From 8d06be35e0f1cb5caa2b638330c8bb03ad08a127 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 17 Nov 2018 15:51:02 +0000 Subject: [PATCH 01/11] activitypub: utils: add determine_explicit_mentions() and tests --- lib/pleroma/web/activity_pub/utils.ex | 14 +++++++ test/web/activity_pub/utils_test.exs | 57 +++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 test/web/activity_pub/utils_test.exs diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index d2e457a68..d516818d9 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -25,6 +25,20 @@ def normalize_params(params) do Map.put(params, "actor", get_ap_id(params["actor"])) end + def determine_explicit_mentions(%{"tag" => tag} = _object) when is_list(tag) do + tag + |> Enum.filter(fn x -> is_map(x) end) + |> Enum.filter(fn x -> x["type"] == "Mention" end) + |> Enum.map(fn x -> x["href"] end) + end + + def determine_explicit_mentions(%{"tag" => tag} = object) when is_map(tag) do + Map.put(object, "tag", [tag]) + |> determine_explicit_mentions() + end + + def determine_explicit_mentions(_), do: [] + defp recipient_in_collection(ap_id, coll) when is_binary(coll), do: ap_id == coll defp recipient_in_collection(ap_id, coll) when is_list(coll), do: ap_id in coll defp recipient_in_collection(_, _), do: false diff --git a/test/web/activity_pub/utils_test.exs b/test/web/activity_pub/utils_test.exs new file mode 100644 index 000000000..aeed0564c --- /dev/null +++ b/test/web/activity_pub/utils_test.exs @@ -0,0 +1,57 @@ +defmodule Pleroma.Web.ActivityPub.UtilsTest do + use Pleroma.DataCase + alias Pleroma.Web.ActivityPub.Utils + + describe "determine_explicit_mentions()" do + test "works with an object that has mentions" do + object = %{ + "tag" => [ + %{ + "type" => "Mention", + "href" => "https://example.com/~alyssa", + "name" => "Alyssa P. Hacker" + } + ] + } + + assert Utils.determine_explicit_mentions(object) == ["https://example.com/~alyssa"] + end + + test "works with an object that does not have mentions" do + object = %{ + "tag" => [ + %{"type" => "Hashtag", "href" => "https://example.com/tag/2hu", "name" => "2hu"} + ] + } + + assert Utils.determine_explicit_mentions(object) == [] + end + + test "works with an object that has mentions and other tags" do + object = %{ + "tag" => [ + %{ + "type" => "Mention", + "href" => "https://example.com/~alyssa", + "name" => "Alyssa P. Hacker" + }, + %{"type" => "Hashtag", "href" => "https://example.com/tag/2hu", "name" => "2hu"} + ] + } + + assert Utils.determine_explicit_mentions(object) == ["https://example.com/~alyssa"] + end + + test "works with an object that has no tags" do + object = %{} + + assert Utils.determine_explicit_mentions(object) == [] + end + + test "works with an object that has only IR tags" do + object = %{"tag" => ["2hu"]} + + assert Utils.determine_explicit_mentions(object) == [] + end + end +end From 681f40ee5c4de644c79f71bb6671c4c63b18e68a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 17 Nov 2018 16:05:41 +0000 Subject: [PATCH 02/11] activitypub: transmogrifier: fix up to/cc addressing brain damage caused by mastodon-style explicit DMs --- .../web/activity_pub/transmogrifier.ex | 42 ++++++++++++++++--- 1 file changed, 36 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index fa3abe3d8..e9a801cf5 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -93,12 +93,42 @@ def fix_addressing_list(map, field) do end end - def fix_addressing(map) do - map - |> fix_addressing_list("to") - |> fix_addressing_list("cc") - |> fix_addressing_list("bto") - |> fix_addressing_list("bcc") + def fix_explicit_addressing(%{"to" => to, "cc" => cc} = object, explicit_mentions) do + explicit_to = + to + |> Enum.filter(fn x -> x in explicit_mentions end) + + explicit_cc = + to + |> Enum.filter(fn x -> x not in explicit_mentions end) + + final_cc = + (cc ++ explicit_cc) + |> Enum.uniq() + + object + |> Map.put("to", explicit_to) + |> Map.put("cc", final_cc) + end + + def fix_explicit_addressing(object, _explicit_mentions), do: object + + def fix_addressing(object) do + object = + object + |> fix_addressing_list("to") + |> fix_addressing_list("cc") + |> fix_addressing_list("bto") + |> fix_addressing_list("bcc") + + explicit_mentions = + object + |> Utils.determine_explicit_mentions() + + explicit_mentions = explicit_mentions ++ ["https://www.w3.org/ns/activitystreams#Public"] + + object + |> fix_explicit_addressing(explicit_mentions) end def fix_actor(%{"attributedTo" => actor} = object) do From 21ac35fcc0a531914cc3f84ace89f6cf029cfa6c Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 17 Nov 2018 16:18:40 +0000 Subject: [PATCH 03/11] tests: add tests for DM sanitizer --- test/web/activity_pub/transmogrifier_test.exs | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index 6107ac4f7..5aa136e65 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -162,6 +162,36 @@ test "it works for incoming notices with url not being a string (prismo)" do assert data["object"]["url"] == "https://prismo.news/posts/83" end + test "it cleans up incoming notices which are not really DMs" do + user = insert(:user) + other_user = insert(:user) + + to = [user.ap_id, other_user.ap_id] + + data = + File.read!("test/fixtures/mastodon-post-activity.json") + |> Poison.decode!() + |> Map.put("to", to) + |> Map.put("cc", []) + + object = + data["object"] + |> Map.put("to", to) + |> Map.put("cc", []) + + data = Map.put(data, "object", object) + + {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + + assert data["to"] == [] + assert data["cc"] == to + + object = data["object"] + + assert object["to"] == [] + assert object["cc"] == to + end + test "it works for incoming follow requests" do user = insert(:user) From 75dfa1f0b07806908b11735afab3ba0dd3149659 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 17 Nov 2018 16:30:44 +0000 Subject: [PATCH 04/11] mastodon api: get_visibility(): DMs never have a cc list. --- lib/pleroma/web/mastodon_api/views/status_view.ex | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 7f5a52ea3..feabf54c6 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -231,6 +231,9 @@ def get_visibility(object) do Enum.any?(to, &String.contains?(&1, "/followers")) -> "private" + length(cc) > 0 -> + "private" + true -> "direct" end From 75bb6637495ab02233815c04948b3d8b50c31674 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 23 Dec 2018 15:13:06 +0000 Subject: [PATCH 05/11] litepub schema: add litepub:directMessage flag --- priv/static/schemas/litepub-0.1.jsonld | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/priv/static/schemas/litepub-0.1.jsonld b/priv/static/schemas/litepub-0.1.jsonld index 819d25c38..15645646a 100644 --- a/priv/static/schemas/litepub-0.1.jsonld +++ b/priv/static/schemas/litepub-0.1.jsonld @@ -17,7 +17,9 @@ "toot": "http://joinmastodon.org/ns#", "totalItems": "as:totalItems", "value": "schema:value", - "sensitive": "as:sensitive" + "sensitive": "as:sensitive", + "litepub": "http://litepub.social/ns#", + "directMessage": "litepub:directMessage" } ] } From 9adc80afff5ea42e1773c6ada5e078ec6c1cadc8 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 23 Dec 2018 15:26:07 +0000 Subject: [PATCH 06/11] common api: set directMessage flag on our own posts --- lib/pleroma/web/common_api/common_api.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 504670439..7084da6de 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -143,7 +143,7 @@ def post(user, %{"status" => status} = data) do actor: user, context: context, object: object, - additional: %{"cc" => cc} + additional: %{"cc" => cc, "directMessage" => visibility == "direct"} }) res From ddae43eb43c5c63eeb0e93e60917b99b3ffb41d0 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 23 Dec 2018 15:27:08 +0000 Subject: [PATCH 07/11] activitypub: add is_private?/is_direct? helpers --- lib/pleroma/web/activity_pub/activity_pub.ex | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 130c06028..1fedfa854 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -805,6 +805,14 @@ def is_public?(data) do "https://www.w3.org/ns/activitystreams#Public" in (data["to"] ++ (data["cc"] || [])) end + def is_private?(activity) do + !is_public?(activity) && Enum.any?(activity.data["to"], &String.contains?(&1, "/followers")) + end + + def is_direct?(activity) do + !is_public?(activity) && !is_private?(activity) + end + def visible_for_user?(activity, nil) do is_public?(activity) end From 420651157becb8fac62e651d14376b6334316121 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 23 Dec 2018 15:35:49 +0000 Subject: [PATCH 08/11] transmogrifier: don't apply heuristics against messages which have `directMessage` set true --- .../web/activity_pub/transmogrifier.ex | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index e9a801cf5..5400aa657 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -113,14 +113,10 @@ def fix_explicit_addressing(%{"to" => to, "cc" => cc} = object, explicit_mention def fix_explicit_addressing(object, _explicit_mentions), do: object - def fix_addressing(object) do - object = - object - |> fix_addressing_list("to") - |> fix_addressing_list("cc") - |> fix_addressing_list("bto") - |> fix_addressing_list("bcc") + # if directMessage flag is set to true, leave the addressing alone + def fix_explicit_addressing(%{"directMessage" => true} = object), do: object + def fix_explicit_addressing(object) do explicit_mentions = object |> Utils.determine_explicit_mentions() @@ -131,6 +127,14 @@ def fix_addressing(object) do |> fix_explicit_addressing(explicit_mentions) end + def fix_addressing(object) do + object + |> fix_addressing_list("to") + |> fix_addressing_list("cc") + |> fix_addressing_list("bto") + |> fix_addressing_list("bcc") + end + def fix_actor(%{"attributedTo" => actor} = object) do object |> Map.put("actor", get_actor(%{"actor" => actor})) @@ -363,6 +367,7 @@ def handle_incoming(%{"type" => "Create", "object" => %{"type" => objtype} = obj data = Map.put(data, "actor", actor) |> fix_addressing + |> fix_explicit_addressing with nil <- Activity.get_create_activity_by_object_ap_id(object["id"]), %User{} = user <- User.get_or_fetch_by_ap_id(data["actor"]) do @@ -378,6 +383,7 @@ def handle_incoming(%{"type" => "Create", "object" => %{"type" => objtype} = obj additional: Map.take(data, [ "cc", + "directMessage", "id" ]) } From 7c9749f793aa0970a36742bf4177c1a9899b1ff4 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 23 Dec 2018 15:44:26 +0000 Subject: [PATCH 09/11] transmogrifier: slightly clean up fix_explicit_addressing pipeline --- lib/pleroma/web/activity_pub/transmogrifier.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 5400aa657..5d3feccfe 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -133,6 +133,7 @@ def fix_addressing(object) do |> fix_addressing_list("cc") |> fix_addressing_list("bto") |> fix_addressing_list("bcc") + |> fix_explicit_addressing end def fix_actor(%{"attributedTo" => actor} = object) do @@ -367,7 +368,6 @@ def handle_incoming(%{"type" => "Create", "object" => %{"type" => objtype} = obj data = Map.put(data, "actor", actor) |> fix_addressing - |> fix_explicit_addressing with nil <- Activity.get_create_activity_by_object_ap_id(object["id"]), %User{} = user <- User.get_or_fetch_by_ap_id(data["actor"]) do From cf3099231db2f51a4e804a4e5630cd6774e60c77 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 23 Dec 2018 15:55:07 +0000 Subject: [PATCH 10/11] test: transmogrifier: verify directMessage flag is sent outbound based on declared visibility --- test/web/activity_pub/transmogrifier_test.exs | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index 5aa136e65..c1d542245 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -902,6 +902,34 @@ test "it adds like collection to object" do assert modified["object"]["likes"]["type"] == "OrderedCollection" assert modified["object"]["likes"]["totalItems"] == 0 end + + test "the directMessage flag is present" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "2hu :moominmamma:"}) + + {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) + + assert modified["directMessage"] == false + + {:ok, activity} = + CommonAPI.post(user, %{"status" => "@{other_user.nickname} :moominmamma:"}) + + {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) + + assert modified["directMessage"] == false + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => "@{other_user.nickname} :moominmamma:", + "visibility" => "direct" + }) + + {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) + + assert modified["directMessage"] == true + end end describe "user upgrade" do From aa37313416c155a37b40e09617eb2fe524edbf0b Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 20 Jan 2019 02:30:29 +0000 Subject: [PATCH 11/11] activitypub: short-circuit is_public?() with directMessage flag check --- lib/pleroma/web/activity_pub/activity_pub.ex | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 1fedfa854..68b684c4b 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -800,6 +800,7 @@ def fetch_and_contain_remote_object_from_id(id) do def is_public?(%Object{data: %{"type" => "Tombstone"}}), do: false def is_public?(%Object{data: data}), do: is_public?(data) def is_public?(%Activity{data: data}), do: is_public?(data) + def is_public?(%{"directMessage" => true}), do: false def is_public?(data) do "https://www.w3.org/ns/activitystreams#Public" in (data["to"] ++ (data["cc"] || [])) @@ -809,6 +810,9 @@ def is_private?(activity) do !is_public?(activity) && Enum.any?(activity.data["to"], &String.contains?(&1, "/followers")) end + def is_direct?(%Activity{data: %{"directMessage" => true}}), do: true + def is_direct?(%Object{data: %{"directMessage" => true}}), do: true + def is_direct?(activity) do !is_public?(activity) && !is_private?(activity) end