Merge branch 'bugfix-truncate-remote-user-fields' into 'develop' - pleroma - My custom branche(s) on git.pleroma.social/pleroma/pleroma

commit: fcf9ad5573d3d718e9c1a8db4671e921c39680cf
parent c91fc03e6193cb82e5565abf7eee157210252152
Author: feld <feld@feld.me>
Date:   Fri, 16 Aug 2024 00:37:10 +0000

Merge branch 'bugfix-truncate-remote-user-fields' into 'develop'

User: truncate remote user fields instead of rejecting

See merge request pleroma/pleroma!4220
Diffstat:
A changelog.d/bugfix-truncate-remote-user-fields.fix 1 +
M lib/pleroma/user.ex 2 ++
M test/pleroma/user_test.exs 15 +++++++++++++++
M test/pleroma/web/activity_pub/transmogrifier/user_update_handling_test.exs 4 ++--

4 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/changelog.d/bugfix-truncate-remote-user-fields.fix b/changelog.d/bugfix-truncate-remote-user-fields.fix
@@ -0,0 +1 @@
+Truncate remote user fields, avoids them getting rejected
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
@@ -463,6 +463,7 @@ defmodule Pleroma.User do
   def remote_user_changeset(struct \\ %User{local: false}, params) do
     bio_limit = Config.get([:instance, :user_bio_length], 5000)
     name_limit = Config.get([:instance, :user_name_length], 100)
+    fields_limit = Config.get([:instance, :max_remote_account_fields], 0)
 
     name =
       case params[:name] do
@@ -476,6 +477,7 @@ defmodule Pleroma.User do
       |> Map.put_new(:last_refreshed_at, NaiveDateTime.utc_now())
       |> truncate_if_exists(:name, name_limit)
       |> truncate_if_exists(:bio, bio_limit)
+      |> Map.update(:fields, [], &Enum.take(&1, fields_limit))
       |> truncate_fields_param()
       |> fix_follower_address()
 
diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs
@@ -1075,6 +1075,21 @@ defmodule Pleroma.UserTest do
 
       refute cs.valid?
     end
+
+    test "it truncates fields" do
+      clear_config([:instance, :max_remote_account_fields], 2)
+
+      fields = [
+        %{"name" => "One", "value" => "Uno"},
+        %{"name" => "Two", "value" => "Dos"},
+        %{"name" => "Three", "value" => "Tres"}
+      ]
+
+      cs = User.remote_user_changeset(@valid_remote |> Map.put(:fields, fields))
+
+      assert [%{"name" => "One", "value" => "Uno"}, %{"name" => "Two", "value" => "Dos"}] ==
+               Ecto.Changeset.get_field(cs, :fields)
+    end
   end
 
   describe "followers and friends" do
diff --git a/test/pleroma/web/activity_pub/transmogrifier/user_update_handling_test.exs b/test/pleroma/web/activity_pub/transmogrifier/user_update_handling_test.exs
@@ -119,8 +119,8 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.UserUpdateHandlingTest do
     user = User.get_cached_by_ap_id(user.ap_id)
 
     assert user.fields == [
-             %{"name" => "foo", "value" => "updated"},
-             %{"name" => "foo1", "value" => "updated"}
+             %{"name" => "foo", "value" => "bar"},
+             %{"name" => "foo11", "value" => "bar11"}
            ]
 
     update_data =

A	changelog.d/bugfix-truncate-remote-user-fields.fix	1	+
M	lib/pleroma/user.ex	2	++
M	test/pleroma/user_test.exs	15	+++++++++++++++
M	test/pleroma/web/activity_pub/transmogrifier/user_update_handling_test.exs	4	++--