Update validator See merge request pleroma/pleroma!2668stable
commit
98af7b59e4
@ -0,0 +1,59 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateValidator do
|
||||
use Ecto.Schema
|
||||
|
||||
alias Pleroma.EctoType.ActivityPub.ObjectValidators
|
||||
|
||||
import Ecto.Changeset
|
||||
import Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations
|
||||
|
||||
@primary_key false
|
||||
|
||||
embedded_schema do
|
||||
field(:id, ObjectValidators.ObjectID, primary_key: true)
|
||||
field(:type, :string)
|
||||
field(:actor, ObjectValidators.ObjectID)
|
||||
field(:to, ObjectValidators.Recipients, default: [])
|
||||
field(:cc, ObjectValidators.Recipients, default: [])
|
||||
# In this case, we save the full object in this activity instead of just a
|
||||
# reference, so we can always see what was actually changed by this.
|
||||
field(:object, :map)
|
||||
end
|
||||
|
||||
def cast_data(data) do
|
||||
%__MODULE__{}
|
||||
|> cast(data, __schema__(:fields))
|
||||
end
|
||||
|
||||
def validate_data(cng) do
|
||||
cng
|
||||
|> validate_required([:id, :type, :actor, :to, :cc, :object])
|
||||
|> validate_inclusion(:type, ["Update"])
|
||||
|> validate_actor_presence()
|
||||
|> validate_updating_rights()
|
||||
end
|
||||
|
||||
def cast_and_validate(data) do
|
||||
data
|
||||
|> cast_data
|
||||
|> validate_data
|
||||
end
|
||||
|
||||
# For now we only support updating users, and here the rule is easy:
|
||||
# object id == actor id
|
||||
def validate_updating_rights(cng) do
|
||||
with actor = get_field(cng, :actor),
|
||||
object = get_field(cng, :object),
|
||||
{:ok, object_id} <- ObjectValidators.ObjectID.cast(object),
|
||||
true <- actor == object_id do
|
||||
cng
|
||||
else
|
||||
_e ->
|
||||
cng
|
||||
|> add_error(:object, "Can't be updated by this actor")
|
||||
end
|
||||
end
|
||||
end
|
@ -0,0 +1,159 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.ActivityPub.Transmogrifier.UserUpdateHandlingTest do
|
||||
use Pleroma.DataCase
|
||||
|
||||
alias Pleroma.Activity
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Web.ActivityPub.Transmogrifier
|
||||
|
||||
import Pleroma.Factory
|
||||
|
||||
test "it works for incoming update activities" do
|
||||
user = insert(:user, local: false)
|
||||
|
||||
update_data = File.read!("test/fixtures/mastodon-update.json") |> Poison.decode!()
|
||||
|
||||
object =
|
||||
update_data["object"]
|
||||
|> Map.put("actor", user.ap_id)
|
||||
|> Map.put("id", user.ap_id)
|
||||
|
||||
update_data =
|
||||
update_data
|
||||
|> Map.put("actor", user.ap_id)
|
||||
|> Map.put("object", object)
|
||||
|
||||
{:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(update_data)
|
||||
|
||||
assert data["id"] == update_data["id"]
|
||||
|
||||
user = User.get_cached_by_ap_id(data["actor"])
|
||||
assert user.name == "gargle"
|
||||
|
||||
assert user.avatar["url"] == [
|
||||
%{
|
||||
"href" =>
|
||||
"https://cd.niu.moe/accounts/avatars/000/033/323/original/fd7f8ae0b3ffedc9.jpeg"
|
||||
}
|
||||
]
|
||||
|
||||
assert user.banner["url"] == [
|
||||
%{
|
||||
"href" =>
|
||||
"https://cd.niu.moe/accounts/headers/000/033/323/original/850b3448fa5fd477.png"
|
||||
}
|
||||
]
|
||||
|
||||
assert user.bio == "<p>Some bio</p>"
|
||||
end
|
||||
|
||||
test "it works with alsoKnownAs" do
|
||||
%{ap_id: actor} = insert(:user, local: false)
|
||||
|
||||
assert User.get_cached_by_ap_id(actor).also_known_as == []
|
||||
|
||||
{:ok, _activity} =
|
||||
"test/fixtures/mastodon-update.json"
|
||||
|> File.read!()
|
||||
|> Poison.decode!()
|
||||
|> Map.put("actor", actor)
|
||||
|> Map.update!("object", fn object ->
|
||||
object
|
||||
|> Map.put("actor", actor)
|
||||
|> Map.put("id", actor)
|
||||
|> Map.put("alsoKnownAs", [
|
||||
"http://mastodon.example.org/users/foo",
|
||||
"http://example.org/users/bar"
|
||||
])
|
||||
end)
|
||||
|> Transmogrifier.handle_incoming()
|
||||
|
||||
assert User.get_cached_by_ap_id(actor).also_known_as == [
|
||||
"http://mastodon.example.org/users/foo",
|
||||
"http://example.org/users/bar"
|
||||
]
|
||||
end
|
||||
|
||||
test "it works with custom profile fields" do
|
||||
user = insert(:user, local: false)
|
||||
|
||||
assert user.fields == []
|
||||
|
||||
update_data = File.read!("test/fixtures/mastodon-update.json") |> Poison.decode!()
|
||||
|
||||
object =
|
||||
update_data["object"]
|
||||
|> Map.put("actor", user.ap_id)
|
||||
|> Map.put("id", user.ap_id)
|
||||
|
||||
update_data =
|
||||
update_data
|
||||
|> Map.put("actor", user.ap_id)
|
||||
|> Map.put("object", object)
|
||||
|
||||
{:ok, _update_activity} = Transmogrifier.handle_incoming(update_data)
|
||||
|
||||
user = User.get_cached_by_ap_id(user.ap_id)
|
||||
|
||||
assert user.fields == [
|
||||
%{"name" => "foo", "value" => "updated"},
|
||||
%{"name" => "foo1", "value" => "updated"}
|
||||
]
|
||||
|
||||
Pleroma.Config.put([:instance, :max_remote_account_fields], 2)
|
||||
|
||||
update_data =
|
||||
update_data
|
||||
|> put_in(["object", "attachment"], [
|
||||
%{"name" => "foo", "type" => "PropertyValue", "value" => "bar"},
|
||||
%{"name" => "foo11", "type" => "PropertyValue", "value" => "bar11"},
|
||||
%{"name" => "foo22", "type" => "PropertyValue", "value" => "bar22"}
|
||||
])
|
||||
|> Map.put("id", update_data["id"] <> ".")
|
||||
|
||||
{:ok, _} = Transmogrifier.handle_incoming(update_data)
|
||||
|
||||
user = User.get_cached_by_ap_id(user.ap_id)
|
||||
|
||||
assert user.fields == [
|
||||
%{"name" => "foo", "value" => "updated"},
|
||||
%{"name" => "foo1", "value" => "updated"}
|
||||
]
|
||||
|
||||
update_data =
|
||||
update_data
|
||||
|> put_in(["object", "attachment"], [])
|
||||
|> Map.put("id", update_data["id"] <> ".")
|
||||
|
||||
{:ok, _} = Transmogrifier.handle_incoming(update_data)
|
||||
|
||||
user = User.get_cached_by_ap_id(user.ap_id)
|
||||
|
||||
assert user.fields == []
|
||||
end
|
||||
|
||||
test "it works for incoming update activities which lock the account" do
|
||||
user = insert(:user, local: false)
|
||||
|
||||
update_data = File.read!("test/fixtures/mastodon-update.json") |> Poison.decode!()
|
||||
|
||||
object =
|
||||
update_data["object"]
|
||||
|> Map.put("actor", user.ap_id)
|
||||
|> Map.put("id", user.ap_id)
|
||||
|> Map.put("manuallyApprovesFollowers", true)
|
||||
|
||||
update_data =
|
||||
update_data
|
||||
|> Map.put("actor", user.ap_id)
|
||||
|> Map.put("object", object)
|
||||
|
||||
{:ok, %Activity{local: false}} = Transmogrifier.handle_incoming(update_data)
|
||||
|
||||
user = User.get_cached_by_ap_id(user.ap_id)
|
||||
assert user.locked == true
|
||||
end
|
||||
end
|
Loading…
Reference in new issue