Chat message creation: Check actor.

This commit is contained in:
lain 2020-04-29 14:53:53 +02:00
parent a88734a0a2
commit 20587aa931
2 changed files with 27 additions and 0 deletions

View file

@ -45,6 +45,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CreateChatMessageValidator do
|> validate_inclusion(:type, ["Create"]) |> validate_inclusion(:type, ["Create"])
|> validate_actor_presence() |> validate_actor_presence()
|> validate_recipients_match(meta) |> validate_recipients_match(meta)
|> validate_actors_match(meta)
|> validate_object_nonexistence() |> validate_object_nonexistence()
end end
@ -59,6 +60,19 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CreateChatMessageValidator do
end) end)
end end
def validate_actors_match(cng, meta) do
object_actor = meta[:object_data]["actor"]
cng
|> validate_change(:actor, fn :actor, actor ->
if actor == object_actor do
[]
else
[{:actor, "Actor doesn't match with object actor"}]
end
end)
end
def validate_recipients_match(cng, meta) do def validate_recipients_match(cng, meta) do
object_recipients = meta[:object_data]["to"] || [] object_recipients = meta[:object_data]["to"] || []

View file

@ -23,6 +23,19 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
assert {:object, {"The object to create already exists", []}} in cng.errors assert {:object, {"The object to create already exists", []}} in cng.errors
end end
test "it is invalid if the object data has a different `to` or `actor` field" do
user = insert(:user)
recipient = insert(:user)
{:ok, object_data, _} = Builder.chat_message(recipient, user.ap_id, "Hey")
{:ok, create_data, _} = Builder.create(user, object_data, [recipient.ap_id])
{:error, cng} = ObjectValidator.validate(create_data, [])
assert {:to, {"Recipients don't match with object recipients", []}} in cng.errors
assert {:actor, {"Actor doesn't match with object actor", []}} in cng.errors
end
end end
describe "chat messages" do describe "chat messages" do