about summary refs log tree commit diff
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2018-10-25 18:12:22 +0200
committerGitHub <noreply@github.com>2018-10-25 18:12:22 +0200
commitd4cf963749d2f6bb8e47a670e8cc4819ff659f49 (patch)
treeedf1952827a69950512fbc05e7150942266a13fc
parentb9d7021c1ba9abdfceeffb36cb7c67885b1fb9fc (diff)
Allow inbox owner to view implicitly targeted ActivityPub payload (#9093)
Fix #9091
-rw-r--r--app/controllers/activitypub/inboxes_controller.rb2
-rw-r--r--app/lib/activitypub/activity/create.rb13
-rw-r--r--app/workers/activitypub/processing_worker.rb4
3 files changed, 15 insertions, 4 deletions
diff --git a/app/controllers/activitypub/inboxes_controller.rb b/app/controllers/activitypub/inboxes_controller.rb
index af51e32d5..8f5e1887e 100644
--- a/app/controllers/activitypub/inboxes_controller.rb
+++ b/app/controllers/activitypub/inboxes_controller.rb
@@ -36,6 +36,6 @@ class ActivityPub::InboxesController < Api::BaseController
   end
 
   def process_payload
-    ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body.force_encoding('UTF-8'))
+    ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body.force_encoding('UTF-8'), @account&.id)
   end
 end
diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb
index 7e6702a63..92cdf4578 100644
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@@ -81,11 +81,22 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
       @mentions << Mention.new(account: account, silent: true)
 
       # If there is at least one silent mention, then the status can be considered
-      # as a limited-audience status, and not strictly a direct message
+      # as a limited-audience status, and not strictly a direct message, but only
+      # if we considered a direct message in the first place
       next unless @params[:visibility] == :direct
 
       @params[:visibility] = :limited
     end
+
+    # If the payload was delivered to a specific inbox, the inbox owner must have
+    # access to it, unless they already have access to it anyway
+    return if @options[:delivered_to_account_id].nil? || @mentions.any? { mention.account_id == @options[:delivered_to_account_id] }
+
+    @mentions << Mention.new(account_id: @options[:delivered_to_account_id], silent: true)
+
+    return unless @param[:visibility] == :direct
+
+    @params[:visibility] = :limited
   end
 
   def attach_tags(status)
diff --git a/app/workers/activitypub/processing_worker.rb b/app/workers/activitypub/processing_worker.rb
index 0e2e0eddd..a8a3ebf0f 100644
--- a/app/workers/activitypub/processing_worker.rb
+++ b/app/workers/activitypub/processing_worker.rb
@@ -5,7 +5,7 @@ class ActivityPub::ProcessingWorker
 
   sidekiq_options backtrace: true
 
-  def perform(account_id, body)
-    ActivityPub::ProcessCollectionService.new.call(body, Account.find(account_id), override_timestamps: true)
+  def perform(account_id, body, delivered_to_account_id = nil)
+    ActivityPub::ProcessCollectionService.new.call(body, Account.find(account_id), override_timestamps: true, delivered_to_account_id: delivered_to_account_id)
   end
 end