Disallow following locked accounts over OStatus

This commit is contained in:
rinpatch 2019-07-31 22:05:12 +03:00 committed by Ariadne Conill
parent 59e60c6db1
commit 2c2c075fd6
2 changed files with 12 additions and 0 deletions

View File

@ -14,9 +14,13 @@ defmodule Pleroma.Web.OStatus.FollowHandler do
followed_uri when not is_nil(followed_uri) <-
XML.string_from_xpath("/entry/activity:object/id", entry),
{:ok, followed} <- OStatus.find_or_make_user(followed_uri),
{:locked, false} <- {:locked, followed.info.locked},
{:ok, activity} <- ActivityPub.follow(actor, followed, id, false) do
User.follow(actor, followed)
{:ok, activity}
else
{:locked, true} ->
{:error, "It's not possible to follow locked accounts over OStatus"}
end
end
end

View File

@ -302,6 +302,14 @@ defmodule Pleroma.Web.OStatusTest do
assert User.following?(follower, followed)
end
test "refuse following over OStatus if the followed's account is locked" do
incoming = File.read!("test/fixtures/follow.xml")
_user = insert(:user, info: %{locked: true}, ap_id: "https://pawoo.net/users/pekorino")
{:ok, [{:error, "It's not possible to follow locked accounts over OStatus"}]} =
OStatus.handle_incoming(incoming)
end
test "handle incoming unfollows with existing follow" do
incoming_follow = File.read!("test/fixtures/follow.xml")
{:ok, [_activity]} = OStatus.handle_incoming(incoming_follow)