commit: 6c06529cd4549fca3ba4b1de72838240463f8306
parent b431b565f0d4eb944826c2a2745201d9bb62956e
Author: kaniini <ariadne@dereferenced.org>
Date: Wed, 31 Jul 2019 19:13:56 +0000
Merge branch 'fix/disallow-ostatus-follows-locked' into 'develop'
Disallow following locked accounts over OStatus
See merge request pleroma/pleroma!1512
Diffstat:
2 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/lib/pleroma/web/ostatus/handlers/follow_handler.ex b/lib/pleroma/web/ostatus/handlers/follow_handler.ex
@@ -14,9 +14,13 @@ defmodule Pleroma.Web.OStatus.FollowHandler do
followed_uri when not is_nil(followed_uri) <-
XML.string_from_xpath("/entry/activity:object/id", entry),
{:ok, followed} <- OStatus.find_or_make_user(followed_uri),
+ {:locked, false} <- {:locked, followed.info.locked},
{:ok, activity} <- ActivityPub.follow(actor, followed, id, false) do
User.follow(actor, followed)
{:ok, activity}
+ else
+ {:locked, true} ->
+ {:error, "It's not possible to follow locked accounts over OStatus"}
end
end
end
diff --git a/test/web/ostatus/ostatus_test.exs b/test/web/ostatus/ostatus_test.exs
@@ -326,6 +326,14 @@ defmodule Pleroma.Web.OStatusTest do
assert User.following?(follower, followed)
end
+ test "refuse following over OStatus if the followed's account is locked" do
+ incoming = File.read!("test/fixtures/follow.xml")
+ _user = insert(:user, info: %{locked: true}, ap_id: "https://pawoo.net/users/pekorino")
+
+ {:ok, [{:error, "It's not possible to follow locked accounts over OStatus"}]} =
+ OStatus.handle_incoming(incoming)
+ end
+
test "handle incoming unfollows with existing follow" do
incoming_follow = File.read!("test/fixtures/follow.xml")
{:ok, [_activity]} = OStatus.handle_incoming(incoming_follow)
