From bd1e2e3a58ebd702306e7a6e2df985ac07e5f7d8 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Fri, 17 Jul 2020 19:11:28 -0500 Subject: [PATCH] Validate alias IDs --- CHANGELOG.md | 1 + lib/pleroma/user.ex | 13 +++++++++++++ test/user_test.exs | 7 +++++++ 3 files changed, 21 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a02f28241..ef3235804 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -63,6 +63,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Support pagination in emoji packs API (for packs and for files in pack) - Support for viewing instances favicons next to posts and accounts - Added Pleroma.Upload.Filter.Exiftool as an alternate EXIF stripping mechanism targeting GPS/location metadata. +- Ability to set ActivityPub aliases for follower migration.
API Changes diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 9b756c9a0..66664235b 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -47,6 +47,8 @@ defmodule Pleroma.User do # credo:disable-for-next-line Credo.Check.Readability.MaxLineLength @email_regex ~r/^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/ + # credo:disable-for-next-line Credo.Check.Readability.MaxLineLength + @url_regex ~r/https?:\/\/[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&\/=]*)/ @strict_local_nickname_regex ~r/^[a-zA-Z\d]+$/ @extended_local_nickname_regex ~r/^[a-zA-Z\d_-]+$/ @@ -2278,6 +2280,7 @@ def add_aliases(%User{} = user, aliases) when is_list(aliases) do user |> change(%{ap_aliases: alias_set}) + |> validate_ap_aliases() |> Repo.update() end @@ -2290,6 +2293,16 @@ def delete_aliases(%User{} = user, aliases) when is_list(aliases) do user |> change(%{ap_aliases: alias_set}) + |> validate_ap_aliases() |> Repo.update() end + + defp validate_ap_aliases(changeset) do + validate_change(changeset, :ap_aliases, fn :ap_aliases, ap_aliases -> + case Enum.all?(ap_aliases, fn a -> Regex.match?(@url_regex, a) end) do + true -> [] + false -> [ap_aliases: "Invalid ap_id format. Must be a URL."] + end + end) + end end diff --git a/test/user_test.exs b/test/user_test.exs index db6e4872e..29855b9cd 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -1876,6 +1876,13 @@ test "add_aliases/2" do ] end + test "add_aliases/2 with invalid alias" do + user = insert(:user) + {:error, _} = User.add_aliases(user, ["invalid_alias"]) + {:error, _} = User.add_aliases(user, ["http://still_invalid"]) + {:error, _} = User.add_aliases(user, ["http://validalias.com/users/dude", "invalid_alias"]) + end + test "delete_aliases/2" do user = insert(:user,