_message) == {:reject, nil} assert SimplePolicy.filter(remote_message) == {:reject, nil}
end end
test "has a matching host" do test "activity has a matching host" do
Config.put([:mrf_simple, :accept], ["remote.instance"]) Config.put([:mrf_simple, :accept], ["remote.instance"])
local_message = build_local_message() local_message = build_local_message()
@ -284,7 +292,7 @@ test "has a matching host" do
assert SimplePolicy.filter(remote_message) == {:ok, remote_message} assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
end end
test "match with wildcard domain" do test "activity matches with wildcard domain" do
Config.put([:mrf_simple, :accept], ["*.remote.instance"]) Config.put([:mrf_simple, :accept], ["*.remote.instance"])
local_message = build_local_message() local_message = build_local_message()
@ -293,6 +301,14 @@ test "match with wildcard domain" do
assert SimplePolicy.filter(local_message) == {:ok, local_message} assert SimplePolicy.filter(local_message) == {:ok, local_message}
assert SimplePolicy.filter(remote_message) == {:ok, remote_message} assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
end end
test "actor has a matching host" do
Config.put([:mrf_simple, :accept], ["remote.instance"])
remote_user = build_remote_user()
assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
end
end end
describe "when :avatar_removal" do describe "when :avatar_removal" do