Merge branch 'bugfix/relax-spam-protection' into 'develop'
activitypub: allow indirect messages from users being followed at a personal inbox See merge request pleroma/pleroma!1069
This commit is contained in:
commit
cde7711b12
@ -153,9 +153,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
|
||||
end
|
||||
|
||||
def inbox(%{assigns: %{valid_signature: true}} = conn, %{"nickname" => nickname} = params) do
|
||||
with %User{} = user <- User.get_cached_by_nickname(nickname),
|
||||
true <- Utils.recipient_in_message(user.ap_id, params),
|
||||
params <- Utils.maybe_splice_recipient(user.ap_id, params) do
|
||||
with %User{} = recipient <- User.get_cached_by_nickname(nickname),
|
||||
%User{} = actor <- User.get_or_fetch_by_ap_id(params["actor"]),
|
||||
true <- Utils.recipient_in_message(recipient, actor, params),
|
||||
params <- Utils.maybe_splice_recipient(recipient.ap_id, params) do
|
||||
Federator.incoming_ap_doc(params)
|
||||
json(conn, "ok")
|
||||
end
|
||||
|
@ -52,7 +52,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do
|
||||
defp recipient_in_collection(ap_id, coll) when is_list(coll), do: ap_id in coll
|
||||
defp recipient_in_collection(_, _), do: false
|
||||
|
||||
def recipient_in_message(ap_id, params) do
|
||||
def recipient_in_message(%User{ap_id: ap_id} = recipient, %User{} = actor, params) do
|
||||
cond do
|
||||
recipient_in_collection(ap_id, params["to"]) ->
|
||||
true
|
||||
@ -71,6 +71,11 @@ defmodule Pleroma.Web.ActivityPub.Utils do
|
||||
!params["to"] && !params["cc"] && !params["bto"] && !params["bcc"] ->
|
||||
true
|
||||
|
||||
# if the message is sent from somebody the user is following, then assume it
|
||||
# is addressed to the recipient
|
||||
User.following?(recipient, actor) ->
|
||||
true
|
||||
|
||||
true ->
|
||||
false
|
||||
end
|
||||
|
@ -253,6 +253,36 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
|
||||
assert Activity.get_by_ap_id(data["id"])
|
||||
end
|
||||
|
||||
test "it accepts messages from actors that are followed by the user", %{conn: conn} do
|
||||
recipient = insert(:user)
|
||||
actor = insert(:user, %{ap_id: "http://mastodon.example.org/users/actor"})
|
||||
|
||||
{:ok, recipient} = User.follow(recipient, actor)
|
||||
|
||||
data =
|
||||
File.read!("test/fixtures/mastodon-post-activity.json")
|
||||
|> Poison.decode!()
|
||||
|
||||
object =
|
||||
data["object"]
|
||||
|> Map.put("attributedTo", actor.ap_id)
|
||||
|
||||
data =
|
||||
data
|
||||
|> Map.put("actor", actor.ap_id)
|
||||
|> Map.put("object", object)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> assign(:valid_signature, true)
|
||||
|> put_req_header("content-type", "application/activity+json")
|
||||
|> post("/users/#{recipient.nickname}/inbox", data)
|
||||
|
||||
assert "ok" == json_response(conn, 200)
|
||||
:timer.sleep(500)
|
||||
assert Activity.get_by_ap_id(data["id"])
|
||||
end
|
||||
|
||||
test "it rejects reads from other users", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
otheruser = insert(:user)
|
||||
|
Loading…
Reference in New Issue
Block a user