Merge branch 'fix-receving-tombstones' into 'master'

Fix checking origin from a tombstone

See merge request framasoft/mobilizon!1021
This commit is contained in:
Thomas Citharel 2021-08-10 19:26:52 +00:00
commit 5c90fa9659
5 changed files with 22 additions and 1 deletions

View file

@ -37,6 +37,11 @@ defmodule Mobilizon.Federation.ActivityPub.Audience do
%{"to" => maybe_add_group_members([], actor), "cc" => []}
end
# Deleted comments are just like tombstones
def get_audience(%Comment{deleted_at: deleted_at}) when not is_nil(deleted_at) do
%{"to" => [@ap_public], "cc" => []}
end
def get_audience(%Comment{discussion: %Discussion{} = discussion}) do
get_audience(discussion)
end

View file

@ -142,7 +142,7 @@ defmodule Mobilizon.Federation.ActivityPub.Fetcher do
true
else
Sentry.capture_message("Object origin check failed", extra: %{url: url, data: data})
Logger.debug("Object origin check failed")
Logger.debug("Object origin check failed between #{inspect(url)} and #{inspect(data)}")
false
end
end

View file

@ -1110,6 +1110,10 @@ defmodule Mobilizon.Federation.ActivityPub.Transmogrifier do
{:error, error_message, object} when error_message in ["Gone", "Not found"] ->
{:ok, object}
# comments are just emptied
{:ok, %Comment{deleted_at: deleted_at} = object} when not is_nil(deleted_at) ->
{:ok, object}
{:ok, %{url: url} = object} ->
if Utils.are_same_origin?(url, Endpoint.url()),
do: {:ok, object},

View file

@ -239,6 +239,8 @@ defmodule Mobilizon.Federation.ActivityPub.Utils do
Takes the actor or attributedTo attributes (considers only the first elem if they're an array)
"""
def origin_check?(id, %{"type" => "Tombstone", "id" => tombstone_id}), do: id == tombstone_id
def origin_check?(id, %{"actor" => actor, "attributedTo" => _attributed_to} = params)
when not is_nil(actor) and actor != "" do
params = Map.delete(params, "attributedTo")

View file

@ -5,6 +5,7 @@ defmodule Mobilizon.Federation.ActivityPub.UtilsTest do
import Mobilizon.Factory
alias Mobilizon.Federation.ActivityPub.Utils
alias Mobilizon.Federation.ActivityStream.Converter
alias Mobilizon.Web.Endpoint
@ -51,4 +52,13 @@ defmodule Mobilizon.Federation.ActivityPub.UtilsTest do
assert comment_data["inReplyTo"] == comment.url
end
end
describe "origin_check?" do
test "origin_check? with a tombstone" do
assert Utils.origin_check?("http://an_uri", %{
"type" => "Tombstone",
"id" => "http://an_uri"
})
end
end
end