Merge branch 'mrf/simple_policy/check_actor' into 'develop'

mrf/simple_policy: check actor against accept/reject

See merge request pleroma/pleroma!1806

CHANGELOG.md

@@ -24,6 +24,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Admin API: Return `total` when querying for reports
 - Mastodon API: Return `pleroma.direct_conversation_id` when creating a direct message (`POST /api/v1/statuses`)
 - Admin API: Return link alongside with token on password reset
+- MRF (Simple Policy): Also use `:accept`/`:reject` on the actors rather than only their activities
 
 ### Fixed
 - Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`)

lib/pleroma/web/activity_pub/mrf/simple_policy.ex

@@ -168,7 +168,9 @@ def filter(%{"id" => actor, "type" => obj_type} = object)
       when obj_type in ["Application", "Group", "Organization", "Person", "Service"] do
     actor_info = URI.parse(actor)
 
-    with {:ok, object} <- check_avatar_removal(actor_info, object),
+    with {:ok, object} <- check_accept(actor_info, object),
+         {:ok, object} <- check_reject(actor_info, object),
+         {:ok, object} <- check_avatar_removal(actor_info, object),
          {:ok, object} <- check_banner_removal(actor_info, object) do
       {:ok, object}
     else

test/web/activity_pub/mrf/simple_policy_test.exs

@@ -236,7 +236,7 @@ test "is empty" do
       assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
     end
 
-    test "has a matching host" do
+    test "activity has a matching host" do
       Config.put([:mrf_simple, :reject], ["remote.instance"])
 
       remote_message = build_remote_message()
@@ -244,13 +244,21 @@ test "has a matching host" do
       assert SimplePolicy.filter(remote_message) == {:reject, nil}
     end
 
-    test "match with wildcard domain" do
+    test "activity matches with wildcard domain" do
       Config.put([:mrf_simple, :reject], ["*.remote.instance"])
 
       remote_message = build_remote_message()
 
       assert SimplePolicy.filter(remote_message) == {:reject, nil}
     end
+
+    test "actor has a matching host" do
+      Config.put([:mrf_simple, :reject], ["remote.instance"])
+
+      remote_user = build_remote_user()
+
+      assert SimplePolicy.filter(remote_user) == {:reject, nil}
+    end
   end
 
   describe "when :accept" do
@@ -264,7 +272,7 @@ test "is empty" do
       assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
     end
 
-    test "is not empty but it doesn't have a matching host" do
+    test "is not empty but activity doesn't have a matching host" do
       Config.put([:mrf_simple, :accept], ["non.matching.remote"])
 
       local_message = build_local_message()
@@ -274,7 +282,7 @@ test "is not empty but it doesn't have a matching host" do
       assert SimplePolicy.filter(remote_message) == {:reject, nil}
     end
 
-    test "has a matching host" do
+    test "activity has a matching host" do
       Config.put([:mrf_simple, :accept], ["remote.instance"])
 
       local_message = build_local_message()
@@ -284,7 +292,7 @@ test "has a matching host" do
       assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
     end
 
-    test "match with wildcard domain" do
+    test "activity matches with wildcard domain" do
       Config.put([:mrf_simple, :accept], ["*.remote.instance"])
 
       local_message = build_local_message()
@@ -293,6 +301,14 @@ test "match with wildcard domain" do
       assert SimplePolicy.filter(local_message) == {:ok, local_message}
       assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
     end
+
+    test "actor has a matching host" do
+      Config.put([:mrf_simple, :accept], ["remote.instance"])
+
+      remote_user = build_remote_user()
+
+      assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
+    end
   end
 
   describe "when :avatar_removal" do