From bb4d005a8381091911697175416eb9c37379155e Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Wed, 20 Sep 2017 01:08:08 +0900 Subject: Introduce OStatus::TagManager (#5008) --- app/lib/activitypub/activity/create.rb | 2 +- app/lib/activitypub/tag_manager.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'app/lib/activitypub') diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb index 41f2b0bad..0964c9f53 100644 --- a/app/lib/activitypub/activity/create.rb +++ b/app/lib/activitypub/activity/create.rb @@ -115,7 +115,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity def conversation_from_uri(uri) return nil if uri.nil? - return Conversation.find_by(id: TagManager.instance.unique_tag_to_local_id(uri, 'Conversation')) if TagManager.instance.local_id?(uri) + return Conversation.find_by(id: OStatus::TagManager.instance.unique_tag_to_local_id(uri, 'Conversation')) if OStatus::TagManager.instance.local_id?(uri) Conversation.find_by(uri: uri) || Conversation.create!(uri: uri) end diff --git a/app/lib/activitypub/tag_manager.rb b/app/lib/activitypub/tag_manager.rb index 1b4e271db..4ec3b8c56 100644 --- a/app/lib/activitypub/tag_manager.rb +++ b/app/lib/activitypub/tag_manager.rb @@ -98,8 +98,8 @@ class ActivityPub::TagManager else StatusFinder.new(uri).status end - elsif ::TagManager.instance.local_id?(uri) - klass.find_by(id: ::TagManager.instance.unique_tag_to_local_id(uri, klass.to_s)) + elsif OStatus::TagManager.instance.local_id?(uri) + klass.find_by(id: OStatus::TagManager.instance.unique_tag_to_local_id(uri, klass.to_s)) else klass.find_by(uri: uri.split('#').first) end -- cgit From 98936bfcdf48cfd25968d1314ecf41be7d4596c3 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Tue, 26 Sep 2017 01:33:11 +0900 Subject: Add missing validations in ActivityPub::Activity::Create (#5096) --- app/lib/activitypub/activity/create.rb | 12 +++- spec/lib/activitypub/activity/create_spec.rb | 104 +++++++++++++++++++++++++++ 2 files changed, 114 insertions(+), 2 deletions(-) (limited to 'app/lib/activitypub') diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb index 0964c9f53..4e19b3096 100644 --- a/app/lib/activitypub/activity/create.rb +++ b/app/lib/activitypub/activity/create.rb @@ -68,6 +68,8 @@ class ActivityPub::Activity::Create < ActivityPub::Activity end def process_hashtag(tag, status) + return if tag['name'].blank? + hashtag = tag['name'].gsub(/\A#/, '').mb_chars.downcase hashtag = Tag.where(name: hashtag).first_or_initialize(name: hashtag) @@ -75,6 +77,8 @@ class ActivityPub::Activity::Create < ActivityPub::Activity end def process_mention(tag, status) + return if tag['href'].blank? + account = account_from_uri(tag['href']) account = FetchRemoteAccountService.new.call(tag['href']) if account.nil? return if account.nil? @@ -82,6 +86,8 @@ class ActivityPub::Activity::Create < ActivityPub::Activity end def process_emoji(tag, _status) + return if tag['name'].blank? || tag['href'].blank? + shortcode = tag['name'].delete(':') emoji = CustomEmoji.find_by(shortcode: shortcode, domain: @account.domain) @@ -96,7 +102,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity return unless @object['attachment'].is_a?(Array) @object['attachment'].each do |attachment| - next if unsupported_media_type?(attachment['mediaType']) + next if unsupported_media_type?(attachment['mediaType']) || attachment['url'].blank? href = Addressable::URI.parse(attachment['url']).normalize.to_s media_attachment = MediaAttachment.create(status: status, account: status.account, remote_url: href) @@ -106,6 +112,8 @@ class ActivityPub::Activity::Create < ActivityPub::Activity media_attachment.file_remote_url = href media_attachment.save end + rescue Addressable::URI::InvalidURIError => e + Rails.logger.debug e end def resolve_thread(status) @@ -116,7 +124,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity def conversation_from_uri(uri) return nil if uri.nil? return Conversation.find_by(id: OStatus::TagManager.instance.unique_tag_to_local_id(uri, 'Conversation')) if OStatus::TagManager.instance.local_id?(uri) - Conversation.find_by(uri: uri) || Conversation.create!(uri: uri) + Conversation.find_by(uri: uri) || Conversation.create(uri: uri) end def visibility_from_audience diff --git a/spec/lib/activitypub/activity/create_spec.rb b/spec/lib/activitypub/activity/create_spec.rb index 1a9520f04..cdd499150 100644 --- a/spec/lib/activitypub/activity/create_spec.rb +++ b/spec/lib/activitypub/activity/create_spec.rb @@ -171,6 +171,26 @@ RSpec.describe ActivityPub::Activity::Create do end end + context 'with mentions missing href' do + let(:object_json) do + { + id: 'bar', + type: 'Note', + content: 'Lorem ipsum', + tag: [ + { + type: 'Mention', + }, + ], + } + end + + it 'creates status' do + status = sender.statuses.first + expect(status).to_not be_nil + end + end + context 'with media attachments' do let(:object_json) do { @@ -195,6 +215,27 @@ RSpec.describe ActivityPub::Activity::Create do end end + context 'with media attachments missing url' do + let(:object_json) do + { + id: 'bar', + type: 'Note', + content: 'Lorem ipsum', + attachment: [ + { + type: 'Document', + mime_type: 'image/png', + }, + ], + } + end + + it 'creates status' do + status = sender.statuses.first + expect(status).to_not be_nil + end + end + context 'with hashtags' do let(:object_json) do { @@ -219,6 +260,27 @@ RSpec.describe ActivityPub::Activity::Create do end end + context 'with hashtags missing name' do + let(:object_json) do + { + id: 'bar', + type: 'Note', + content: 'Lorem ipsum', + tag: [ + { + type: 'Hashtag', + href: 'http://example.com/blah', + }, + ], + } + end + + it 'creates status' do + status = sender.statuses.first + expect(status).to_not be_nil + end + end + context 'with emojis' do let(:object_json) do { @@ -242,5 +304,47 @@ RSpec.describe ActivityPub::Activity::Create do expect(status.emojis.map(&:shortcode)).to include('tinking') end end + + context 'with emojis missing name' do + let(:object_json) do + { + id: 'bar', + type: 'Note', + content: 'Lorem ipsum :tinking:', + tag: [ + { + type: 'Emoji', + href: 'http://example.com/emoji.png', + }, + ], + } + end + + it 'creates status' do + status = sender.statuses.first + expect(status).to_not be_nil + end + end + + context 'with emojis missing href' do + let(:object_json) do + { + id: 'bar', + type: 'Note', + content: 'Lorem ipsum :tinking:', + tag: [ + { + type: 'Emoji', + name: 'tinking', + }, + ], + } + end + + it 'creates status' do + status = sender.statuses.first + expect(status).to_not be_nil + end + end end end -- cgit From cf7fbf2c569473e9a984bd3042930f9c5a060a23 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Tue, 26 Sep 2017 01:06:13 +0200 Subject: Fix #5059 - Stop processing payload if it's from local account (#5100) --- app/lib/activitypub/activity/announce.rb | 2 ++ app/services/activitypub/process_collection_service.rb | 2 +- spec/services/activitypub/process_collection_service_spec.rb | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) (limited to 'app/lib/activitypub') diff --git a/app/lib/activitypub/activity/announce.rb b/app/lib/activitypub/activity/announce.rb index 556f91235..4516454e1 100644 --- a/app/lib/activitypub/activity/announce.rb +++ b/app/lib/activitypub/activity/announce.rb @@ -25,6 +25,8 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity def fetch_remote_original_status if object_uri.start_with?('http') + return if ActivityPub::TagManager.instance.local_uri?(object_uri) + ActivityPub::FetchRemoteStatusService.new.call(object_uri) elsif @object['url'].present? ::FetchRemoteStatusService.new.call(@object['url']) diff --git a/app/services/activitypub/process_collection_service.rb b/app/services/activitypub/process_collection_service.rb index 0c6736a3f..59cb65c65 100644 --- a/app/services/activitypub/process_collection_service.rb +++ b/app/services/activitypub/process_collection_service.rb @@ -9,7 +9,7 @@ class ActivityPub::ProcessCollectionService < BaseService return unless supported_context? return if different_actor? && verify_account!.nil? - return if @account.suspended? + return if @account.suspended? || @account.local? case @json['type'] when 'Collection', 'CollectionPage' diff --git a/spec/services/activitypub/process_collection_service_spec.rb b/spec/services/activitypub/process_collection_service_spec.rb index 249b12470..c1cc22523 100644 --- a/spec/services/activitypub/process_collection_service_spec.rb +++ b/spec/services/activitypub/process_collection_service_spec.rb @@ -1,7 +1,7 @@ require 'rails_helper' RSpec.describe ActivityPub::ProcessCollectionService do - let(:actor) { Fabricate(:account) } + let(:actor) { Fabricate(:account, domain: 'example.com', uri: 'http://example.com/account') } let(:payload) do { @@ -24,7 +24,7 @@ RSpec.describe ActivityPub::ProcessCollectionService do describe '#call' do context 'when actor is the sender' context 'when actor differs from sender' do - let(:forwarder) { Fabricate(:account) } + let(:forwarder) { Fabricate(:account, domain: 'example.com', uri: 'http://example.com/other_account') } it 'processes payload with sender if no signature exists' do expect_any_instance_of(ActivityPub::LinkedDataSignature).not_to receive(:verify_account!) -- cgit