foxing/akkoma
1
0
Fork 0
forked from AkkomaGang/akkoma
Code Issues Pull requests Projects Releases Packages Wiki Activity

Containment: Add a catch-all clause to contain_origin.

Browse source
This commit is contained in:
lain 2019-11-12 12:07:17 +01:00
parent fb090b748a
commit e835cd97f6
2 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/pleroma/object/containment.ex
View file

@ -64,6 +64,8 @@ def contain_origin(id, %{"actor" => _actor} = params) do
def contain_origin(id, %{"attributedTo" => actor} = params), def contain_origin(id, %{"attributedTo" => actor} = params),
do: contain_origin(id, Map.put(params, "actor", actor)) do: contain_origin(id, Map.put(params, "actor", actor))
def contain_origin(_id, _data), do: :error
def contain_origin_from_id(id, %{"id" => other_id} = _params) when is_binary(other_id) do def contain_origin_from_id(id, %{"id" => other_id} = _params) when is_binary(other_id) do
id_uri = URI.parse(id) id_uri = URI.parse(id)
other_uri = URI.parse(other_id) other_uri = URI.parse(other_id)

10
test/object/containment_test.exs
View file

@ -17,6 +17,16 @@ defmodule Pleroma.Object.ContainmentTest do
end end
describe "general origin containment" do describe "general origin containment" do
test "works for completely actorless posts" do
assert :error ==
Containment.contain_origin("https://glaceon.social/users/monorail", %{
"deleted" => "2019-10-30T05:48:50.249606Z",
"formerType" => "Note",
"id" => "https://glaceon.social/users/monorail/statuses/103049757364029187",
"type" => "Tombstone"
})
end
test "contain_origin_from_id() catches obvious spoofing attempts" do test "contain_origin_from_id() catches obvious spoofing attempts" do
data = %{ data = %{
"id" => "http://example.com/~alyssa/activities/1234.json" "id" => "http://example.com/~alyssa/activities/1234.json"