Merge branch 'strip-object-actor' into 'develop'
Strip actor from objects before federating Closes #3269 See merge request pleroma/pleroma!4105
This commit is contained in:
commit
e944b15298
6 changed files with 9 additions and 10 deletions
1
changelog.d/strip-object-actor.fix
Normal file
1
changelog.d/strip-object-actor.fix
Normal file
|
@ -0,0 +1 @@
|
|||
Strip actor property from objects before federating
|
|
@ -9,6 +9,7 @@ defmodule Pleroma.Constants do
|
|||
|
||||
const(object_internal_fields,
|
||||
do: [
|
||||
"actor",
|
||||
"reactions",
|
||||
"reaction_count",
|
||||
"likes",
|
||||
|
|
8
test/fixtures/create-chat-message.json
vendored
8
test/fixtures/create-chat-message.json
vendored
|
@ -1,10 +1,10 @@
|
|||
{
|
||||
"actor": "http://2hu.gensokyo/users/raymoo",
|
||||
"id": "http://2hu.gensokyo/objects/1",
|
||||
"actor": "http://mastodon.example.org/users/admin",
|
||||
"id": "http://mastodon.example.org/objects/1",
|
||||
"object": {
|
||||
"attributedTo": "http://2hu.gensokyo/users/raymoo",
|
||||
"attributedTo": "http://mastodon.example.org/users/admin",
|
||||
"content": "You expected a cute girl? Too bad. <script>alert('XSS')</script>",
|
||||
"id": "http://2hu.gensokyo/objects/2",
|
||||
"id": "http://mastodon.example.org/objects/2",
|
||||
"published": "2020-02-12T14:08:20Z",
|
||||
"to": [
|
||||
"http://2hu.gensokyo/users/marisa"
|
||||
|
|
|
@ -221,7 +221,6 @@ test "it creates a zip archive with user data" do
|
|||
"orderedItems" => [
|
||||
%{
|
||||
"object" => %{
|
||||
"actor" => "http://cofe.io/users/cofe",
|
||||
"content" => "status1",
|
||||
"type" => "Note"
|
||||
},
|
||||
|
@ -229,7 +228,6 @@ test "it creates a zip archive with user data" do
|
|||
},
|
||||
%{
|
||||
"object" => %{
|
||||
"actor" => "http://cofe.io/users/cofe",
|
||||
"content" => "status2"
|
||||
}
|
||||
},
|
||||
|
|
|
@ -116,8 +116,6 @@ test "it fetches the actor if they aren't in our system" do
|
|||
data =
|
||||
File.read!("test/fixtures/create-chat-message.json")
|
||||
|> Jason.decode!()
|
||||
|> Map.put("actor", "http://mastodon.example.org/users/admin")
|
||||
|> put_in(["object", "actor"], "http://mastodon.example.org/users/admin")
|
||||
|
||||
_recipient = insert(:user, ap_id: List.first(data["to"]), local: true)
|
||||
|
||||
|
|
|
@ -169,7 +169,7 @@ test "it inlines private announced objects" do
|
|||
{:ok, modified} = Transmogrifier.prepare_outgoing(announce_activity.data)
|
||||
|
||||
assert modified["object"]["content"] == "hey"
|
||||
assert modified["object"]["actor"] == modified["object"]["attributedTo"]
|
||||
assert activity.actor == modified["object"]["attributedTo"]
|
||||
end
|
||||
|
||||
test "it turns mentions into tags" do
|
||||
|
@ -220,7 +220,7 @@ test "it sets the 'attributedTo' property to the actor of the object if it doesn
|
|||
{:ok, activity} = CommonAPI.post(user, %{status: "hey"})
|
||||
{:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
|
||||
|
||||
assert modified["object"]["actor"] == modified["object"]["attributedTo"]
|
||||
assert activity.actor == modified["object"]["attributedTo"]
|
||||
end
|
||||
|
||||
test "it strips internal hashtag data" do
|
||||
|
@ -266,6 +266,7 @@ test "it strips internal fields" do
|
|||
assert is_nil(modified["object"]["announcements"])
|
||||
assert is_nil(modified["object"]["announcement_count"])
|
||||
assert is_nil(modified["object"]["generator"])
|
||||
assert is_nil(modified["object"]["actor"])
|
||||
end
|
||||
|
||||
test "it strips internal fields of article" do
|
||||
|
|
Loading…
Reference in a new issue