commit: 204fd6faae8c39706a5ded42c7cc4fbc71a733bc
parent 1036acb6ae33d2bdc2afa4abfe8f9e9f8864137a
Author: Haelwenn <contact+git.pleroma.social@hacktivis.me>
Date: Fri, 9 Dec 2022 14:25:24 +0000
Merge branch 'from/upstream-develop/tusooa/report-fake' into 'develop'
Report an Object, not a Create Activity
Closes #2986
See merge request pleroma/pleroma!3788
Diffstat:
8 files changed, 135 insertions(+), 31 deletions(-)
diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex
@@ -695,20 +695,24 @@ defmodule Pleroma.Web.ActivityPub.Utils do
Enum.map(statuses || [], &build_flag_object/1)
end
- defp build_flag_object(%Activity{data: %{"id" => id}, object: %{data: data}}) do
- activity_actor = User.get_by_ap_id(data["actor"])
+ defp build_flag_object(%Activity{} = activity) do
+ object = Object.normalize(activity, fetch: false)
+
+ # Do not allow people to report Creates. Instead, report the Object that is Created.
+ if activity.data["type"] != "Create" do
+ build_flag_object_with_actor_and_id(
+ object,
+ User.get_by_ap_id(activity.data["actor"]),
+ activity.data["id"]
+ )
+ else
+ build_flag_object(object)
+ end
+ end
- %{
- "type" => "Note",
- "id" => id,
- "content" => data["content"],
- "published" => data["published"],
- "actor" =>
- AccountView.render(
- "show.json",
- %{user: activity_actor, skip_visibility_check: true}
- )
- }
+ defp build_flag_object(%Object{} = object) do
+ actor = User.get_by_ap_id(object.data["actor"])
+ build_flag_object_with_actor_and_id(object, actor, object.data["id"])
end
defp build_flag_object(act) when is_map(act) or is_binary(act) do
@@ -720,12 +724,12 @@ defmodule Pleroma.Web.ActivityPub.Utils do
end
case Activity.get_by_ap_id_with_object(id) do
- %Activity{} = activity ->
- build_flag_object(activity)
+ %Activity{object: object} = _ ->
+ build_flag_object(object)
nil ->
- if activity = Activity.get_by_object_ap_id_with_object(id) do
- build_flag_object(activity)
+ if %Object{} = object = Object.get_by_ap_id(id) do
+ build_flag_object(object)
else
%{"id" => id, "deleted" => true}
end
@@ -734,6 +738,20 @@ defmodule Pleroma.Web.ActivityPub.Utils do
defp build_flag_object(_), do: []
+ defp build_flag_object_with_actor_and_id(%Object{data: data}, actor, id) do
+ %{
+ "type" => "Note",
+ "id" => id,
+ "content" => data["content"],
+ "published" => data["published"],
+ "actor" =>
+ AccountView.render(
+ "show.json",
+ %{user: actor, skip_visibility_check: true}
+ )
+ }
+ end
+
#### Report-related helpers
def get_reports(params, page, page_size) do
params =
diff --git a/lib/pleroma/web/admin_api/report.ex b/lib/pleroma/web/admin_api/report.ex
@@ -18,10 +18,12 @@ defmodule Pleroma.Web.AdminAPI.Report do
|> Enum.reject(&is_nil(&1))
|> Enum.map(fn
act when is_map(act) ->
- Activity.get_by_ap_id_with_object(act["id"]) || make_fake_activity(act, user)
+ Activity.get_create_by_object_ap_id_with_object(act["id"]) ||
+ Activity.get_by_ap_id_with_object(act["id"]) || make_fake_activity(act, user)
act when is_binary(act) ->
- Activity.get_by_ap_id_with_object(act)
+ Activity.get_create_by_object_ap_id_with_object(act) ||
+ Activity.get_by_ap_id_with_object(act)
end)
%{report: report, user: user, account: account, statuses: statuses}
diff --git a/test/pleroma/web/activity_pub/activity_pub_test.exs b/test/pleroma/web/activity_pub/activity_pub_test.exs
@@ -1504,6 +1504,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
reporter_ap_id = reporter.ap_id
target_ap_id = target_account.ap_id
activity_ap_id = activity.data["id"]
+ object_ap_id = activity.object.data["id"]
activity_with_object = Activity.get_by_ap_id_with_object(activity_ap_id)
@@ -1515,6 +1516,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
reported_activity: activity,
content: content,
activity_ap_id: activity_ap_id,
+ object_ap_id: object_ap_id,
activity_with_object: activity_with_object,
reporter_ap_id: reporter_ap_id,
target_ap_id: target_ap_id
@@ -1528,7 +1530,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
target_account: target_account,
reported_activity: reported_activity,
content: content,
- activity_ap_id: activity_ap_id,
+ object_ap_id: object_ap_id,
activity_with_object: activity_with_object,
reporter_ap_id: reporter_ap_id,
target_ap_id: target_ap_id
@@ -1544,7 +1546,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
note_obj = %{
"type" => "Note",
- "id" => activity_ap_id,
+ "id" => object_ap_id,
"content" => content,
"published" => activity_with_object.object.data["published"],
"actor" =>
@@ -1568,6 +1570,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
context: context,
target_account: target_account,
reported_activity: reported_activity,
+ object_ap_id: object_ap_id,
content: content
},
Utils,
@@ -1582,8 +1585,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
content: content
})
- new_data =
- put_in(activity.data, ["object"], [target_account.ap_id, reported_activity.data["id"]])
+ new_data = put_in(activity.data, ["object"], [target_account.ap_id, object_ap_id])
assert_called(Utils.maybe_federate(%{activity | data: new_data}))
end
diff --git a/test/pleroma/web/activity_pub/transmogrifier_test.exs b/test/pleroma/web/activity_pub/transmogrifier_test.exs
@@ -61,7 +61,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
note_obj = %{
"type" => "Note",
- "id" => activity.data["id"],
+ "id" => activity.object.data["id"],
"content" => "test post",
"published" => object.data["published"],
"actor" => AccountView.render("show.json", %{user: user, skip_visibility_check: true})
diff --git a/test/pleroma/web/activity_pub/utils_test.exs b/test/pleroma/web/activity_pub/utils_test.exs
@@ -473,7 +473,7 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
content = "foobar"
target_ap_id = target_account.ap_id
- activity_ap_id = activity.data["id"]
+ object_ap_id = activity.object.data["id"]
res =
Utils.make_flag_data(
@@ -489,7 +489,7 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
note_obj = %{
"type" => "Note",
- "id" => activity_ap_id,
+ "id" => object_ap_id,
"content" => content,
"published" => activity.object.data["published"],
"actor" =>
@@ -504,6 +504,49 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
"state" => "open"
} = res
end
+
+ test "returns map with Flag object with a non-Create Activity" do
+ reporter = insert(:user)
+ posting_account = insert(:user)
+ target_account = insert(:user)
+
+ {:ok, activity} = CommonAPI.post(posting_account, %{status: "foobar"})
+ {:ok, like} = CommonAPI.favorite(target_account, activity.id)
+ context = Utils.generate_context_id()
+ content = "foobar"
+
+ target_ap_id = target_account.ap_id
+ object_ap_id = activity.object.data["id"]
+
+ res =
+ Utils.make_flag_data(
+ %{
+ actor: reporter,
+ context: context,
+ account: target_account,
+ statuses: [%{"id" => like.data["id"]}],
+ content: content
+ },
+ %{}
+ )
+
+ note_obj = %{
+ "type" => "Note",
+ "id" => object_ap_id,
+ "content" => content,
+ "published" => activity.object.data["published"],
+ "actor" =>
+ AccountView.render("show.json", %{user: posting_account, skip_visibility_check: true})
+ }
+
+ assert %{
+ "type" => "Flag",
+ "content" => ^content,
+ "context" => ^context,
+ "object" => [^target_ap_id, ^note_obj],
+ "state" => "open"
+ } = res
+ end
end
describe "add_announce_to_object/2" do
diff --git a/test/pleroma/web/admin_api/controllers/report_controller_test.exs b/test/pleroma/web/admin_api/controllers/report_controller_test.exs
@@ -76,7 +76,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
assert response["id"] == report_id
assert [status] = response["statuses"]
- assert activity.data["id"] == status["uri"]
+ assert activity.object.data["id"] == status["uri"]
assert activity.object.data["content"] == status["content"]
end
diff --git a/test/pleroma/web/common_api_test.exs b/test/pleroma/web/common_api_test.exs
@@ -1100,10 +1100,11 @@ defmodule Pleroma.Web.CommonAPITest do
target_user = insert(:user)
{:ok, activity} = CommonAPI.post(target_user, %{status: "foobar"})
+ activity = Activity.normalize(activity)
reporter_ap_id = reporter.ap_id
target_ap_id = target_user.ap_id
- activity_ap_id = activity.data["id"]
+ reported_object_ap_id = activity.object.data["id"]
comment = "foobar"
report_data = %{
@@ -1114,7 +1115,7 @@ defmodule Pleroma.Web.CommonAPITest do
note_obj = %{
"type" => "Note",
- "id" => activity_ap_id,
+ "id" => reported_object_ap_id,
"content" => "foobar",
"published" => activity.object.data["published"],
"actor" => AccountView.render("show.json", %{user: target_user})
@@ -1136,6 +1137,7 @@ defmodule Pleroma.Web.CommonAPITest do
test "updates report state" do
[reporter, target_user] = insert_pair(:user)
activity = insert(:note_activity, user: target_user)
+ object = Object.normalize(activity)
{:ok, %Activity{id: report_id}} =
CommonAPI.report(reporter, %{
@@ -1148,10 +1150,10 @@ defmodule Pleroma.Web.CommonAPITest do
assert report.data["state"] == "resolved"
- [reported_user, activity_id] = report.data["object"]
+ [reported_user, object_id] = report.data["object"]
assert reported_user == target_user.ap_id
- assert activity_id == activity.data["id"]
+ assert object_id == object.data["id"]
end
test "updates report state, don't strip when report_strip_status is false" do
diff --git a/test/pleroma/web/mastodon_api/controllers/report_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/report_controller_test.exs
@@ -5,6 +5,8 @@
defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do
use Pleroma.Web.ConnCase, async: true
+ alias Pleroma.Activity
+ alias Pleroma.Repo
alias Pleroma.Web.CommonAPI
import Pleroma.Factory
@@ -27,6 +29,41 @@ defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do
|> json_response_and_validate_schema(200)
end
+ test "submit a report with a fake Create", %{
+ conn: conn
+ } do
+ target_user = insert(:user)
+
+ note = insert(:note, user: target_user)
+
+ activity_params = %{
+ "object" => note.data["id"],
+ "actor" => note.data["actor"],
+ "to" => note.data["to"] || [],
+ "cc" => note.data["cc"] || [],
+ "type" => "Create"
+ }
+
+ {:ok, fake_activity} =
+ Repo.insert(%Activity{
+ data: activity_params,
+ recipients: activity_params["to"] ++ activity_params["cc"],
+ local: true,
+ actor: activity_params["actor"]
+ })
+
+ assert %{"action_taken" => false, "id" => _} =
+ conn
+ |> put_req_header("content-type", "application/json")
+ |> post("/api/v1/reports", %{
+ "account_id" => target_user.id,
+ "status_ids" => [fake_activity.id],
+ "comment" => "bad status!",
+ "forward" => "false"
+ })
+ |> json_response_and_validate_schema(200)
+ end
+
test "submit a report with statuses and comment", %{
conn: conn,
target_user: target_user,