Commit e99fdfc3 authored by kaniini's avatar kaniini

object: containment: only allow OStatus references in test suite environment

parent a8eb1f09
Pipeline #18811 failed with stages
in 7 minutes and 6 seconds
...@@ -32,6 +32,23 @@ def get_actor(%{"actor" => nil, "attributedTo" => actor}) when not is_nil(actor) ...@@ -32,6 +32,23 @@ def get_actor(%{"actor" => nil, "attributedTo" => actor}) when not is_nil(actor)
get_actor(%{"actor" => actor}) get_actor(%{"actor" => actor})
end end
# TODO: We explicitly allow 'tag' URIs through, due to references to legacy OStatus
# objects being present in the test suite environment. Once these objects are
# removed, please also remove this.
if Mix.env() == :test do
defp compare_uris(_, %URI{scheme: "tag" <> _}), do: :ok
end
defp compare_uris(%URI{} = id_uri, %URI{} = other_uri) do
if id_uri.host == other_uri.host do
:ok
else
:error
end
end
defp compare_uris(_, _), do: :error
@doc """ @doc """
Checks that an imported AP object's actor matches the domain it came from. Checks that an imported AP object's actor matches the domain it came from.
""" """
...@@ -41,11 +58,7 @@ def contain_origin(id, %{"actor" => _actor} = params) do ...@@ -41,11 +58,7 @@ def contain_origin(id, %{"actor" => _actor} = params) do
id_uri = URI.parse(id) id_uri = URI.parse(id)
actor_uri = URI.parse(get_actor(params)) actor_uri = URI.parse(get_actor(params))
if id_uri.host == actor_uri.host || id_uri.scheme == "tag" do compare_uris(actor_uri, id_uri)
:ok
else
:error
end
end end
def contain_origin(id, %{"attributedTo" => actor} = params), def contain_origin(id, %{"attributedTo" => actor} = params),
...@@ -57,13 +70,7 @@ def contain_origin_from_id(id, %{"id" => other_id} = _params) do ...@@ -57,13 +70,7 @@ def contain_origin_from_id(id, %{"id" => other_id} = _params) do
id_uri = URI.parse(id) id_uri = URI.parse(id)
other_uri = URI.parse(other_id) other_uri = URI.parse(other_id)
# We explicitly allow 'tag' URIs through, due to legacy OStatus objects compare_uris(id_uri, other_uri)
# being present in the ActivityPub network.
if id_uri.host == other_uri.host || other_uri.scheme == "tag" do
:ok
else
:error
end
end end
def contain_child(%{"object" => %{"id" => id, "attributedTo" => _} = object}), def contain_child(%{"object" => %{"id" => id, "attributedTo" => _} = object}),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment