From 1ca080c8628d261cdb95145331aa36e631e90a3f Mon Sep 17 00:00:00 2001
From: eal <eal@waifu.club>
Date: Fri, 14 Dec 2018 07:56:49 +0200
Subject: [PATCH] Prevent accidental double RTs or favorites

---
 lib/pleroma/web/common_api/common_api.ex |  7 +++--
 test/web/common_api/common_api_test.exs  | 39 ++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex
index e3385310f..f01d36370 100644
--- a/lib/pleroma/web/common_api/common_api.ex
+++ b/lib/pleroma/web/common_api/common_api.ex
@@ -1,6 +1,7 @@
 defmodule Pleroma.Web.CommonAPI do
   alias Pleroma.{User, Repo, Activity, Object}
   alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Web.ActivityPub.Utils
   alias Pleroma.Formatter
 
   import Pleroma.Web.CommonAPI.Utils
@@ -16,7 +17,8 @@ defmodule Pleroma.Web.CommonAPI do
 
   def repeat(id_or_ap_id, user) do
     with %Activity{} = activity <- get_by_id_or_ap_id(id_or_ap_id),
-         object <- Object.normalize(activity.data["object"]["id"]) do
+         object <- Object.normalize(activity.data["object"]["id"]),
+         nil <- Utils.get_existing_announce(user.ap_id, object) do
       ActivityPub.announce(user, object)
     else
       _ ->
@@ -36,7 +38,8 @@ defmodule Pleroma.Web.CommonAPI do
 
   def favorite(id_or_ap_id, user) do
     with %Activity{} = activity <- get_by_id_or_ap_id(id_or_ap_id),
-         object <- Object.normalize(activity.data["object"]["id"]) do
+         object <- Object.normalize(activity.data["object"]["id"]),
+         nil <- Utils.get_existing_like(user.ap_id, object) do
       ActivityPub.like(user, object)
     else
       _ ->
diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs
index 8fc65f4c0..0b5a235f8 100644
--- a/test/web/common_api/common_api_test.exs
+++ b/test/web/common_api/common_api_test.exs
@@ -2,6 +2,7 @@ defmodule Pleroma.Web.CommonAPI.Test do
   use Pleroma.DataCase
   alias Pleroma.Web.CommonAPI
   alias Pleroma.User
+  alias Pleroma.Activity
 
   import Pleroma.Factory
 
@@ -53,4 +54,42 @@ defmodule Pleroma.Web.CommonAPI.Test do
       assert content == "<p><b>2hu</b></p>alert('xss')"
     end
   end
+
+  describe "reactions" do
+    test "repeating a status" do
+      user = insert(:user)
+      other_user = insert(:user)
+
+      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+
+      {:ok, %Activity{}, _} = CommonAPI.repeat(activity.id, user)
+    end
+
+    test "favoriting a status" do
+      user = insert(:user)
+      other_user = insert(:user)
+
+      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+
+      {:ok, %Activity{}, _} = CommonAPI.favorite(activity.id, user)
+    end
+
+    test "retweeting a status twice returns an error" do
+      user = insert(:user)
+      other_user = insert(:user)
+
+      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+      {:ok, %Activity{}, _object} = CommonAPI.repeat(activity.id, user)
+      {:error, _} = CommonAPI.repeat(activity.id, user)
+    end
+
+    test "favoriting a status twice returns an error" do
+      user = insert(:user)
+      other_user = insert(:user)
+
+      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+      {:ok, %Activity{}, _object} = CommonAPI.favorite(activity.id, user)
+      {:error, _} = CommonAPI.favorite(activity.id, user)
+    end
+  end
 end