logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma
commit: f745e823f0acf6e10f777d6b924993f99e26a2c2
parent: 9cdbac6843db7bc5a3a69bc14d9368d5f9d7b4e6
Author: lambda <pleromagit@rogerbraun.net>
Date:   Sat, 10 Nov 2018 12:37:18 +0000

Merge branch 'bugfix/json-ld-object-sanitization' into 'develop'

JSON-LD: object sanitization

See merge request pleroma/pleroma!438

Diffstat:

Mlib/pleroma/web/activity_pub/transmogrifier.ex25+++++++++++++++++++++++++
Mlib/pleroma/web/activity_pub/views/object_view.ex14+++++++++++++-
Mtest/web/activity_pub/transmogrifier_test.exs33+++++++++++++++++++++++++++++++++
3 files changed, 71 insertions(+), 1 deletion(-)

diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -589,6 +589,8 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do |> prepare_attachments |> set_conversation |> set_reply_to_uri + |> strip_internal_fields + |> strip_internal_tags end # @doc @@ -755,6 +757,29 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do |> Map.put("attachment", attachments) end + defp strip_internal_fields(object) do + object + |> Map.drop([ + "likes", + "like_count", + "announcements", + "announcement_count", + "emoji", + "context_id" + ]) + end + + defp strip_internal_tags(%{"tag" => tags} = object) do + tags = + tags + |> Enum.filter(fn x -> is_map(x) end) + + object + |> Map.put("tag", tags) + end + + defp strip_internal_tags(object), do: object + defp user_upgrade_task(user) do old_follower_address = User.ap_followers(user) diff --git a/lib/pleroma/web/activity_pub/views/object_view.ex b/lib/pleroma/web/activity_pub/views/object_view.ex @@ -1,11 +1,23 @@ defmodule Pleroma.Web.ActivityPub.ObjectView do use Pleroma.Web, :view + alias Pleroma.{Object, Activity} alias Pleroma.Web.ActivityPub.Transmogrifier - def render("object.json", %{object: object}) do + def render("object.json", %{object: %Object{} = object}) do base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header() additional = Transmogrifier.prepare_object(object.data) Map.merge(base, additional) end + + def render("object.json", %{object: %Activity{} = activity}) do + base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header() + object = Object.normalize(activity.data["object"]) + + additional = + Transmogrifier.prepare_object(activity.data) + |> Map.put("object", Transmogrifier.prepare_object(object.data)) + + Map.merge(base, additional) + end end diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs @@ -743,6 +743,39 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do assert modified["object"]["inReplyTo"] == "http://gs.example.org:4040/index.php/notice/29" end + + test "it strips internal hashtag data" do + user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu"}) + + expected_tag = %{ + "href" => Pleroma.Web.Endpoint.url() <> "/tags/2hu", + "type" => "Hashtag", + "name" => "#2hu" + } + + {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) + + assert modified["object"]["tag"] == [expected_tag] + end + + test "it strips internal fields" do + user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu :moominmamma:"}) + + {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) + + assert length(modified["object"]["tag"]) == 2 + + assert is_nil(modified["object"]["emoji"]) + assert is_nil(modified["object"]["likes"]) + assert is_nil(modified["object"]["like_count"]) + assert is_nil(modified["object"]["announcements"]) + assert is_nil(modified["object"]["announcement_count"]) + assert is_nil(modified["object"]["context_id"]) + end end describe "user upgrade" do