MIX FORMAT

AND THAT ONE TOO AND ALL
INBOX NEEDS TO BE A FULL URL YOU IDIOT AM BAKA I SHOULD JUST COMMIT SUDOKU RIGHT NOW
2023-08-15 23:26:22 +01:00 · 2023-08-15 23:26:08 +01:00 · 2023-08-15 23:23:59 +01:00 · 2023-08-15 23:12:04 +01:00
4 changed files with 20 additions and 7 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -16,6 +16,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

 ## Fixed
 - Documentation issue in which a non-existing nginx file was referenced
+- Issue where a bad inbox URL could break federation

 ## 2023.08

--- a/lib/pleroma/web/activity_pub/publisher.ex
+++ b/lib/pleroma/web/activity_pub/publisher.ex
@ -115,13 +115,18 @@ defp allowed_instances do
  def should_federate?(url) do
    %{host: host} = URI.parse(url)

-    with allowed <- allowed_instances(),
+    with {nil, false} <- {nil, is_nil(host)},
+         allowed <- allowed_instances(),
         false <- Enum.empty?(allowed) do
      allowed
      |> Pleroma.Web.ActivityPub.MRF.instance_list_from_tuples()
      |> Pleroma.Web.ActivityPub.MRF.subdomains_regex()
      |> Pleroma.Web.ActivityPub.MRF.subdomain_match?(host)
    else
+      # oi!
+      {nil, true} ->
+        false
+
      _ ->
        quarantined_instances =
          blocked_instances()
--- a/lib/pleroma/web/activity_pub/views/user_view.ex
+++ b/lib/pleroma/web/activity_pub/views/user_view.ex
@ -18,16 +18,16 @@ defmodule Pleroma.Web.ActivityPub.UserView do
  import Ecto.Query

  def render("endpoints.json", %{user: %User{nickname: nil, local: true} = _user}) do
-    %{"sharedInbox" => ~p"/inbox"}
+    %{"sharedInbox" => url(~p"/inbox")}
  end

  def render("endpoints.json", %{user: %User{local: true} = _user}) do
    %{
-      "oauthAuthorizationEndpoint" => ~p"/oauth/authorize",
-      "oauthRegistrationEndpoint" => ~p"/api/v1/apps",
-      "oauthTokenEndpoint" => ~p"/oauth/token",
-      "sharedInbox" => ~p"/inbox",
-      "uploadMedia" => ~p"/api/ap/upload_media"
+      "oauthAuthorizationEndpoint" => url(~p"/oauth/authorize"),
+      "oauthRegistrationEndpoint" => url(~p"/api/v1/apps"),
+      "oauthTokenEndpoint" => url(~p"/oauth/token"),
+      "sharedInbox" => url(~p"/inbox"),
+      "uploadMedia" => url(~p"/api/ap/upload_media")
    }
  end

--- a/test/pleroma/web/activity_pub/publisher_test.exs
+++ b/test/pleroma/web/activity_pub/publisher_test.exs
@ -487,4 +487,11 @@ test "publish to url with with different ports" do
             )
    end
  end
+
+  describe "should_federate/1" do
+    test "should not obliterate itself if the inbox URL is bad" do
+      url = "/inbox"
+      refute Pleroma.Web.ActivityPub.Publisher.should_federate?(url)
+    end
+  end
 end
Author	SHA1	Message	Date
FloatingGhost	98f0820ca4	MIX FORMAT	2023-08-15 23:26:22 +01:00
FloatingGhost	9bc0345e57	AND THAT ONE TOO AND ALL	2023-08-15 23:26:08 +01:00
FloatingGhost	f3cc60b202	INBOX NEEDS TO BE A FULL URL YOU IDIOT AM BAKA I SHOULD JUST COMMIT SUDOKU RIGHT NOW	2023-08-15 23:23:59 +01:00
FloatingGhost	063e3c0d34	Disallow nil hosts in should_federate	2023-08-15 23:12:04 +01:00