From a4545bcf672b04efa914cf72b6b3aa2c8b02f41a Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Fri, 22 Jan 2021 19:44:37 +0100 Subject: [PATCH] Exclude persons from being followed Signed-off-by: Thomas Citharel --- lib/federation/activity_pub/activity_pub.ex | 2 +- lib/federation/activity_pub/types/actors.ex | 5 ++- .../transmogrifier/follow_test.exs | 33 ++++++++++++++----- .../activity_pub/transmogrifier/undo_test.exs | 2 +- 4 files changed, 31 insertions(+), 11 deletions(-) diff --git a/lib/federation/activity_pub/activity_pub.ex b/lib/federation/activity_pub/activity_pub.ex index 3cf173441..cf7a9e54c 100644 --- a/lib/federation/activity_pub/activity_pub.ex +++ b/lib/federation/activity_pub/activity_pub.ex @@ -338,7 +338,7 @@ defmodule Mobilizon.Federation.ActivityPub do :ok <- maybe_federate(activity) do {:ok, activity, follower} else - {:error, err, msg} when err in [:already_following, :suspended] -> + {:error, err, msg} when err in [:already_following, :suspended, :no_person] -> {:error, msg} {:different_actors, _} -> diff --git a/lib/federation/activity_pub/types/actors.ex b/lib/federation/activity_pub/types/actors.ex index 1e0cdc673..66f7fd781 100644 --- a/lib/federation/activity_pub/types/actors.ex +++ b/lib/federation/activity_pub/types/actors.ex @@ -131,7 +131,8 @@ defmodule Mobilizon.Federation.ActivityPub.Types.Actors do end end - def follow(%Actor{} = follower_actor, %Actor{} = followed, _local, additional) do + def follow(%Actor{} = follower_actor, %Actor{type: type} = followed, _local, additional) + when type != :Person do with {:ok, %Follower{} = follower} <- Mobilizon.Actors.follow(followed, follower_actor, additional["activity_id"], false), :ok <- FollowMailer.send_notification_to_admins(follower), @@ -140,6 +141,8 @@ defmodule Mobilizon.Federation.ActivityPub.Types.Actors do end end + def follow(_, _, _, _), do: {:error, :no_person, "Only group and instances can be followed"} + defp prepare_args_for_actor(args) do args |> maybe_sanitize_username() diff --git a/test/federation/activity_pub/transmogrifier/follow_test.exs b/test/federation/activity_pub/transmogrifier/follow_test.exs index db99d54ab..10a2666cd 100644 --- a/test/federation/activity_pub/transmogrifier/follow_test.exs +++ b/test/federation/activity_pub/transmogrifier/follow_test.exs @@ -1,6 +1,7 @@ defmodule Mobilizon.Federation.ActivityPub.Transmogrifier.FollowTest do use Mobilizon.DataCase + import ExUnit.CaptureLog import Mobilizon.Factory alias Mobilizon.Actors alias Mobilizon.Actors.Follower @@ -8,9 +9,25 @@ defmodule Mobilizon.Federation.ActivityPub.Transmogrifier.FollowTest do alias Mobilizon.Federation.ActivityPub.{Activity, Transmogrifier} describe "handle incoming follow requests" do - test "it works for incoming follow requests" do + test "it works only for groups" do actor = insert(:actor) + data = + File.read!("test/fixtures/mastodon-follow-activity.json") + |> Jason.decode!() + |> Map.put("object", actor.url) + + assert capture_log(fn -> + :error = Transmogrifier.handle_incoming(data) + end) =~ "Only group and instances can be followed" + + actor = Actors.get_actor_with_preload(actor.id) + refute Actors.is_following(Actors.get_actor_by_url!(data["actor"], true), actor) + end + + test "it works for incoming follow requests" do + actor = insert(:group) + data = File.read!("test/fixtures/mastodon-follow-activity.json") |> Jason.decode!() @@ -27,7 +44,7 @@ defmodule Mobilizon.Federation.ActivityPub.Transmogrifier.FollowTest do end test "it rejects activities without a valid ID" do - actor = insert(:actor) + actor = insert(:group) data = File.read!("test/fixtures/mastodon-follow-activity.json") @@ -59,7 +76,7 @@ defmodule Mobilizon.Federation.ActivityPub.Transmogrifier.FollowTest do describe "handle incoming follow accept activities" do test "it works for incoming accepts" do follower = insert(:actor) - followed = insert(:actor, manually_approves_followers: false) + followed = insert(:group, manually_approves_followers: false) refute Actors.is_following(follower, followed) @@ -91,7 +108,7 @@ defmodule Mobilizon.Federation.ActivityPub.Transmogrifier.FollowTest do test "it works for incoming accepts which were pre-accepted" do follower = insert(:actor) - followed = insert(:actor, manually_approves_followers: true) + followed = insert(:group, manually_approves_followers: true) refute Actors.is_following(follower, followed) @@ -126,7 +143,7 @@ defmodule Mobilizon.Federation.ActivityPub.Transmogrifier.FollowTest do test "it works for incoming accepts which are referenced by IRI only" do follower = insert(:actor) - followed = insert(:actor, manually_approves_followers: true) + followed = insert(:group, manually_approves_followers: true) {:ok, follow_activity, _} = ActivityPub.follow(follower, followed) @@ -148,7 +165,7 @@ defmodule Mobilizon.Federation.ActivityPub.Transmogrifier.FollowTest do test "it fails for incoming accepts which cannot be correlated" do follower = insert(:actor) - followed = insert(:actor) + followed = insert(:group) accept_data = File.read!("test/fixtures/mastodon-accept-activity.json") @@ -169,7 +186,7 @@ defmodule Mobilizon.Federation.ActivityPub.Transmogrifier.FollowTest do describe "handle incoming follow reject activities" do test "it fails for incoming rejects which cannot be correlated" do follower = insert(:actor) - followed = insert(:actor) + followed = insert(:group) accept_data = File.read!("test/fixtures/mastodon-reject-activity.json") @@ -188,7 +205,7 @@ defmodule Mobilizon.Federation.ActivityPub.Transmogrifier.FollowTest do test "it works for incoming rejects which are referenced by IRI only" do follower = insert(:actor) - followed = insert(:actor) + followed = insert(:group) {:ok, follow_activity, _} = ActivityPub.follow(follower, followed) diff --git a/test/federation/activity_pub/transmogrifier/undo_test.exs b/test/federation/activity_pub/transmogrifier/undo_test.exs index 777bba458..d24ee52c6 100644 --- a/test/federation/activity_pub/transmogrifier/undo_test.exs +++ b/test/federation/activity_pub/transmogrifier/undo_test.exs @@ -46,7 +46,7 @@ defmodule Mobilizon.Federation.ActivityPub.Transmogrifier.UndoTest do end test "it works for incomming unfollows with an existing follow" do - actor = insert(:actor) + actor = insert(:group) follow_data = File.read!("test/fixtures/mastodon-follow-activity.json")