commit: 5ce118d970d3d7a2a5dd0a3719feb1d53be6b5ae
parent 4367489a3e8eb8682d717014eea9092d7679c070
Author: Tusooa Zhu <tusooa@kazv.moe>
Date: Sun, 3 Jul 2022 20:19:50 -0400
Validate object data for incoming Update activities
In Create validator we do not validate the object data,
but that is because the object itself will go through the
pipeline again, which is not the case for Update. Thus,
we added validation for objects in Update activities.
Diffstat:
2 files changed, 43 insertions(+), 2 deletions(-)
diff --git a/lib/pleroma/web/activity_pub/object_validator.ex b/lib/pleroma/web/activity_pub/object_validator.ex
@@ -152,8 +152,8 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do
)
when objtype in ~w[Question Answer Audio Video Event Article Note Page] do
with {_, false} <- {:local, Access.get(meta, :local, false)},
- {:ok, object_data} <- cast_and_apply(object),
- meta = Keyword.put(meta, :object_data, object_data |> stringify_keys),
+ {_, {:ok, object_data, _}} <- {:object_validation, validate(object, meta)},
+ meta = Keyword.put(meta, :object_data, object_data),
{:ok, update_activity} <-
update_activity
|> UpdateValidator.cast_and_validate()
@@ -169,6 +169,9 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do
object = stringify_keys(object)
{:ok, object, meta}
end
+
+ {:object_validation, e} ->
+ e
end
end
diff --git a/test/pleroma/web/activity_pub/object_validators/update_handling_test.exs b/test/pleroma/web/activity_pub/object_validators/update_handling_test.exs
@@ -127,4 +127,42 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateHandlingTest do
assert meta[:object_data]
end
end
+
+ describe "update with history" do
+ setup do
+ user = insert(:user)
+ {:ok, activity} = Pleroma.Web.CommonAPI.post(user, %{status: "mew mew :dinosaur:"})
+ {:ok, edit} = Pleroma.Web.CommonAPI.update(user, activity, %{status: "edited :blank:"})
+ {:ok, external_rep} = Pleroma.Web.ActivityPub.Transmogrifier.prepare_outgoing(edit.data)
+ %{external_rep: external_rep}
+ end
+
+ test "edited note", %{external_rep: external_rep} do
+ {:ok, _validate_res, meta} = ObjectValidator.validate(external_rep, [])
+
+ assert %{"formerRepresentations" => %{"orderedItems" => [%{"emoji" => %{"dinosaur" => _}}]}} =
+ meta[:object_data]
+ end
+
+ test "edited note, badly-formed formerRepresentations", %{external_rep: external_rep} do
+ external_rep = put_in(external_rep, ["object", "formerRepresentations"], %{})
+
+ assert {:error, _} = ObjectValidator.validate(external_rep, [])
+ end
+
+ test "edited note, badly-formed history item", %{external_rep: external_rep} do
+ history_item =
+ Enum.at(external_rep["object"]["formerRepresentations"]["orderedItems"], 0)
+ |> Map.put("type", "Foo")
+
+ external_rep =
+ put_in(
+ external_rep,
+ ["object", "formerRepresentations", "orderedItems"],
+ [history_item]
+ )
+
+ assert {:error, _} = ObjectValidator.validate(external_rep, [])
+ end
+ end
end
