Merge branch 'feature/restrict-c2s' into 'develop'

AP C2S: Restrict creation to `Note`s for now.

See merge request pleroma/pleroma!2472
This commit is contained in:
Haelwenn 2020-05-07 22:29:16 +00:00
commit 769d95644d
2 changed files with 19 additions and 1 deletions

View File

@ -396,7 +396,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
|> json(err) |> json(err)
end end
defp handle_user_activity(%User{} = user, %{"type" => "Create"} = params) do defp handle_user_activity(
%User{} = user,
%{"type" => "Create", "object" => %{"type" => "Note"}} = params
) do
object = object =
params["object"] params["object"]
|> Map.merge(Map.take(params, ["to", "cc"])) |> Map.merge(Map.take(params, ["to", "cc"]))

View File

@ -815,6 +815,21 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
assert object["content"] == activity["object"]["content"] assert object["content"] == activity["object"]["content"]
end end
test "it rejects anything beyond 'Note' creations", %{conn: conn, activity: activity} do
user = insert(:user)
activity =
activity
|> put_in(["object", "type"], "Benis")
_result =
conn
|> assign(:user, user)
|> put_req_header("content-type", "application/activity+json")
|> post("/users/#{user.nickname}/outbox", activity)
|> json_response(400)
end
test "it inserts an incoming sensitive activity into the database", %{ test "it inserts an incoming sensitive activity into the database", %{
conn: conn, conn: conn,
activity: activity activity: activity