From 222312900e6d847e0d4823fb62b6eb3675a0180f Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 2 Dec 2020 12:18:43 +0100 Subject: [PATCH 1/3] User: Don't allow local users in remote changesets --- lib/pleroma/user.ex | 13 +++++++++++++ test/pleroma/user_test.exs | 7 +++++++ 2 files changed, 20 insertions(+) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index bcd5256c8..9222b5b2a 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -472,7 +472,20 @@ def remote_user_changeset(struct \\ %User{local: false}, params) do |> validate_format(:nickname, @email_regex) |> validate_length(:bio, max: bio_limit) |> validate_length(:name, max: name_limit) + |> validate_inclusion(:local, [true]) |> validate_fields(true) + |> validate_non_local() + end + + defp validate_non_local(cng) do + local? = get_field(cng, :local) + + if local? do + cng + |> add_error(:local, "User is local, can't update with this changeset.") + else + cng + end end def update_changeset(struct, params \\ %{}) do diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index c678dadb3..e01a940cb 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -895,6 +895,13 @@ test "it has required fields" do refute cs.valid? end) end + + test "it is invalid given a local user" do + user = insert(:user) + cs = User.remote_user_changeset(user, %{name: "tom from myspace"}) + + refute cs.valid? + end end describe "followers and friends" do From 04af0bbe44ab4ebd83ee2f3b797768d6e255e365 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 2 Dec 2020 13:39:29 +0100 Subject: [PATCH 2/3] User: Remove left-over (wrong) fix. --- lib/pleroma/user.ex | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 9222b5b2a..4b3a9d690 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -472,7 +472,6 @@ def remote_user_changeset(struct \\ %User{local: false}, params) do |> validate_format(:nickname, @email_regex) |> validate_length(:bio, max: bio_limit) |> validate_length(:name, max: name_limit) - |> validate_inclusion(:local, [true]) |> validate_fields(true) |> validate_non_local() end From 5d1548609843952bffa514af96e714756a7091ec Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 2 Dec 2020 14:48:11 +0100 Subject: [PATCH 3/3] SideEffects: fix test --- test/pleroma/web/activity_pub/side_effects_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/pleroma/web/activity_pub/side_effects_test.exs b/test/pleroma/web/activity_pub/side_effects_test.exs index 9efbaad04..297fc0b84 100644 --- a/test/pleroma/web/activity_pub/side_effects_test.exs +++ b/test/pleroma/web/activity_pub/side_effects_test.exs @@ -108,7 +108,7 @@ test "it blocks but does not unfollow if the relevant setting is set", %{ describe "update users" do setup do - user = insert(:user) + user = insert(:user, local: false) {:ok, update_data, []} = Builder.update(user, %{"id" => user.ap_id, "name" => "new name!"}) {:ok, update, _meta} = ActivityPub.persist(update_data, local: true)