From 4d2c6707c2f5f7723f1fcf03cdbf9476f2d5b3ad Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 19 May 2018 07:03:53 +0000 Subject: [PATCH 1/5] activitypub: normalize the actor to ensure we have its URI --- lib/pleroma/plugs/http_signature.ex | 3 ++- lib/pleroma/web/activity_pub/utils.ex | 16 ++++++++++++++++ lib/pleroma/web/federator/federator.ex | 3 +++ .../web/http_signatures/http_signatures.ex | 6 +++--- 4 files changed, 24 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/plugs/http_signature.ex b/lib/pleroma/plugs/http_signature.ex index efde652f5..2d0e10cad 100644 --- a/lib/pleroma/plugs/http_signature.ex +++ b/lib/pleroma/plugs/http_signature.ex @@ -1,5 +1,6 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do alias Pleroma.Web.HTTPSignatures + alias Pleroma.Web.ActivityPub.Utils import Plug.Conn require Logger @@ -12,7 +13,7 @@ def call(%{assigns: %{valid_signature: true}} = conn, _opts) do end def call(conn, _opts) do - user = conn.params["actor"] + user = Utils.normalize_actor(conn.params["actor"]) Logger.debug("Checking sig for #{user}") [signature | _] = get_req_header(conn, "signature") diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index f98545336..d92db0d5f 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -5,6 +5,22 @@ defmodule Pleroma.Web.ActivityPub.Utils do alias Ecto.{Changeset, UUID} import Ecto.Query + # Some implementations send the actor URI as the actor field, others send the entire actor object, + # so figure out what the actor's URI is based on what we have. + def normalize_actor(actor) do + cond do + is_binary(actor) -> + actor + + is_map(actor) -> + actor["id"] + end + end + + def normalize_params(params) do + Map.put(params, "actor", normalize_actor(params["actor"])) + end + def make_json_ld_header do %{ "@context" => [ diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index f84af2f15..8ca530031 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.Federator do alias Pleroma.Web.{WebFinger, Websub} alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.Transmogrifier + alias Pleroma.Web.ActivityPub.Utils require Logger @websub Application.get_env(:pleroma, :websub) @@ -91,6 +92,8 @@ def handle(:incoming_doc, doc) do def handle(:incoming_ap_doc, params) do Logger.info("Handling incoming AP activity") + params = Utils.normalize_params(params) + with {:ok, _user} <- ap_enabled_actor(params["actor"]), nil <- Activity.get_by_ap_id(params["id"]), {:ok, _activity} <- Transmogrifier.handle_incoming(params) do diff --git a/lib/pleroma/web/http_signatures/http_signatures.ex b/lib/pleroma/web/http_signatures/http_signatures.ex index 9035f5eb6..dd3f825db 100644 --- a/lib/pleroma/web/http_signatures/http_signatures.ex +++ b/lib/pleroma/web/http_signatures/http_signatures.ex @@ -1,7 +1,7 @@ # https://tools.ietf.org/html/draft-cavage-http-signatures-08 defmodule Pleroma.Web.HTTPSignatures do alias Pleroma.User - alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Web.ActivityPub.Utils require Logger def split_signature(sig) do @@ -31,14 +31,14 @@ def validate(headers, signature, public_key) do def validate_conn(conn) do # TODO: How to get the right key and see if it is actually valid for that request. # For now, fetch the key for the actor. - with actor_id <- conn.params["actor"], + with actor_id <- Utils.normalize_actor(conn.params["actor"]), {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do if validate_conn(conn, public_key) do true else Logger.debug("Could not validate, re-fetching user and trying one more time") # Fetch user anew and try one more time - with actor_id <- conn.params["actor"], + with actor_id <- Utils.normalize_actor(conn.params["actor"]), {:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id), {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do validate_conn(conn, public_key) From 2051530868720a23715cbb0d1a1286a6ae1a6507 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 19 May 2018 07:30:02 +0000 Subject: [PATCH 2/5] activitypub transmogrifier: handle hubzilla AP actor quirks --- lib/pleroma/web/activity_pub/activity_pub.ex | 2 ++ lib/pleroma/web/activity_pub/transmogrifier.ex | 13 +++++++++++++ 2 files changed, 15 insertions(+) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 491ad3705..3e1977f96 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -401,6 +401,8 @@ def user_data_from_user_object(data) do "url" => [%{"href" => data["image"]["url"]}] } + data = Transmogrifier.maybe_fix_user_object(data) + user_data = %{ ap_id: data["id"], info: %{ diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 463d1e59d..c10d27dcd 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -495,4 +495,17 @@ def maybe_retire_websub(ap_id) do Repo.delete_all(q) end end + + def maybe_fix_user_url(data) do + if is_map(data["url"]) do + data = Map.put(data, "url", data["url"]["href"]) + end + + data + end + + def maybe_fix_user_object(data) do + data + |> maybe_fix_user_url + end end From 19c96c8a19aece5419bc0be5ea3e2945887828b7 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 19 May 2018 08:06:23 +0000 Subject: [PATCH 3/5] tests: add tests for Transmogrifier.maybe_fix_user_object() --- test/web/activity_pub/transmogrifier_test.exs | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index a3408da9d..b02d80cce 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -420,4 +420,15 @@ test "it deletes all websub client subscripitions with the user as topic" do assert Repo.get(WebsubClientSubscription, ws2.id) end end + + describe "actor rewriting" do + test "it fixes the actor URL property to be a proper URI" do + data = %{ + "url" => %{"href" => "http://example.com"} + } + + rewritten = Transmogrifier.maybe_fix_user_object(data) + assert rewritten["url"] == "http://example.com" + end + end end From 4033ed671443bbb4111b45473696dc8a23fe9873 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 19 May 2018 08:25:45 +0000 Subject: [PATCH 4/5] tests: add test for hubzilla follow activity too --- .../kaniini@hubzilla.example.org.json | 1 + test/fixtures/hubzilla-follow-activity.json | 31 +++++++++++++++++++ test/support/httpoison_mock.ex | 8 +++++ test/web/activity_pub/transmogrifier_test.exs | 18 +++++++++++ 4 files changed, 58 insertions(+) create mode 100644 test/fixtures/httpoison_mock/kaniini@hubzilla.example.org.json create mode 100644 test/fixtures/hubzilla-follow-activity.json diff --git a/test/fixtures/httpoison_mock/kaniini@hubzilla.example.org.json b/test/fixtures/httpoison_mock/kaniini@hubzilla.example.org.json new file mode 100644 index 000000000..11c79e11e --- /dev/null +++ b/test/fixtures/httpoison_mock/kaniini@hubzilla.example.org.json @@ -0,0 +1 @@ +{"@context":["https://www.w3.org/ns/activitystreams","https://w3id.org/security/v1","https://hubzilla.example.org/apschema/v1.2"],"type":"Person","id":"https://hubzilla.example.org/channel/kaniini","preferredUsername":"kaniini","name":"kaniini","icon":{"type":"Image","mediaType":"image/jpeg","url":"https://hubzilla.example.org/photo/profile/l/281","height":300,"width":300},"url":{"type":"Link","mediaType":"text/html","href":"https://hubzilla.example.org/channel/kaniini"},"inbox":"https://hubzilla.example.org/inbox/kaniini","outbox":"https://hubzilla.example.org/outbox/kaniini","followers":"https://hubzilla.example.org/followers/kaniini","following":"https://hubzilla.example.org/following/kaniini","endpoints":{"sharedInbox":"https://hubzilla.example.org/inbox"},"publicKey":{"id":"https://hubzilla.example.org/channel/kaniini/public_key_pem","owner":"https://hubzilla.example.org/channel/kaniini","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXCDkQPw+1N8B2CUd5s2\nbYvjHt+t7soMNfUiRy0qGbgW46S45k5lCq1KpbFIX3sgGZ4OWjnXVbvjCJi4kl5M\nfm5DBXzpuu05AmjVl8hqk4GejajiE/1Nq0uWHPiOSFWispUjCzzCu65V+IsiE5JU\nvcL6WEf/pYNRq7gYqyT693F7+cO5/rVv9OScx5UOxbIuU1VXYhdHCqAMDJWadC89\nhePrcD3HOQKl06W2tDxHcWk6QjrdsUQGbNOgK/QIN9gSxA+rCFEvH5O0HAhI0aXq\ncOB+vysJUFLeQOAqmAKvKS5V6RqE1GqqT0pDWHack4EmQi0gkgVzo+45xoP6wfDl\nWwG88w21LNxGvGHuN4I8mg6cEoApqKQBSOj086UtfDfSlPC1B+PRD2phE5etucHd\nF/RIWN3SxVzU9BKIiaDm2gwOpvI8QuorQb6HDtZFO5NsSN3PnMnSywPe7kXl/469\nuQRYXrseqyOVIi6WjhvXkyWVKVE5CBz+S8wXHfKph+9YOyUcJeAVMijp9wrjBlMc\noSzOGu79oM7tpMSq/Xo6ePJ/glNOwZR+OKrg92Qp9BGTKDNwGrxuxP/9KwWtGLNf\nOMTtIkxtC3ubhxL3lBxOd7l+Bmum0UJV2f8ogkCgvTpIz05jMoyU8qWl6kkWNQlY\nDropXWaOfy7Lac+G4qlfSgsCAwEAAQ==\n-----END PUBLIC KEY-----\n"},"nomadicLocations":[{"id":"https://hubzilla.example.org/locs/kaniini","type":"nomadicLocation","locationAddress":"acct:kaniini@hubzilla.example.org","locationPrimary":true,"locationDeleted":false}],"signature":{"@context":["https://www.w3.org/ns/activitystreams","https://w3id.org/security/v1"],"type":"RsaSignature2017","nonce":"6b981a2f3bdcffc20252e3b131d4a4569fd2dea9fac543e5196136302f492694","creator":"https://hubzilla.example.org/channel/kaniini/public_key_pem","created":"2018-05-19T08:19:13Z","signatureValue":"ezpT4iCIUzJSeJa/Jsf4EkgbX9enWZG/0eliLXZcvkeCX9mZabaX9LMQRViP2GSlAJBHJu+UqK5LWaoWw9pYkQQHUL+43w2DeBxQicEcPqpT46j6pHuWptfwB8YHTC2/Pb56Y/jseU37j+FW8xVmcGZk4cPqJRLQNojwJlQiFOpBEd4Cel6081W12Pep578+6xBL+h92RJsWznA1gE/NV9dkCqoAoNdiORJg68sVTm0yYxPit2D/DLwXUFeBhC47EZtY3DtAOf7rADGwbquXKug/wtEI47R4p9dJvMWERSVW9O2FmDk8deUjRR3qO1iYGce8O+uMnnBHmuTcToRUHH7mxfMdqjfbcZ9DGBjKtLPSOyVPT9rENeyX8fsksmX0XhfHsNSWkmeDaU5/Au3IY75gDewiGzmzLOpRc6GUnHHro7lMpyMuo3lLZKjNVsFZbx+sXCYwORz5GAMuwIt/iCUdrsQsF5aycqfUAZrFBPguH6DVjbMUqyLvS78sDKiWqgWVhq9VDKse+WuQaJLGBDJNF9APoA6NDMjjIBZfmkGf2mV7ubIYihoOncUjahFqxU5306cNxAcdj2uNcwkgX4BCnBe/L2YsvMHhZrupzDewWWy4fxhktyoZ7VhLSl1I7fMPytjOpb9EIvng4DHGX2t+hKfon2rCGfECPavwiTM="}} diff --git a/test/fixtures/hubzilla-follow-activity.json b/test/fixtures/hubzilla-follow-activity.json new file mode 100644 index 000000000..2fcc70029 --- /dev/null +++ b/test/fixtures/hubzilla-follow-activity.json @@ -0,0 +1,31 @@ +{ + "type": "Follow", + "signature": { + "type": "RsaSignature2017", + "signatureValue": "Kn1/UkAQGJVaXBfWLAHcnwHg8YMAUqlEaBuYLazAG+pz5hqivsyrBmPV186Xzr+B4ZLExA9+SnOoNx/GOz4hBm0kAmukNSILAsUd84tcJ2yT9zc1RKtembK4WiwOw7li0+maeDN0HaB6t+6eTqsCWmtiZpprhXD8V1GGT8yG7X24fQ9oFGn+ng7lasbcCC0988Y1eGqNe7KryxcPuQz57YkDapvtONzk8gyLTkZMV4De93MyRHq6GVjQVIgtiYabQAxrX6Q8C+4P/jQoqdWJHEe+MY5JKyNaT/hMPt2Md1ok9fZQBGHlErk22/zy8bSN19GdG09HmIysBUHRYpBLig==", + "creator": "https://hubzilla.example.org/channel/kaniini#main-key", + "created": "2018-02-17T13:29:31Z" + }, + "object": "https://localtesting.pleroma.lol/users/lain", + "nickname": "lain", + "id": "https://hubzilla.example.org/channel/kaniini#follows/2", + "actor": { + "id": "https://hubzilla.example.org/channel/kaniini" + }, + "@context": [ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1", + { + "toot": "http://joinmastodon.org/ns#", + "sensitive": "as:sensitive", + "ostatus": "http://ostatus.org#", + "movedTo": "as:movedTo", + "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", + "inReplyToAtomUri": "ostatus:inReplyToAtomUri", + "conversation": "ostatus:conversation", + "atomUri": "ostatus:atomUri", + "Hashtag": "as:Hashtag", + "Emoji": "toot:Emoji" + } + ] +} diff --git a/test/support/httpoison_mock.ex b/test/support/httpoison_mock.ex index 4a5a9ea85..ad5171492 100644 --- a/test/support/httpoison_mock.ex +++ b/test/support/httpoison_mock.ex @@ -628,6 +628,14 @@ def get("http://mastodon.example.org/users/admin", [Accept: "application/activit }} end + def get("https://hubzilla.example.org/channel/kaniini", [Accept: "application/activity+json"], _) do + {:ok, + %Response{ + status_code: 200, + body: File.read!("test/fixtures/httpoison_mock/kaniini@hubzilla.example.org.json") + }} + end + def get("https://masto.quad.moe/users/_HellPie", [Accept: "application/activity+json"], _) do {:ok, %Response{ diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index b02d80cce..d8579ecfe 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -1,6 +1,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do use Pleroma.DataCase alias Pleroma.Web.ActivityPub.Transmogrifier + alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.OStatus alias Pleroma.Activity alias Pleroma.User @@ -118,6 +119,23 @@ test "it works for incoming follow requests" do assert User.following?(User.get_by_ap_id(data["actor"]), user) end + test "it works for incoming follow requests from hubzilla" do + user = insert(:user) + + data = + File.read!("test/fixtures/hubzilla-follow-activity.json") + |> Poison.decode!() + |> Map.put("object", user.ap_id) + |> Utils.normalize_params() + + {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + + assert data["actor"] == "https://hubzilla.example.org/channel/kaniini" + assert data["type"] == "Follow" + assert data["id"] == "https://hubzilla.example.org/channel/kaniini#follows/2" + assert User.following?(User.get_by_ap_id(data["actor"]), user) + end + test "it works for incoming likes" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "hello"}) From 6e8de2faae46f3dcaf6881ab40664da0057551e4 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 19 May 2018 08:37:04 +0000 Subject: [PATCH 5/5] run mix format --- lib/pleroma/user.ex | 24 ++++++++++++++---------- test/support/httpoison_mock.ex | 6 +++++- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 399a66787..6a8129ac8 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -404,18 +404,22 @@ def search(query, resolve) do from( u in User, select_merge: %{ - search_distance: fragment( - "? <-> (? || ?)", - ^query, - u.nickname, - u.name - )} + search_distance: + fragment( + "? <-> (? || ?)", + ^query, + u.nickname, + u.name + ) + } ) - q = from(s in subquery(inner), - order_by: s.search_distance, - limit: 20 - ) + q = + from( + s in subquery(inner), + order_by: s.search_distance, + limit: 20 + ) Repo.all(q) end diff --git a/test/support/httpoison_mock.ex b/test/support/httpoison_mock.ex index ad5171492..6bbae70e1 100644 --- a/test/support/httpoison_mock.ex +++ b/test/support/httpoison_mock.ex @@ -628,7 +628,11 @@ def get("http://mastodon.example.org/users/admin", [Accept: "application/activit }} end - def get("https://hubzilla.example.org/channel/kaniini", [Accept: "application/activity+json"], _) do + def get( + "https://hubzilla.example.org/channel/kaniini", + [Accept: "application/activity+json"], + _ + ) do {:ok, %Response{ status_code: 200,