logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma
commit: 117e005409c75c2d53df88fa19211823bdf3d61e
parent: 3a77336d8999bed45518420c9f8b47d89dcf1f4d
Author: kaniini <nenolod@gmail.com>
Date:   Thu, 11 Oct 2018 10:56:12 +0000

Merge branch 'security/fix-local-locked-accounts' into 'develop'

security: fix local locked accounts

Closes #316

See merge request pleroma/pleroma!372

Diffstat:

Mlib/pleroma/user.ex11++++++++++-
Mtest/user_test.exs9+++++++++
2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex @@ -184,7 +184,15 @@ defmodule Pleroma.User do def needs_update?(_), do: true - def maybe_direct_follow(%User{} = follower, %User{info: info} = followed) do + def maybe_direct_follow(%User{} = follower, %User{local: true, info: %{"locked" => true}}) do + {:ok, follower} + end + + def maybe_direct_follow(%User{} = follower, %User{local: true} = followed) do + follow(follower, followed) + end + + def maybe_direct_follow(%User{} = follower, %User{} = followed) do if !User.ap_enabled?(followed) do follow(follower, followed) else @@ -728,6 +736,7 @@ defmodule Pleroma.User do Repo.insert(cs, on_conflict: :replace_all, conflict_target: :nickname) end + def ap_enabled?(%User{local: true}), do: true def ap_enabled?(%User{info: info}), do: info["ap_enabled"] def ap_enabled?(_), do: false diff --git a/test/user_test.exs b/test/user_test.exs @@ -55,6 +55,15 @@ defmodule Pleroma.UserTest do {:error, _} = User.follow(blockee, blocker) end + test "local users do not automatically follow local locked accounts" do + follower = insert(:user, info: %{"locked" => true}) + followed = insert(:user, info: %{"locked" => true}) + + {:ok, follower} = User.maybe_direct_follow(follower, followed) + + refute User.following?(follower, followed) + end + # This is a somewhat useless test. # test "following a remote user will ensure a websub subscription is present" do # user = insert(:user)