mirror of
https://git.bsd.gay/fef/nyastodon.git
synced 2025-01-11 16:56:59 +01:00
Add stricter protocol fields validation for accounts (#25937)
This commit is contained in:
parent
1cceb62afd
commit
1e3b19230a
19 changed files with 96 additions and 49 deletions
|
@ -89,12 +89,19 @@ class Account < ApplicationRecord
|
|||
# Remote user validations, also applies to internal actors
|
||||
validates :username, format: { with: USERNAME_ONLY_RE }, if: -> { (!local? || actor_type == 'Application') && will_save_change_to_username? }
|
||||
|
||||
# Remote user validations
|
||||
validates :uri, presence: true, unless: :local?, on: :create
|
||||
|
||||
# Local user validations
|
||||
validates :username, format: { with: /\A[a-z0-9_]+\z/i }, length: { maximum: 30 }, if: -> { local? && will_save_change_to_username? && actor_type != 'Application' }
|
||||
validates_with UnreservedUsernameValidator, if: -> { local? && will_save_change_to_username? && actor_type != 'Application' }
|
||||
validates :display_name, length: { maximum: 30 }, if: -> { local? && will_save_change_to_display_name? }
|
||||
validates :note, note_length: { maximum: 500 }, if: -> { local? && will_save_change_to_note? }
|
||||
validates :fields, length: { maximum: 4 }, if: -> { local? && will_save_change_to_fields? }
|
||||
validates :uri, absence: true, if: :local?, on: :create
|
||||
validates :inbox_url, absence: true, if: :local?, on: :create
|
||||
validates :shared_inbox_url, absence: true, if: :local?, on: :create
|
||||
validates :followers_url, absence: true, if: :local?, on: :create
|
||||
|
||||
scope :remote, -> { where.not(domain: nil) }
|
||||
scope :local, -> { where(domain: nil) }
|
||||
|
|
|
@ -79,7 +79,7 @@ class ActivityPub::ProcessAccountService < BaseService
|
|||
|
||||
set_immediate_protocol_attributes!
|
||||
|
||||
@account.save
|
||||
@account.save!
|
||||
end
|
||||
|
||||
def update_account
|
||||
|
|
|
@ -13,5 +13,6 @@ Fabricator(:account) do
|
|||
suspended_at { |attrs| attrs[:suspended] ? Time.now.utc : nil }
|
||||
silenced_at { |attrs| attrs[:silenced] ? Time.now.utc : nil }
|
||||
user { |attrs| attrs[:domain].nil? ? Fabricate.build(:user, account: nil) : nil }
|
||||
uri { |attrs| attrs[:domain].nil? ? '' : "https://#{attrs[:domain]}/users/#{attrs[:username]}" }
|
||||
discoverable true
|
||||
end
|
||||
|
|
|
@ -5,15 +5,15 @@ require 'rails_helper'
|
|||
RSpec.describe AccountReachFinder do
|
||||
let(:account) { Fabricate(:account) }
|
||||
|
||||
let(:ap_follower_example_com) { Fabricate(:account, protocol: :activitypub, inbox_url: 'https://example.com/inbox-1') }
|
||||
let(:ap_follower_example_org) { Fabricate(:account, protocol: :activitypub, inbox_url: 'https://example.org/inbox-2') }
|
||||
let(:ap_follower_with_shared) { Fabricate(:account, protocol: :activitypub, inbox_url: 'https://foo.bar/users/a/inbox', shared_inbox_url: 'https://foo.bar/inbox') }
|
||||
let(:ap_follower_example_com) { Fabricate(:account, protocol: :activitypub, inbox_url: 'https://example.com/inbox-1', domain: 'example.com') }
|
||||
let(:ap_follower_example_org) { Fabricate(:account, protocol: :activitypub, inbox_url: 'https://example.org/inbox-2', domain: 'example.org') }
|
||||
let(:ap_follower_with_shared) { Fabricate(:account, protocol: :activitypub, inbox_url: 'https://foo.bar/users/a/inbox', domain: 'foo.bar', shared_inbox_url: 'https://foo.bar/inbox') }
|
||||
|
||||
let(:ap_mentioned_with_shared) { Fabricate(:account, protocol: :activitypub, inbox_url: 'https://foo.bar/users/b/inbox', shared_inbox_url: 'https://foo.bar/inbox') }
|
||||
let(:ap_mentioned_example_com) { Fabricate(:account, protocol: :activitypub, inbox_url: 'https://example.com/inbox-3') }
|
||||
let(:ap_mentioned_example_org) { Fabricate(:account, protocol: :activitypub, inbox_url: 'https://example.org/inbox-4') }
|
||||
let(:ap_mentioned_with_shared) { Fabricate(:account, protocol: :activitypub, inbox_url: 'https://foo.bar/users/b/inbox', domain: 'foo.bar', shared_inbox_url: 'https://foo.bar/inbox') }
|
||||
let(:ap_mentioned_example_com) { Fabricate(:account, protocol: :activitypub, inbox_url: 'https://example.com/inbox-3', domain: 'example.com') }
|
||||
let(:ap_mentioned_example_org) { Fabricate(:account, protocol: :activitypub, inbox_url: 'https://example.org/inbox-4', domain: 'example.org') }
|
||||
|
||||
let(:unrelated_account) { Fabricate(:account, protocol: :activitypub, inbox_url: 'https://example.com/unrelated-inbox') }
|
||||
let(:unrelated_account) { Fabricate(:account, protocol: :activitypub, inbox_url: 'https://example.com/unrelated-inbox', domain: 'example.com') }
|
||||
|
||||
before do
|
||||
ap_follower_example_com.follow!(account)
|
||||
|
|
|
@ -5,7 +5,7 @@ require 'rails_helper'
|
|||
RSpec.describe ActivityPub::Activity::Announce do
|
||||
subject { described_class.new(json, sender) }
|
||||
|
||||
let(:sender) { Fabricate(:account, followers_url: 'http://example.com/followers', uri: 'https://example.com/actor') }
|
||||
let(:sender) { Fabricate(:account, followers_url: 'http://example.com/followers', uri: 'https://example.com/actor', domain: 'example.com') }
|
||||
let(:recipient) { Fabricate(:account) }
|
||||
let(:status) { Fabricate(:status, account: recipient) }
|
||||
|
||||
|
@ -114,7 +114,7 @@ RSpec.describe ActivityPub::Activity::Announce do
|
|||
context 'when the sender is relayed' do
|
||||
subject { described_class.new(json, sender, relayed_through_actor: relay_account) }
|
||||
|
||||
let!(:relay_account) { Fabricate(:account, inbox_url: 'https://relay.example.com/inbox') }
|
||||
let!(:relay_account) { Fabricate(:account, inbox_url: 'https://relay.example.com/inbox', domain: 'relay.example.com') }
|
||||
let!(:relay) { Fabricate(:relay, inbox_url: 'https://relay.example.com/inbox') }
|
||||
|
||||
let(:object_json) { 'https://example.com/actor/hello-world' }
|
||||
|
|
|
@ -5,22 +5,38 @@ require 'rails_helper'
|
|||
RSpec.describe ActivityPub::Activity::Update do
|
||||
subject { described_class.new(json, sender) }
|
||||
|
||||
let!(:sender) { Fabricate(:account) }
|
||||
|
||||
before do
|
||||
sender.update!(uri: ActivityPub::TagManager.instance.uri_for(sender))
|
||||
end
|
||||
let!(:sender) { Fabricate(:account, domain: 'example.com', inbox_url: 'https://example.com/foo/inbox', outbox_url: 'https://example.com/foo/outbox') }
|
||||
|
||||
describe '#perform' do
|
||||
context 'with an Actor object' do
|
||||
let(:modified_sender) do
|
||||
sender.tap do |modified_sender|
|
||||
modified_sender.display_name = 'Totally modified now'
|
||||
end
|
||||
end
|
||||
|
||||
let(:actor_json) do
|
||||
ActiveModelSerializers::SerializableResource.new(modified_sender, serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter).as_json
|
||||
{
|
||||
'@context': [
|
||||
'https://www.w3.org/ns/activitystreams',
|
||||
'https://w3id.org/security/v1',
|
||||
{
|
||||
manuallyApprovesFollowers: 'as:manuallyApprovesFollowers',
|
||||
toot: 'http://joinmastodon.org/ns#',
|
||||
featured: { '@id': 'toot:featured', '@type': '@id' },
|
||||
featuredTags: { '@id': 'toot:featuredTags', '@type': '@id' },
|
||||
},
|
||||
],
|
||||
id: sender.uri,
|
||||
type: 'Person',
|
||||
following: 'https://example.com/users/dfsdf/following',
|
||||
followers: 'https://example.com/users/dfsdf/followers',
|
||||
inbox: sender.inbox_url,
|
||||
outbox: sender.outbox_url,
|
||||
featured: 'https://example.com/users/dfsdf/featured',
|
||||
featuredTags: 'https://example.com/users/dfsdf/tags',
|
||||
preferredUsername: sender.username,
|
||||
name: 'Totally modified now',
|
||||
publicKey: {
|
||||
id: "#{sender.uri}#main-key",
|
||||
owner: sender.uri,
|
||||
publicKeyPem: sender.public_key,
|
||||
},
|
||||
}
|
||||
end
|
||||
|
||||
let(:json) do
|
||||
|
@ -28,7 +44,7 @@ RSpec.describe ActivityPub::Activity::Update do
|
|||
'@context': 'https://www.w3.org/ns/activitystreams',
|
||||
id: 'foo',
|
||||
type: 'Update',
|
||||
actor: ActivityPub::TagManager.instance.uri_for(sender),
|
||||
actor: sender.uri,
|
||||
object: actor_json,
|
||||
}.with_indifferent_access
|
||||
end
|
||||
|
@ -38,6 +54,7 @@ RSpec.describe ActivityPub::Activity::Update do
|
|||
stub_request(:get, actor_json[:followers]).to_return(status: 404)
|
||||
stub_request(:get, actor_json[:following]).to_return(status: 404)
|
||||
stub_request(:get, actor_json[:featured]).to_return(status: 404)
|
||||
stub_request(:get, actor_json[:featuredTags]).to_return(status: 404)
|
||||
|
||||
subject.perform
|
||||
end
|
||||
|
@ -49,17 +66,17 @@ RSpec.describe ActivityPub::Activity::Update do
|
|||
|
||||
context 'with a Question object' do
|
||||
let!(:at_time) { Time.now.utc }
|
||||
let!(:status) { Fabricate(:status, account: sender, poll: Poll.new(account: sender, options: %w(Bar Baz), cached_tallies: [0, 0], expires_at: at_time + 5.days)) }
|
||||
let!(:status) { Fabricate(:status, uri: 'https://example.com/statuses/poll', account: sender, poll: Poll.new(account: sender, options: %w(Bar Baz), cached_tallies: [0, 0], expires_at: at_time + 5.days)) }
|
||||
|
||||
let(:json) do
|
||||
{
|
||||
'@context': 'https://www.w3.org/ns/activitystreams',
|
||||
id: 'foo',
|
||||
type: 'Update',
|
||||
actor: ActivityPub::TagManager.instance.uri_for(sender),
|
||||
actor: sender.uri,
|
||||
object: {
|
||||
type: 'Question',
|
||||
id: ActivityPub::TagManager.instance.uri_for(status),
|
||||
id: status.uri,
|
||||
content: 'Foo',
|
||||
endTime: (at_time + 5.days).iso8601,
|
||||
oneOf: [
|
||||
|
|
|
@ -7,7 +7,7 @@ RSpec.describe ActivityPub::LinkedDataSignature do
|
|||
|
||||
subject { described_class.new(json) }
|
||||
|
||||
let!(:sender) { Fabricate(:account, uri: 'http://example.com/alice') }
|
||||
let!(:sender) { Fabricate(:account, uri: 'http://example.com/alice', domain: 'example.com') }
|
||||
|
||||
let(:raw_json) do
|
||||
{
|
||||
|
|
|
@ -139,7 +139,7 @@ RSpec.describe ActivityPub::TagManager do
|
|||
end
|
||||
|
||||
it 'returns the remote account by matching URI without fragment part' do
|
||||
account = Fabricate(:account, uri: 'https://example.com/123')
|
||||
account = Fabricate(:account, uri: 'https://example.com/123', domain: 'example.com')
|
||||
expect(subject.uri_to_resource('https://example.com/123#456', Account)).to eq account
|
||||
end
|
||||
|
||||
|
|
|
@ -963,12 +963,12 @@ RSpec.describe Account do
|
|||
context 'when is remote' do
|
||||
it 'does not generate keys' do
|
||||
key = OpenSSL::PKey::RSA.new(1024).public_key
|
||||
account = described_class.create!(domain: 'remote', username: Faker::Internet.user_name(separators: ['_']), public_key: key.to_pem)
|
||||
account = described_class.create!(domain: 'remote', uri: 'https://remote/actor', username: Faker::Internet.user_name(separators: ['_']), public_key: key.to_pem)
|
||||
expect(account.keypair.params).to eq key.params
|
||||
end
|
||||
|
||||
it 'normalizes domain' do
|
||||
account = described_class.create!(domain: 'にゃん', username: Faker::Internet.user_name(separators: ['_']))
|
||||
account = described_class.create!(domain: 'にゃん', uri: 'https://xn--r9j5b5b/actor', username: Faker::Internet.user_name(separators: ['_']))
|
||||
expect(account.domain).to eq 'xn--r9j5b5b'
|
||||
end
|
||||
end
|
||||
|
|
|
@ -65,8 +65,8 @@ RSpec.describe DeleteAccountService, type: :service do
|
|||
stub_request(:post, 'https://bob.com/inbox').to_return(status: 201)
|
||||
end
|
||||
|
||||
let!(:remote_alice) { Fabricate(:account, inbox_url: 'https://alice.com/inbox', protocol: :activitypub) }
|
||||
let!(:remote_bob) { Fabricate(:account, inbox_url: 'https://bob.com/inbox', protocol: :activitypub) }
|
||||
let!(:remote_alice) { Fabricate(:account, inbox_url: 'https://alice.com/inbox', domain: 'alice.com', protocol: :activitypub) }
|
||||
let!(:remote_bob) { Fabricate(:account, inbox_url: 'https://bob.com/inbox', domain: 'bob.com', protocol: :activitypub) }
|
||||
|
||||
include_examples 'common behavior' do
|
||||
let!(:account) { Fabricate(:account) }
|
||||
|
@ -87,12 +87,34 @@ RSpec.describe DeleteAccountService, type: :service do
|
|||
end
|
||||
|
||||
include_examples 'common behavior' do
|
||||
let!(:account) { Fabricate(:account, inbox_url: 'https://bob.com/inbox', protocol: :activitypub) }
|
||||
let!(:account) { Fabricate(:account, inbox_url: 'https://bob.com/inbox', protocol: :activitypub, domain: 'bob.com') }
|
||||
let!(:local_follower) { Fabricate(:account) }
|
||||
|
||||
it 'sends a reject follow to follower inboxes' do
|
||||
it 'sends expected activities to followed and follower inboxes' do
|
||||
subject
|
||||
expect(a_request(:post, account.inbox_url)).to have_been_made.once
|
||||
|
||||
expect(a_request(:post, account.inbox_url).with(
|
||||
body:
|
||||
hash_including({
|
||||
'type' => 'Reject',
|
||||
'object' => hash_including({
|
||||
'type' => 'Follow',
|
||||
'actor' => account.uri,
|
||||
'object' => ActivityPub::TagManager.instance.uri_for(local_follower),
|
||||
}),
|
||||
})
|
||||
)).to have_been_made.once
|
||||
|
||||
expect(a_request(:post, account.inbox_url).with(
|
||||
body: hash_including({
|
||||
'type' => 'Undo',
|
||||
'object' => hash_including({
|
||||
'type' => 'Follow',
|
||||
'actor' => ActivityPub::TagManager.instance.uri_for(local_follower),
|
||||
'object' => account.uri,
|
||||
}),
|
||||
})
|
||||
)).to have_been_made.once
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -8,7 +8,7 @@ describe ResolveURLService, type: :service do
|
|||
describe '#call' do
|
||||
it 'returns nil when there is no resource url' do
|
||||
url = 'http://example.com/missing-resource'
|
||||
known_account = Fabricate(:account, uri: url)
|
||||
known_account = Fabricate(:account, uri: url, domain: 'example.com')
|
||||
service = instance_double(FetchResourceService)
|
||||
|
||||
allow(FetchResourceService).to receive(:new).and_return service
|
||||
|
@ -20,7 +20,7 @@ describe ResolveURLService, type: :service do
|
|||
|
||||
it 'returns known account on temporary error' do
|
||||
url = 'http://example.com/missing-resource'
|
||||
known_account = Fabricate(:account, uri: url)
|
||||
known_account = Fabricate(:account, uri: url, domain: 'example.com')
|
||||
service = instance_double(FetchResourceService)
|
||||
|
||||
allow(FetchResourceService).to receive(:new).and_return service
|
||||
|
|
|
@ -44,8 +44,8 @@ RSpec.describe SuspendAccountService, type: :service do
|
|||
|
||||
include_examples 'common behavior' do
|
||||
let!(:account) { Fabricate(:account) }
|
||||
let!(:remote_follower) { Fabricate(:account, uri: 'https://alice.com', inbox_url: 'https://alice.com/inbox', protocol: :activitypub) }
|
||||
let!(:remote_reporter) { Fabricate(:account, uri: 'https://bob.com', inbox_url: 'https://bob.com/inbox', protocol: :activitypub) }
|
||||
let!(:remote_follower) { Fabricate(:account, uri: 'https://alice.com', inbox_url: 'https://alice.com/inbox', protocol: :activitypub, domain: 'alice.com') }
|
||||
let!(:remote_reporter) { Fabricate(:account, uri: 'https://bob.com', inbox_url: 'https://bob.com/inbox', protocol: :activitypub, domain: 'bob.com') }
|
||||
let!(:report) { Fabricate(:report, account: remote_reporter, target_account: account) }
|
||||
|
||||
before do
|
||||
|
|
|
@ -38,8 +38,8 @@ RSpec.describe UnsuspendAccountService, type: :service do
|
|||
|
||||
include_examples 'with common context' do
|
||||
let!(:account) { Fabricate(:account) }
|
||||
let!(:remote_follower) { Fabricate(:account, uri: 'https://alice.com', inbox_url: 'https://alice.com/inbox', protocol: :activitypub) }
|
||||
let!(:remote_reporter) { Fabricate(:account, uri: 'https://bob.com', inbox_url: 'https://bob.com/inbox', protocol: :activitypub) }
|
||||
let!(:remote_follower) { Fabricate(:account, uri: 'https://alice.com', inbox_url: 'https://alice.com/inbox', protocol: :activitypub, domain: 'alice.com') }
|
||||
let!(:remote_reporter) { Fabricate(:account, uri: 'https://bob.com', inbox_url: 'https://bob.com/inbox', protocol: :activitypub, domain: 'bob.com') }
|
||||
let!(:report) { Fabricate(:report, account: remote_reporter, target_account: account) }
|
||||
|
||||
before do
|
||||
|
|
|
@ -6,7 +6,7 @@ describe ActivityPub::DistributePollUpdateWorker do
|
|||
subject { described_class.new }
|
||||
|
||||
let(:account) { Fabricate(:account) }
|
||||
let(:follower) { Fabricate(:account, protocol: :activitypub, inbox_url: 'http://example.com') }
|
||||
let(:follower) { Fabricate(:account, protocol: :activitypub, inbox_url: 'http://example.com', domain: 'example.com') }
|
||||
let(:poll) { Fabricate(:poll, account: account) }
|
||||
let!(:status) { Fabricate(:status, account: account, poll: poll) }
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@ describe ActivityPub::DistributionWorker do
|
|||
subject { described_class.new }
|
||||
|
||||
let(:status) { Fabricate(:status) }
|
||||
let(:follower) { Fabricate(:account, protocol: :activitypub, inbox_url: 'http://example.com') }
|
||||
let(:follower) { Fabricate(:account, protocol: :activitypub, inbox_url: 'http://example.com', domain: 'example.com') }
|
||||
|
||||
describe '#perform' do
|
||||
before do
|
||||
|
@ -36,7 +36,7 @@ describe ActivityPub::DistributionWorker do
|
|||
end
|
||||
|
||||
context 'with direct status' do
|
||||
let(:mentioned_account) { Fabricate(:account, protocol: :activitypub, inbox_url: 'https://foo.bar/inbox') }
|
||||
let(:mentioned_account) { Fabricate(:account, protocol: :activitypub, inbox_url: 'https://foo.bar/inbox', domain: 'foo.bar') }
|
||||
|
||||
before do
|
||||
status.update(visibility: :direct)
|
||||
|
|
|
@ -5,7 +5,7 @@ require 'rails_helper'
|
|||
describe ActivityPub::FetchRepliesWorker do
|
||||
subject { described_class.new }
|
||||
|
||||
let(:account) { Fabricate(:account, uri: 'https://example.com/user/1') }
|
||||
let(:account) { Fabricate(:account, domain: 'example.com') }
|
||||
let(:status) { Fabricate(:status, account: account) }
|
||||
|
||||
let(:payload) do
|
||||
|
|
|
@ -6,8 +6,8 @@ describe ActivityPub::MoveDistributionWorker do
|
|||
subject { described_class.new }
|
||||
|
||||
let(:migration) { Fabricate(:account_migration) }
|
||||
let(:follower) { Fabricate(:account, protocol: :activitypub, inbox_url: 'http://example.com') }
|
||||
let(:blocker) { Fabricate(:account, protocol: :activitypub, inbox_url: 'http://example2.com') }
|
||||
let(:follower) { Fabricate(:account, protocol: :activitypub, inbox_url: 'http://example.com', domain: 'example.com') }
|
||||
let(:blocker) { Fabricate(:account, protocol: :activitypub, inbox_url: 'http://example2.com', domain: 'example2.com') }
|
||||
|
||||
describe '#perform' do
|
||||
before do
|
||||
|
|
|
@ -6,7 +6,7 @@ describe ActivityPub::StatusUpdateDistributionWorker do
|
|||
subject { described_class.new }
|
||||
|
||||
let(:status) { Fabricate(:status, text: 'foo') }
|
||||
let(:follower) { Fabricate(:account, protocol: :activitypub, inbox_url: 'http://example.com') }
|
||||
let(:follower) { Fabricate(:account, protocol: :activitypub, inbox_url: 'http://example.com', domain: 'example.com') }
|
||||
|
||||
describe '#perform' do
|
||||
before do
|
||||
|
|
|
@ -6,7 +6,7 @@ describe ActivityPub::UpdateDistributionWorker do
|
|||
subject { described_class.new }
|
||||
|
||||
let(:account) { Fabricate(:account) }
|
||||
let(:follower) { Fabricate(:account, protocol: :activitypub, inbox_url: 'http://example.com') }
|
||||
let(:follower) { Fabricate(:account, protocol: :activitypub, inbox_url: 'http://example.com', domain: 'example.com') }
|
||||
|
||||
describe '#perform' do
|
||||
before do
|
||||
|
|
Loading…
Reference in a new issue