From 977e711e22dd5171cbff241c7e763de8d34eef26 Mon Sep 17 00:00:00 2001 From: Thibaut Girka Date: Wed, 2 Oct 2019 13:18:51 +0200 Subject: [PATCH 1/3] Import object from self-Announce whenever possible --- lib/pleroma/web/activity_pub/transmogrifier.ex | 25 +++++++++++++++++- test/fixtures/mastodon-announce-private.json | 35 ++++++++++++++++++++++++++ test/support/http_request_mock.ex | 8 ++++++ test/web/activity_pub/transmogrifier_test.exs | 20 ++++++++++++++- 4 files changed, 86 insertions(+), 2 deletions(-) create mode 100644 test/fixtures/mastodon-announce-private.json diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 64c470fc8..8f9bf5525 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -580,7 +580,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do ) do with actor <- Containment.get_actor(data), {:ok, %User{} = actor} <- User.get_or_fetch_by_ap_id(actor), - {:ok, object} <- get_obj_helper(object_id), + {:ok, object} <- get_embedded_obj_helper(object_id, actor), public <- Visibility.is_public?(data), {:ok, activity, _object} <- ActivityPub.announce(actor, object, id, false, public) do {:ok, activity} @@ -781,6 +781,29 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do end end + @spec get_embedded_obj_helper(String.t() | Object.t(), User.t()) :: {:ok, Object.t()} | nil + def get_embedded_obj_helper(%{"attributedTo" => attributedTo, "id" => object_id} = data, %User{ + ap_id: ap_id + }) + when attributedTo == ap_id do + with {:ok, activity} <- + handle_incoming(%{ + "type" => "Create", + "to" => data["to"], + "cc" => data["cc"], + "actor" => data["attributedTo"], + "object" => data + }) do + {:ok, Object.normalize(activity)} + else + _ -> get_obj_helper(object_id) + end + end + + def get_embedded_obj_helper(object_id, _) do + get_obj_helper(object_id) + end + def set_reply_to_uri(%{"inReplyTo" => in_reply_to} = object) when is_binary(in_reply_to) do with false <- String.starts_with?(in_reply_to, "http"), {:ok, %{data: replied_to_object}} <- get_obj_helper(in_reply_to) do diff --git a/test/fixtures/mastodon-announce-private.json b/test/fixtures/mastodon-announce-private.json new file mode 100644 index 000000000..9b868b13d --- /dev/null +++ b/test/fixtures/mastodon-announce-private.json @@ -0,0 +1,35 @@ +{ + "type": "Announce", + "to": [ + "http://mastodon.example.org/users/admin/followers" + ], + "published": "2018-02-17T19:39:15Z", + "object": { + "type": "Note", + "id": "http://mastodon.example.org/@admin/99541947525187368", + "attributedTo": "http://mastodon.example.org/users/admin", + "content": "this is a private toot", + "to": [ + "http://mastodon.example.org/users/admin/followers" + ] + }, + "id": "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity", + "atomUri": "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity", + "actor": "http://mastodon.example.org/users/admin", + "@context": [ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1", + { + "toot": "http://joinmastodon.org/ns#", + "sensitive": "as:sensitive", + "ostatus": "http://ostatus.org#", + "movedTo": "as:movedTo", + "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", + "inReplyToAtomUri": "ostatus:inReplyToAtomUri", + "conversation": "ostatus:conversation", + "atomUri": "ostatus:atomUri", + "Hashtag": "as:Hashtag", + "Emoji": "toot:Emoji" + } + ] +} diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex index 5506c0626..7a87a2b35 100644 --- a/test/support/http_request_mock.ex +++ b/test/support/http_request_mock.ex @@ -349,6 +349,14 @@ defmodule HttpRequestMock do }} end + def get("http://mastodon.example.org/@admin/99541947525187368", _, _, _) do + {:ok, + %Tesla.Env{ + status: 404, + body: "" + }} + end + def get("https://shitposter.club/notice/7369654", _, _, _) do {:ok, %Tesla.Env{ diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index b995f0224..d25334104 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -442,6 +442,25 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do assert Activity.get_create_by_object_ap_id(data["object"]).id == activity.id end + test "it works for incoming announces with an inlined activity" do + data = + File.read!("test/fixtures/mastodon-announce-private.json") + |> Poison.decode!() + + {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + + assert data["actor"] == "http://mastodon.example.org/users/admin" + assert data["type"] == "Announce" + + assert data["id"] == + "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity" + + object = Object.normalize(data["object"]) + + assert object.data["id"] == "http://mastodon.example.org/@admin/99541947525187368" + assert object.data["content"] == "this is a private toot" + end + test "it does not clobber the addressing on announce activities" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"}) @@ -1084,7 +1103,6 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do {:ok, announce_activity, _} = CommonAPI.repeat(activity.id, user) {:ok, modified} = Transmogrifier.prepare_outgoing(announce_activity.data) - object = modified["object"] assert modified["object"]["content"] == "hey" assert modified["object"]["actor"] == modified["object"]["attributedTo"] From 791d93ff0ecb304e3278b786e66689521e9ad19d Mon Sep 17 00:00:00 2001 From: Thibaut Girka Date: Wed, 2 Oct 2019 13:46:06 +0200 Subject: [PATCH 2/3] Make credo happy --- lib/pleroma/web/activity_pub/transmogrifier.ex | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 8f9bf5525..449c777dc 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -782,16 +782,16 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do end @spec get_embedded_obj_helper(String.t() | Object.t(), User.t()) :: {:ok, Object.t()} | nil - def get_embedded_obj_helper(%{"attributedTo" => attributedTo, "id" => object_id} = data, %User{ + def get_embedded_obj_helper(%{"attributedTo" => attributed_to, "id" => object_id} = data, %User{ ap_id: ap_id }) - when attributedTo == ap_id do + when attributed_to == ap_id do with {:ok, activity} <- handle_incoming(%{ "type" => "Create", "to" => data["to"], "cc" => data["cc"], - "actor" => data["attributedTo"], + "actor" => attributed_to, "object" => data }) do {:ok, Object.normalize(activity)} From b1ff66dc5f0f3915152314677bcd2379be0dd43b Mon Sep 17 00:00:00 2001 From: Thibaut Girka Date: Sat, 5 Oct 2019 12:46:06 +0200 Subject: [PATCH 3/3] Add test for handling Announces with inlined object from different origin --- test/fixtures/bogus-mastodon-announce.json | 43 +++++++++++++++++++++++++++ test/support/http_request_mock.ex | 8 +++++ test/web/activity_pub/transmogrifier_test.exs | 8 +++++ 3 files changed, 59 insertions(+) create mode 100644 test/fixtures/bogus-mastodon-announce.json diff --git a/test/fixtures/bogus-mastodon-announce.json b/test/fixtures/bogus-mastodon-announce.json new file mode 100644 index 000000000..0485b80b9 --- /dev/null +++ b/test/fixtures/bogus-mastodon-announce.json @@ -0,0 +1,43 @@ +{ + "type": "Announce", + "to": [ + "https://www.w3.org/ns/activitystreams#Public" + ], + "published": "2018-02-17T19:39:15Z", + "object": { + "type": "Note", + "id": "https://mastodon.social/users/emelie/statuses/101849165031453404", + "attributedTo": "https://mastodon.social/users/emelie", + "content": "this is a public toot", + "to": [ + "https://www.w3.org/ns/activitystreams#Public" + ], + "cc": [ + "https://mastodon.social/users/emelie", + "https://mastodon.social/users/emelie/followers" + ] + }, + "id": "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity", + "cc": [ + "http://mastodon.example.org/users/admin", + "http://mastodon.example.org/users/admin/followers" + ], + "atomUri": "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity", + "actor": "http://mastodon.example.org/users/admin", + "@context": [ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1", + { + "toot": "http://joinmastodon.org/ns#", + "sensitive": "as:sensitive", + "ostatus": "http://ostatus.org#", + "movedTo": "as:movedTo", + "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", + "inReplyToAtomUri": "ostatus:inReplyToAtomUri", + "conversation": "ostatus:conversation", + "atomUri": "ostatus:atomUri", + "Hashtag": "as:Hashtag", + "Emoji": "toot:Emoji" + } + ] +} diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex index 7a87a2b35..b825a9307 100644 --- a/test/support/http_request_mock.ex +++ b/test/support/http_request_mock.ex @@ -46,6 +46,14 @@ defmodule HttpRequestMock do }} end + def get("https://mastodon.social/users/emelie/statuses/101849165031453404", _, _, _) do + {:ok, + %Tesla.Env{ + status: 404, + body: "" + }} + end + def get("https://mastodon.social/users/emelie", _, _, _) do {:ok, %Tesla.Env{ diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index d25334104..02f606709 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -461,6 +461,14 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do assert object.data["content"] == "this is a private toot" end + test "it rejects incoming announces with an inlined activity from another origin" do + data = + File.read!("test/fixtures/bogus-mastodon-announce.json") + |> Poison.decode!() + + assert :error = Transmogrifier.handle_incoming(data) + end + test "it does not clobber the addressing on announce activities" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})