Merge branch 'bug/fix-searched-content-publically-accessible' into 'master'
Fix URL searched content publically accessible See merge request framasoft/mobilizon!391
This commit is contained in:
commit
cf5f010bc0
@ -19,6 +19,10 @@ Also make sure to remove the `EnvironmentFile=` line from the systemd service an
|
||||
- Possibility to participate anonymously to an event
|
||||
- Possibility to participate to a remote event (being redirected by providing federated identity)
|
||||
|
||||
### Fixed
|
||||
- Fixed URL search
|
||||
- Fixed content accessed through URL search being public
|
||||
|
||||
## [1.0.0-beta.2] - 2019-12-18
|
||||
|
||||
### Special operations
|
||||
|
@ -73,7 +73,7 @@ yarn install
|
||||
|
||||
Finally, we can build the front-end (this can take a few seconds)
|
||||
```bash
|
||||
yarn run build
|
||||
NODE_ENV=production yarn run build
|
||||
```
|
||||
|
||||
Let's go back to the main directory
|
||||
|
@ -37,10 +37,10 @@
|
||||
<h3 class="title">
|
||||
{{ $t("Upcoming") }}
|
||||
</h3>
|
||||
<b-loading :active.sync="$apollo.loading"></b-loading>
|
||||
<b-loading :active.sync="$apollo.loading" />
|
||||
<div v-for="row of goingToEvents" class="upcoming-events" :key="row[0]">
|
||||
<span class="date-component-container" v-if="isInLessThanSevenDays(row[0])">
|
||||
<date-component :date="row[0]"></date-component>
|
||||
<date-component :date="row[0]" />
|
||||
<h3 class="subtitle"
|
||||
v-if="isToday(row[0])">
|
||||
{{ $tc('You have one event today.', row[1].length, {count: row[1].length}) }}
|
||||
@ -71,7 +71,7 @@
|
||||
<h3 class="title">
|
||||
{{ $t("Last week") }}
|
||||
</h3>
|
||||
<b-loading :active.sync="$apollo.loading"></b-loading>
|
||||
<b-loading :active.sync="$apollo.loading" />
|
||||
<div>
|
||||
<EventListCard
|
||||
v-for="participation in lastWeekEvents"
|
||||
@ -83,7 +83,7 @@
|
||||
</section>
|
||||
<section class="events-featured">
|
||||
<h3 class="title">{{ $t('Featured events') }}</h3>
|
||||
<b-loading :active.sync="$apollo.loading"></b-loading>
|
||||
<b-loading :active.sync="$apollo.loading" />
|
||||
<div v-if="filteredFeaturedEvents.length > 0" class="columns is-multiline">
|
||||
<div class="column is-one-third-desktop" v-for="event in filteredFeaturedEvents.slice(0, 6)" :key="event.uuid">
|
||||
<EventCard
|
||||
@ -261,9 +261,11 @@ export default class Home extends Vue {
|
||||
return res;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return all events from server excluding the ones shown as participating
|
||||
*/
|
||||
get filteredFeaturedEvents() {
|
||||
if (!this.currentUser.isLoggedIn || !this.currentActor.id) return this.events;
|
||||
return this.events.filter(event => event.organizerActor && event.organizerActor.id !== this.currentActor.id);
|
||||
return this.events.filter(({ id }) => !this.currentUserParticipations.map(({ event: { id } }) => id).includes(id));
|
||||
}
|
||||
|
||||
geoLocalize() {
|
||||
|
@ -87,7 +87,7 @@ const tabsName = {
|
||||
};
|
||||
},
|
||||
skip() {
|
||||
return !this.searchTerm;
|
||||
return !this.searchTerm || this.isURL(this.searchTerm);
|
||||
},
|
||||
},
|
||||
},
|
||||
@ -104,6 +104,13 @@ export default class Search extends Vue {
|
||||
searchGroups: SearchGroup = { total: 0, elements: [] };
|
||||
activeTab: SearchTabs = tabsName[this.searchType];
|
||||
|
||||
@Watch('searchEvents')
|
||||
async redirectURLToEvent() {
|
||||
if (this.searchEvents.total === 1 && this.isURL(this.searchTerm)) {
|
||||
return await this.$router.replace({ name: RouteName.EVENT, params: { uuid: this.searchEvents.elements[0].uuid } });
|
||||
}
|
||||
}
|
||||
|
||||
changeTab(index: number) {
|
||||
switch (index) {
|
||||
case SearchTabs.EVENTS:
|
||||
@ -136,6 +143,12 @@ export default class Search extends Vue {
|
||||
return this.searchGroups.elements.map(group => Object.assign(new Group(), group));
|
||||
}
|
||||
|
||||
isURL(url: string): boolean {
|
||||
const a = document.createElement('a');
|
||||
a.href = url;
|
||||
return (a.host && a.host !== window.location.host) as boolean;
|
||||
}
|
||||
|
||||
}
|
||||
</script>
|
||||
<style lang="scss">
|
||||
|
@ -881,7 +881,6 @@ defmodule Mobilizon.Federation.ActivityPub do
|
||||
|> Map.merge(%{
|
||||
"id" => "#{Endpoint.url()}/reject/follow/#{follower.id}"
|
||||
}) do
|
||||
Logger.error(inspect(update_data))
|
||||
{:ok, follower, update_data}
|
||||
else
|
||||
err ->
|
||||
|
@ -46,11 +46,16 @@ defmodule Mobilizon.Federation.ActivityStream.Converter.Event do
|
||||
{:mentions, mentions} <- {:mentions, ConverterUtils.fetch_mentions(object["tag"])},
|
||||
{:visibility, visibility} <- {:visibility, get_visibility(object)},
|
||||
{:options, options} <- {:options, get_options(object)} do
|
||||
attachments =
|
||||
object
|
||||
|> Map.get("attachment", [])
|
||||
|> Enum.filter(fn attachment -> Map.get(attachment, "type", "Document") == "Document" end)
|
||||
|
||||
picture_id =
|
||||
with true <- Map.has_key?(object, "attachment") && length(object["attachment"]) > 0,
|
||||
with true <- length(attachments) > 0,
|
||||
{:ok, %Picture{id: picture_id}} <-
|
||||
object["attachment"]
|
||||
|> hd
|
||||
attachments
|
||||
|> hd()
|
||||
|> PictureConverter.find_or_create_picture(actor_id) do
|
||||
picture_id
|
||||
else
|
||||
@ -71,7 +76,7 @@ defmodule Mobilizon.Federation.ActivityStream.Converter.Event do
|
||||
local: is_nil(actor_domain),
|
||||
options: options,
|
||||
status: object |> Map.get("ical:status", "CONFIRMED") |> String.downcase(),
|
||||
online_address: object["onlineAddress"],
|
||||
online_address: object |> Map.get("attachment", []) |> get_online_address(),
|
||||
phone_address: object["phoneAddress"],
|
||||
draft: false,
|
||||
url: object["id"],
|
||||
@ -122,6 +127,7 @@ defmodule Mobilizon.Federation.ActivityStream.Converter.Event do
|
||||
"repliesModerationOption" => event.options.comment_moderation,
|
||||
"commentsEnabled" => event.options.comment_moderation == :allow_all,
|
||||
"anonymousParticipationEnabled" => event.options.anonymous_participation,
|
||||
"attachment" => [],
|
||||
# "draft" => event.draft,
|
||||
"ical:status" => event.status |> to_string |> String.upcase(),
|
||||
"id" => event.url,
|
||||
@ -133,9 +139,34 @@ defmodule Mobilizon.Federation.ActivityStream.Converter.Event do
|
||||
do: res,
|
||||
else: Map.put(res, "location", AddressConverter.model_to_as(event.physical_address))
|
||||
|
||||
if is_nil(event.picture),
|
||||
res =
|
||||
if is_nil(event.picture),
|
||||
do: res,
|
||||
else:
|
||||
Map.update(
|
||||
res,
|
||||
"attachment",
|
||||
[],
|
||||
&(&1 ++ [PictureConverter.model_to_as(event.picture)])
|
||||
)
|
||||
|
||||
if is_nil(event.online_address),
|
||||
do: res,
|
||||
else: Map.put(res, "attachment", [PictureConverter.model_to_as(event.picture)])
|
||||
else:
|
||||
Map.update(
|
||||
res,
|
||||
"attachment",
|
||||
[],
|
||||
&(&1 ++
|
||||
[
|
||||
%{
|
||||
"type" => "Link",
|
||||
"href" => event.online_address,
|
||||
"mediaType" => "text/html",
|
||||
"name" => "Website"
|
||||
}
|
||||
])
|
||||
)
|
||||
end
|
||||
|
||||
# Get only elements that we have in EventOptions
|
||||
@ -198,4 +229,21 @@ defmodule Mobilizon.Federation.ActivityStream.Converter.Event do
|
||||
@spec date_to_string(DateTime.t() | nil) :: String.t()
|
||||
defp date_to_string(nil), do: nil
|
||||
defp date_to_string(%DateTime{} = date), do: DateTime.to_iso8601(date)
|
||||
|
||||
defp get_online_address(attachments) do
|
||||
Enum.find_value(attachments, [], fn attachment ->
|
||||
case attachment do
|
||||
%{
|
||||
"type" => "Link",
|
||||
"href" => url,
|
||||
"mediaType" => "text/html",
|
||||
"name" => "Website"
|
||||
} ->
|
||||
url
|
||||
|
||||
_ ->
|
||||
nil
|
||||
end
|
||||
end)
|
||||
end
|
||||
end
|
||||
|
@ -5,6 +5,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Event do
|
||||
|
||||
alias Mobilizon.{Actors, Admin, Events}
|
||||
alias Mobilizon.Actors.Actor
|
||||
alias Mobilizon.Config
|
||||
alias Mobilizon.Events.{Event, EventParticipantStats}
|
||||
alias Mobilizon.Users.User
|
||||
|
||||
@ -44,16 +45,28 @@ defmodule Mobilizon.GraphQL.Resolvers.Event do
|
||||
{:error, "Event with UUID #{uuid} not found"}
|
||||
end
|
||||
|
||||
def find_event(parent, %{uuid: uuid} = args, resolution) do
|
||||
case {:has_event, Events.get_public_event_by_uuid_with_preload(uuid)} do
|
||||
{:has_event, %Event{} = event} ->
|
||||
{:ok, Map.put(event, :organizer_actor, Person.proxify_pictures(event.organizer_actor))}
|
||||
|
||||
def find_event(parent, %{uuid: uuid} = args, %{context: context} = resolution) do
|
||||
with {:has_event, %Event{} = event} <-
|
||||
{:has_event, Events.get_public_event_by_uuid_with_preload(uuid)},
|
||||
{:access_valid, true} <-
|
||||
{:access_valid, Map.has_key?(context, :current_user) || check_event_access(event)} do
|
||||
{:ok, Map.put(event, :organizer_actor, Person.proxify_pictures(event.organizer_actor))}
|
||||
else
|
||||
{:has_event, _} ->
|
||||
find_private_event(parent, args, resolution)
|
||||
|
||||
{:access_valid, _} ->
|
||||
{:error, "Event with UUID #{uuid} not found"}
|
||||
end
|
||||
end
|
||||
|
||||
def check_event_access(%Event{local: true}), do: true
|
||||
|
||||
def check_event_access(%Event{url: url}) do
|
||||
relay_actor_id = Config.relay_actor_id()
|
||||
Events.check_if_event_has_instance_follow(url, relay_actor_id)
|
||||
end
|
||||
|
||||
@doc """
|
||||
List participants for event (through an event request)
|
||||
"""
|
||||
|
@ -140,6 +140,7 @@ defmodule Mobilizon.Config do
|
||||
]
|
||||
|
||||
def anonymous_actor_id, do: get_cached_value(:anonymous_actor_id)
|
||||
def relay_actor_id, do: get_cached_value(:relay_actor_id)
|
||||
|
||||
@spec get(module | atom) :: any
|
||||
def get(key), do: get(key, nil)
|
||||
@ -202,6 +203,13 @@ defmodule Mobilizon.Config do
|
||||
end
|
||||
end
|
||||
|
||||
@spec create_cache(atom()) :: integer()
|
||||
defp create_cache(:relay_actor_id) do
|
||||
with {:ok, %Actor{id: actor_id}} <- Actors.get_or_create_internal_actor("relay") do
|
||||
actor_id
|
||||
end
|
||||
end
|
||||
|
||||
def clear_config_cache do
|
||||
Cachex.clear(:config)
|
||||
end
|
||||
|
@ -12,7 +12,7 @@ defmodule Mobilizon.Events do
|
||||
|
||||
alias Ecto.{Changeset, Multi}
|
||||
|
||||
alias Mobilizon.Actors.Actor
|
||||
alias Mobilizon.Actors.{Actor, Follower}
|
||||
alias Mobilizon.Addresses.Address
|
||||
|
||||
alias Mobilizon.Events.{
|
||||
@ -28,6 +28,7 @@ defmodule Mobilizon.Events do
|
||||
}
|
||||
|
||||
alias Mobilizon.Service.Workers
|
||||
alias Mobilizon.Share
|
||||
alias Mobilizon.Storage.{Page, Repo}
|
||||
alias Mobilizon.Users.User
|
||||
|
||||
@ -228,6 +229,14 @@ defmodule Mobilizon.Events do
|
||||
|> Repo.one()
|
||||
end
|
||||
|
||||
@spec check_if_event_has_instance_follow(String.t(), integer()) :: boolean()
|
||||
def check_if_event_has_instance_follow(event_uri, follower_actor_id) do
|
||||
Share
|
||||
|> join(:inner, [s], f in Follower, on: f.target_actor_id == s.actor_id)
|
||||
|> where([s, f], f.actor_id == ^follower_actor_id and s.uri == ^event_uri)
|
||||
|> Repo.exists?()
|
||||
end
|
||||
|
||||
@doc """
|
||||
Gets an event by its UUID, with all associations loaded.
|
||||
"""
|
||||
@ -379,6 +388,7 @@ defmodule Mobilizon.Events do
|
||||
|> filter_future_events(is_future)
|
||||
|> filter_unlisted(is_unlisted)
|
||||
|> filter_draft()
|
||||
|> filter_local_or_from_followed_instances_events()
|
||||
|> Repo.all()
|
||||
end
|
||||
|
||||
@ -461,6 +471,7 @@ defmodule Mobilizon.Events do
|
||||
name
|
||||
|> normalize_search_string()
|
||||
|> events_for_search_query()
|
||||
|> filter_local_or_from_followed_instances_events()
|
||||
|> Page.build_page(page, limit)
|
||||
end
|
||||
|
||||
@ -1757,6 +1768,14 @@ defmodule Mobilizon.Events do
|
||||
|
||||
defp filter_future_events(query, false), do: query
|
||||
|
||||
defp filter_local_or_from_followed_instances_events(query) do
|
||||
from(q in query,
|
||||
left_join: s in Share,
|
||||
on: s.uri == q.url,
|
||||
where: q.local == true or not is_nil(s.uri)
|
||||
)
|
||||
end
|
||||
|
||||
@spec filter_unlisted(Ecto.Query.t(), boolean) :: Ecto.Query.t()
|
||||
defp filter_unlisted(query, true) do
|
||||
from(q in query, where: q.visibility in ^@public_visibility)
|
||||
|
@ -14,7 +14,9 @@ defimpl Mobilizon.Service.Metadata, for: Mobilizon.Events.Event do
|
||||
Tag.tag(:meta, property: "og:title", content: event.title),
|
||||
Tag.tag(:meta, property: "og:url", content: event.url),
|
||||
Tag.tag(:meta, property: "og:description", content: event.description),
|
||||
Tag.tag(:meta, property: "og:type", content: "website")
|
||||
Tag.tag(:meta, property: "og:type", content: "website"),
|
||||
# Tell Search Engines what's the origin
|
||||
Tag.tag(:link, rel: "canonical", href: event.url)
|
||||
]
|
||||
|
||||
tags =
|
||||
|
@ -70,6 +70,8 @@ defmodule Mobilizon.Federation.ActivityPub.TransmogrifierTest do
|
||||
assert event.physical_address.url ==
|
||||
"https://event1.tcit.fr/address/eeecc11d-0030-43e8-a897-6422876372jd"
|
||||
|
||||
assert event.online_address == "https://google.com"
|
||||
|
||||
{:ok, %Actor{}} = Actors.get_actor_by_url(object["actor"])
|
||||
end
|
||||
end
|
||||
|
15
test/fixtures/mobilizon-post-activity.json
vendored
15
test/fixtures/mobilizon-post-activity.json
vendored
@ -35,7 +35,20 @@
|
||||
],
|
||||
"id": "https://test.mobilizon.org/events/39026210-0c69-4238-b3cc-986f33f98ed0/activity",
|
||||
"object": {
|
||||
"attachment": [],
|
||||
"attachment": [
|
||||
{
|
||||
"href": "https://something.org",
|
||||
"mediaType": "text/html",
|
||||
"name": "Another link",
|
||||
"type": "Link"
|
||||
},
|
||||
{
|
||||
"href": "https://google.com",
|
||||
"mediaType": "text/html",
|
||||
"name": "Website",
|
||||
"type": "Link"
|
||||
}
|
||||
],
|
||||
"attributedTo": "https://test.mobilizon.org/@Alicia",
|
||||
"startTime": "2018-02-12T14:08:20Z",
|
||||
"cc": [
|
||||
|
Loading…
Reference in New Issue
Block a user