Merge branch 'fix/disallow-ostatus-follows-locked' into 'develop'

Disallow following locked accounts over OStatus

See merge request pleroma/pleroma!1512
This commit is contained in:
kaniini 2019-07-31 19:13:56 +00:00
commit 6c06529cd4
2 changed files with 12 additions and 0 deletions

View File

@ -14,9 +14,13 @@ defmodule Pleroma.Web.OStatus.FollowHandler do
followed_uri when not is_nil(followed_uri) <- followed_uri when not is_nil(followed_uri) <-
XML.string_from_xpath("/entry/activity:object/id", entry), XML.string_from_xpath("/entry/activity:object/id", entry),
{:ok, followed} <- OStatus.find_or_make_user(followed_uri), {:ok, followed} <- OStatus.find_or_make_user(followed_uri),
{:locked, false} <- {:locked, followed.info.locked},
{:ok, activity} <- ActivityPub.follow(actor, followed, id, false) do {:ok, activity} <- ActivityPub.follow(actor, followed, id, false) do
User.follow(actor, followed) User.follow(actor, followed)
{:ok, activity} {:ok, activity}
else
{:locked, true} ->
{:error, "It's not possible to follow locked accounts over OStatus"}
end end
end end
end end

View File

@ -326,6 +326,14 @@ defmodule Pleroma.Web.OStatusTest do
assert User.following?(follower, followed) assert User.following?(follower, followed)
end end
test "refuse following over OStatus if the followed's account is locked" do
incoming = File.read!("test/fixtures/follow.xml")
_user = insert(:user, info: %{locked: true}, ap_id: "https://pawoo.net/users/pekorino")
{:ok, [{:error, "It's not possible to follow locked accounts over OStatus"}]} =
OStatus.handle_incoming(incoming)
end
test "handle incoming unfollows with existing follow" do test "handle incoming unfollows with existing follow" do
incoming_follow = File.read!("test/fixtures/follow.xml") incoming_follow = File.read!("test/fixtures/follow.xml")
{:ok, [_activity]} = OStatus.handle_incoming(incoming_follow) {:ok, [_activity]} = OStatus.handle_incoming(incoming_follow)