Merge branch 'security/fix-local-locked-accounts' into 'develop'
security: fix local locked accounts Closes #316 See merge request pleroma/pleroma!372
This commit is contained in:
commit
117e005409
@ -184,7 +184,15 @@ defmodule Pleroma.User do
|
|||||||
|
|
||||||
def needs_update?(_), do: true
|
def needs_update?(_), do: true
|
||||||
|
|
||||||
def maybe_direct_follow(%User{} = follower, %User{info: info} = followed) do
|
def maybe_direct_follow(%User{} = follower, %User{local: true, info: %{"locked" => true}}) do
|
||||||
|
{:ok, follower}
|
||||||
|
end
|
||||||
|
|
||||||
|
def maybe_direct_follow(%User{} = follower, %User{local: true} = followed) do
|
||||||
|
follow(follower, followed)
|
||||||
|
end
|
||||||
|
|
||||||
|
def maybe_direct_follow(%User{} = follower, %User{} = followed) do
|
||||||
if !User.ap_enabled?(followed) do
|
if !User.ap_enabled?(followed) do
|
||||||
follow(follower, followed)
|
follow(follower, followed)
|
||||||
else
|
else
|
||||||
@ -728,6 +736,7 @@ defmodule Pleroma.User do
|
|||||||
Repo.insert(cs, on_conflict: :replace_all, conflict_target: :nickname)
|
Repo.insert(cs, on_conflict: :replace_all, conflict_target: :nickname)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def ap_enabled?(%User{local: true}), do: true
|
||||||
def ap_enabled?(%User{info: info}), do: info["ap_enabled"]
|
def ap_enabled?(%User{info: info}), do: info["ap_enabled"]
|
||||||
def ap_enabled?(_), do: false
|
def ap_enabled?(_), do: false
|
||||||
|
|
||||||
|
@ -55,6 +55,15 @@ defmodule Pleroma.UserTest do
|
|||||||
{:error, _} = User.follow(blockee, blocker)
|
{:error, _} = User.follow(blockee, blocker)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "local users do not automatically follow local locked accounts" do
|
||||||
|
follower = insert(:user, info: %{"locked" => true})
|
||||||
|
followed = insert(:user, info: %{"locked" => true})
|
||||||
|
|
||||||
|
{:ok, follower} = User.maybe_direct_follow(follower, followed)
|
||||||
|
|
||||||
|
refute User.following?(follower, followed)
|
||||||
|
end
|
||||||
|
|
||||||
# This is a somewhat useless test.
|
# This is a somewhat useless test.
|
||||||
# test "following a remote user will ensure a websub subscription is present" do
|
# test "following a remote user will ensure a websub subscription is present" do
|
||||||
# user = insert(:user)
|
# user = insert(:user)
|
||||||
|
Loading…
Reference in New Issue
Block a user