Merge branch 'strip-object-actor' into 'develop'
Strip actor from objects before federating Closes #3269 See merge request pleroma/pleroma!4105
This commit is contained in:
commit
e944b15298
1
changelog.d/strip-object-actor.fix
Normal file
1
changelog.d/strip-object-actor.fix
Normal file
@ -0,0 +1 @@
|
|||||||
|
Strip actor property from objects before federating
|
@ -9,6 +9,7 @@ defmodule Pleroma.Constants do
|
|||||||
|
|
||||||
const(object_internal_fields,
|
const(object_internal_fields,
|
||||||
do: [
|
do: [
|
||||||
|
"actor",
|
||||||
"reactions",
|
"reactions",
|
||||||
"reaction_count",
|
"reaction_count",
|
||||||
"likes",
|
"likes",
|
||||||
|
8
test/fixtures/create-chat-message.json
vendored
8
test/fixtures/create-chat-message.json
vendored
@ -1,10 +1,10 @@
|
|||||||
{
|
{
|
||||||
"actor": "http://2hu.gensokyo/users/raymoo",
|
"actor": "http://mastodon.example.org/users/admin",
|
||||||
"id": "http://2hu.gensokyo/objects/1",
|
"id": "http://mastodon.example.org/objects/1",
|
||||||
"object": {
|
"object": {
|
||||||
"attributedTo": "http://2hu.gensokyo/users/raymoo",
|
"attributedTo": "http://mastodon.example.org/users/admin",
|
||||||
"content": "You expected a cute girl? Too bad. <script>alert('XSS')</script>",
|
"content": "You expected a cute girl? Too bad. <script>alert('XSS')</script>",
|
||||||
"id": "http://2hu.gensokyo/objects/2",
|
"id": "http://mastodon.example.org/objects/2",
|
||||||
"published": "2020-02-12T14:08:20Z",
|
"published": "2020-02-12T14:08:20Z",
|
||||||
"to": [
|
"to": [
|
||||||
"http://2hu.gensokyo/users/marisa"
|
"http://2hu.gensokyo/users/marisa"
|
||||||
|
@ -221,7 +221,6 @@ defmodule Pleroma.User.BackupTest do
|
|||||||
"orderedItems" => [
|
"orderedItems" => [
|
||||||
%{
|
%{
|
||||||
"object" => %{
|
"object" => %{
|
||||||
"actor" => "http://cofe.io/users/cofe",
|
|
||||||
"content" => "status1",
|
"content" => "status1",
|
||||||
"type" => "Note"
|
"type" => "Note"
|
||||||
},
|
},
|
||||||
@ -229,7 +228,6 @@ defmodule Pleroma.User.BackupTest do
|
|||||||
},
|
},
|
||||||
%{
|
%{
|
||||||
"object" => %{
|
"object" => %{
|
||||||
"actor" => "http://cofe.io/users/cofe",
|
|
||||||
"content" => "status2"
|
"content" => "status2"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -116,8 +116,6 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.ChatMessageTest do
|
|||||||
data =
|
data =
|
||||||
File.read!("test/fixtures/create-chat-message.json")
|
File.read!("test/fixtures/create-chat-message.json")
|
||||||
|> Jason.decode!()
|
|> Jason.decode!()
|
||||||
|> Map.put("actor", "http://mastodon.example.org/users/admin")
|
|
||||||
|> put_in(["object", "actor"], "http://mastodon.example.org/users/admin")
|
|
||||||
|
|
||||||
_recipient = insert(:user, ap_id: List.first(data["to"]), local: true)
|
_recipient = insert(:user, ap_id: List.first(data["to"]), local: true)
|
||||||
|
|
||||||
|
@ -169,7 +169,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
|
|||||||
{:ok, modified} = Transmogrifier.prepare_outgoing(announce_activity.data)
|
{:ok, modified} = Transmogrifier.prepare_outgoing(announce_activity.data)
|
||||||
|
|
||||||
assert modified["object"]["content"] == "hey"
|
assert modified["object"]["content"] == "hey"
|
||||||
assert modified["object"]["actor"] == modified["object"]["attributedTo"]
|
assert activity.actor == modified["object"]["attributedTo"]
|
||||||
end
|
end
|
||||||
|
|
||||||
test "it turns mentions into tags" do
|
test "it turns mentions into tags" do
|
||||||
@ -220,7 +220,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
|
|||||||
{:ok, activity} = CommonAPI.post(user, %{status: "hey"})
|
{:ok, activity} = CommonAPI.post(user, %{status: "hey"})
|
||||||
{:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
|
{:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
|
||||||
|
|
||||||
assert modified["object"]["actor"] == modified["object"]["attributedTo"]
|
assert activity.actor == modified["object"]["attributedTo"]
|
||||||
end
|
end
|
||||||
|
|
||||||
test "it strips internal hashtag data" do
|
test "it strips internal hashtag data" do
|
||||||
@ -266,6 +266,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
|
|||||||
assert is_nil(modified["object"]["announcements"])
|
assert is_nil(modified["object"]["announcements"])
|
||||||
assert is_nil(modified["object"]["announcement_count"])
|
assert is_nil(modified["object"]["announcement_count"])
|
||||||
assert is_nil(modified["object"]["generator"])
|
assert is_nil(modified["object"]["generator"])
|
||||||
|
assert is_nil(modified["object"]["actor"])
|
||||||
end
|
end
|
||||||
|
|
||||||
test "it strips internal fields of article" do
|
test "it strips internal fields of article" do
|
||||||
|
Loading…
Reference in New Issue
Block a user