Merge branch 'prevent-upserting-local-actor' into 'master'

Prevent upserting local actor

See merge request framasoft/mobilizon!519
This commit is contained in:
Thomas Citharel 2020-07-31 09:22:12 +02:00
commit b9bd43070e
2 changed files with 18 additions and 14 deletions

View file

@ -96,7 +96,7 @@ defmodule Mobilizon.Federation.ActivityPub do
Logger.debug("Entity is already existing") Logger.debug("Entity is already existing")
entity = entity =
if force_fetch and not compare_origins?(url, Endpoint.url()) do if force_fetch and not are_same_origin?(url, Endpoint.url()) do
Logger.debug("Entity is external and we want a force fetch") Logger.debug("Entity is external and we want a force fetch")
with {:ok, _activity, entity} <- Fetcher.fetch_and_update(url, options) do with {:ok, _activity, entity} <- Fetcher.fetch_and_update(url, options) do
@ -506,6 +506,9 @@ defmodule Mobilizon.Federation.ActivityPub do
""" """
@spec make_actor_from_url(String.t(), boolean()) :: {:ok, %Actor{}} | {:error, any()} @spec make_actor_from_url(String.t(), boolean()) :: {:ok, %Actor{}} | {:error, any()}
def make_actor_from_url(url, preload \\ false) do def make_actor_from_url(url, preload \\ false) do
if are_same_origin?(url, Endpoint.url()) do
{:error, "Can't make a local actor from URL"}
else
case fetch_and_prepare_actor_from_url(url) do case fetch_and_prepare_actor_from_url(url) do
{:ok, data} -> {:ok, data} ->
Actors.upsert_actor(data, preload) Actors.upsert_actor(data, preload)
@ -520,6 +523,7 @@ defmodule Mobilizon.Federation.ActivityPub do
{:error, e} {:error, e}
end end
end end
end
@doc """ @doc """
Find an actor in our local database or call WebFinger to find what's its AP ID is and then fetch it Find an actor in our local database or call WebFinger to find what's its AP ID is and then fetch it

View file

@ -248,7 +248,7 @@ defmodule Mobilizon.Federation.ActivityPub.Utils do
when not is_nil(actor) do when not is_nil(actor) do
actor = get_actor(params) actor = get_actor(params)
Logger.debug("Performing origin check on #{id} and #{actor} URIs") Logger.debug("Performing origin check on #{id} and #{actor} URIs")
compare_origins?(id, actor) are_same_origin?(id, actor)
end end
def origin_check?(_id, %{"type" => type} = _params) when type in ["Actor", "Group"], do: true def origin_check?(_id, %{"type" => type} = _params) when type in ["Actor", "Group"], do: true
@ -257,8 +257,8 @@ defmodule Mobilizon.Federation.ActivityPub.Utils do
def origin_check?(_id, _args), do: false def origin_check?(_id, _args), do: false
@spec compare_origins?(String.t(), String.t()) :: boolean() @spec are_same_origin?(String.t(), String.t()) :: boolean()
def compare_origins?(url_1, url_2) when is_binary(url_1) and is_binary(url_2) do def are_same_origin?(url_1, url_2) when is_binary(url_1) and is_binary(url_2) do
uri_1 = URI.parse(url_1) uri_1 = URI.parse(url_1)
uri_2 = URI.parse(url_2) uri_2 = URI.parse(url_2)