CommonAPI: Refactor visibility, forbid public to private replies.

cbb34510 · lain · 153c15cd · cbb34510 · cbb34510 · cbb34510
Commit cbb34510 authored May 15, 2019 by lain
--- a/lib/pleroma/web/activity_pub/visibility.ex
+++ b/lib/pleroma/web/activity_pub/visibility.ex
@@ -58,4 +58,28 @@ def entire_thread_visible_for_user?(
        visible_for_user?(tail, user)
    end
  end
+
+  def get_visibility(object) do
+    public = "https://www.w3.org/ns/activitystreams#Public"
+    to = object.data["to"] || []
+    cc = object.data["cc"] || []
+
+    cond do
+      public in to ->
+        "public"
+
+      public in cc ->
+        "unlisted"
+
+      # this should use the sql for the object's activity
+      Enum.any?(to, &String.contains?(&1, "/followers")) ->
+        "private"
+
+      length(cc) > 0 ->
+        "private"
+
+      true ->
+        "direct"
+    end
+  end
 end
--- a/lib/pleroma/web/common_api/common_api.ex
+++ b/lib/pleroma/web/common_api/common_api.ex
@@ -126,22 +126,30 @@ def get_visibility(%{"in_reply_to_status_id" => status_id}) when not is_nil(stat
        "public"

      in_reply_to ->
-        # XXX: these heuristics should be moved out of MastodonAPI.
-        with %Object{} = object <- Object.normalize(in_reply_to) do
-          Pleroma.Web.MastodonAPI.StatusView.get_visibility(object)
-        end
+        get_replied_to_visibility(in_reply_to)
    end
  end

  def get_visibility(_), do: "public"

+  def get_replied_to_visibility(nil), do: nil
+
+  def get_replied_to_visibility(activity) do
+    with %Object{} = object <- Object.normalize(activity) do
+      Pleroma.Web.ActivityPub.Visibility.get_visibility(object)
+    end
+  end
+
  def post(user, %{"status" => status} = data) do
-    visibility = get_visibility(data)
    limit = Pleroma.Config.get([:instance, :limit])

    with status <- String.trim(status),
         attachments <- attachments_from_ids(data),
+         visibility <- get_visibility(data),
         in_reply_to <- get_replied_to_activity(data["in_reply_to_status_id"]),
+         in_reply_to_visibility <- get_replied_to_visibility(in_reply_to),
+         {_, false} <-
+           {:private_to_public, in_reply_to_visibility == "direct" && visibility != "direct"},
         {content_html, mentions, tags} <-
           make_content_html(
             status,
@@ -185,6 +193,8 @@ def post(user, %{"status" => status} = data) do
        )

      res
+    else
+      e -> {:error, e}
    end
  end


--- a/lib/pleroma/web/mastodon_api/views/status_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/status_view.ex
@@ -16,6 +16,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
  alias Pleroma.Web.MastodonAPI.StatusView
  alias Pleroma.Web.MediaProxy

+  import Pleroma.Web.ActivityPub.Visibility, only: [get_visibility: 1]
+
  # TODO: Add cached version.
  defp get_replied_to_activities(activities) do
    activities
@@ -340,30 +342,6 @@ def get_reply_to(%{data: %{"object" => _object}} = activity, _) do
    end
  end

-  def get_visibility(object) do
-    public = "https://www.w3.org/ns/activitystreams#Public"
-    to = object.data["to"] || []
-    cc = object.data["cc"] || []
-
-    cond do
-      public in to ->
-        "public"
-
-      public in cc ->
-        "unlisted"
-
-      # this should use the sql for the object's activity
-      Enum.any?(to, &String.contains?(&1, "/followers")) ->
-        "private"
-
-      length(cc) > 0 ->
-        "private"
-
-      true ->
-        "direct"
-    end
-  end
-
  def render_content(%{data: %{"type" => "Video"}} = object) do
    with name when not is_nil(name) and name != "" <- object.data["name"] do
      "<p><a href=\"#{object.data["id"]}\">#{name}</a></p>#{object.data["content"]}"

--- a/lib/pleroma/web/twitter_api/views/activity_view.ex
+++ b/lib/pleroma/web/twitter_api/views/activity_view.ex
@@ -310,7 +310,7 @@ def render(
      "tags" => tags,
      "activity_type" => "post",
      "possibly_sensitive" => possibly_sensitive,
-      "visibility" => StatusView.get_visibility(object),
+      "visibility" => Pleroma.Web.ActivityPub.Visibility.get_visibility(object),
      "summary" => summary,
      "summary_html" => summary |> Formatter.emojify(object.data["emoji"]),
      "card" => card,

--- a/test/web/activity_pub/visibilty_test.exs
+++ b/test/web/activity_pub/visibilty_test.exs
@@ -95,4 +95,16 @@ test "visible_for_user?", %{
    refute Visibility.visible_for_user?(private, unrelated)
    refute Visibility.visible_for_user?(direct, unrelated)
  end
+
+  test "get_visibility", %{
+    public: public,
+    private: private,
+    direct: direct,
+    unlisted: unlisted
+  } do
+    assert Visibility.get_visibility(public) == "public"
+    assert Visibility.get_visibility(private) == "private"
+    assert Visibility.get_visibility(direct) == "direct"
+    assert Visibility.get_visibility(unlisted) == "unlisted"
+  end
 end
--- a/test/web/common_api/common_api_test.exs
+++ b/test/web/common_api/common_api_test.exs
@@ -87,6 +87,28 @@ test "it filters out obviously bad tags when accepting a post as Markdown" do

      assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
    end
+
+    test "it does not allow replies to direct messages that are not direct messages themselves" do
+      user = insert(:user)
+
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "suya..", "visibility" => "direct"})
+
+      assert {:ok, _} =
+               CommonAPI.post(user, %{
+                 "status" => "suya..",
+                 "visibility" => "direct",
+                 "in_reply_to_status_id" => activity.id
+               })
+
+      Enum.each(["public", "private", "unlisted"], fn visibility ->
+        assert {:error, {:private_to_public, _}} =
+                 CommonAPI.post(user, %{
+                   "status" => "suya..",
+                   "visibility" => visibility,
+                   "in_reply_to_status_id" => activity.id
+                 })
+      end)
+    end
  end

  describe "reactions" do