Validate object data for incoming Update activities
In Create validator we do not validate the object data, but that is because the object itself will go through the pipeline again, which is not the case for Update. Thus, we added validation for objects in Update activities.
This commit is contained in:
parent
4367489a3e
commit
5ce118d970
2 changed files with 43 additions and 2 deletions
|
@ -152,8 +152,8 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do
|
||||||
)
|
)
|
||||||
when objtype in ~w[Question Answer Audio Video Event Article Note Page] do
|
when objtype in ~w[Question Answer Audio Video Event Article Note Page] do
|
||||||
with {_, false} <- {:local, Access.get(meta, :local, false)},
|
with {_, false} <- {:local, Access.get(meta, :local, false)},
|
||||||
{:ok, object_data} <- cast_and_apply(object),
|
{_, {:ok, object_data, _}} <- {:object_validation, validate(object, meta)},
|
||||||
meta = Keyword.put(meta, :object_data, object_data |> stringify_keys),
|
meta = Keyword.put(meta, :object_data, object_data),
|
||||||
{:ok, update_activity} <-
|
{:ok, update_activity} <-
|
||||||
update_activity
|
update_activity
|
||||||
|> UpdateValidator.cast_and_validate()
|
|> UpdateValidator.cast_and_validate()
|
||||||
|
@ -169,6 +169,9 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do
|
||||||
object = stringify_keys(object)
|
object = stringify_keys(object)
|
||||||
{:ok, object, meta}
|
{:ok, object, meta}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
{:object_validation, e} ->
|
||||||
|
e
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -127,4 +127,42 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateHandlingTest do
|
||||||
assert meta[:object_data]
|
assert meta[:object_data]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "update with history" do
|
||||||
|
setup do
|
||||||
|
user = insert(:user)
|
||||||
|
{:ok, activity} = Pleroma.Web.CommonAPI.post(user, %{status: "mew mew :dinosaur:"})
|
||||||
|
{:ok, edit} = Pleroma.Web.CommonAPI.update(user, activity, %{status: "edited :blank:"})
|
||||||
|
{:ok, external_rep} = Pleroma.Web.ActivityPub.Transmogrifier.prepare_outgoing(edit.data)
|
||||||
|
%{external_rep: external_rep}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "edited note", %{external_rep: external_rep} do
|
||||||
|
{:ok, _validate_res, meta} = ObjectValidator.validate(external_rep, [])
|
||||||
|
|
||||||
|
assert %{"formerRepresentations" => %{"orderedItems" => [%{"emoji" => %{"dinosaur" => _}}]}} =
|
||||||
|
meta[:object_data]
|
||||||
|
end
|
||||||
|
|
||||||
|
test "edited note, badly-formed formerRepresentations", %{external_rep: external_rep} do
|
||||||
|
external_rep = put_in(external_rep, ["object", "formerRepresentations"], %{})
|
||||||
|
|
||||||
|
assert {:error, _} = ObjectValidator.validate(external_rep, [])
|
||||||
|
end
|
||||||
|
|
||||||
|
test "edited note, badly-formed history item", %{external_rep: external_rep} do
|
||||||
|
history_item =
|
||||||
|
Enum.at(external_rep["object"]["formerRepresentations"]["orderedItems"], 0)
|
||||||
|
|> Map.put("type", "Foo")
|
||||||
|
|
||||||
|
external_rep =
|
||||||
|
put_in(
|
||||||
|
external_rep,
|
||||||
|
["object", "formerRepresentations", "orderedItems"],
|
||||||
|
[history_item]
|
||||||
|
)
|
||||||
|
|
||||||
|
assert {:error, _} = ObjectValidator.validate(external_rep, [])
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue