Merge branch 'prevent-upserting-local-actor' into 'master'

Prevent upserting local actor

See merge request framasoft/mobilizon!519
This commit is contained in:
Thomas Citharel 2020-07-31 09:22:12 +02:00
commit b9bd43070e
2 changed files with 18 additions and 14 deletions

View File

@ -96,7 +96,7 @@ defmodule Mobilizon.Federation.ActivityPub do
Logger.debug("Entity is already existing") Logger.debug("Entity is already existing")
entity = entity =
if force_fetch and not compare_origins?(url, Endpoint.url()) do if force_fetch and not are_same_origin?(url, Endpoint.url()) do
Logger.debug("Entity is external and we want a force fetch") Logger.debug("Entity is external and we want a force fetch")
with {:ok, _activity, entity} <- Fetcher.fetch_and_update(url, options) do with {:ok, _activity, entity} <- Fetcher.fetch_and_update(url, options) do
@ -506,18 +506,22 @@ defmodule Mobilizon.Federation.ActivityPub do
""" """
@spec make_actor_from_url(String.t(), boolean()) :: {:ok, %Actor{}} | {:error, any()} @spec make_actor_from_url(String.t(), boolean()) :: {:ok, %Actor{}} | {:error, any()}
def make_actor_from_url(url, preload \\ false) do def make_actor_from_url(url, preload \\ false) do
case fetch_and_prepare_actor_from_url(url) do if are_same_origin?(url, Endpoint.url()) do
{:ok, data} -> {:error, "Can't make a local actor from URL"}
Actors.upsert_actor(data, preload) else
case fetch_and_prepare_actor_from_url(url) do
{:ok, data} ->
Actors.upsert_actor(data, preload)
# Request returned 410 # Request returned 410
{:error, :actor_deleted} -> {:error, :actor_deleted} ->
Logger.info("Actor was deleted") Logger.info("Actor was deleted")
{:error, :actor_deleted} {:error, :actor_deleted}
e -> e ->
Logger.warn("Failed to make actor from url") Logger.warn("Failed to make actor from url")
{:error, e} {:error, e}
end
end end
end end

View File

@ -248,7 +248,7 @@ defmodule Mobilizon.Federation.ActivityPub.Utils do
when not is_nil(actor) do when not is_nil(actor) do
actor = get_actor(params) actor = get_actor(params)
Logger.debug("Performing origin check on #{id} and #{actor} URIs") Logger.debug("Performing origin check on #{id} and #{actor} URIs")
compare_origins?(id, actor) are_same_origin?(id, actor)
end end
def origin_check?(_id, %{"type" => type} = _params) when type in ["Actor", "Group"], do: true def origin_check?(_id, %{"type" => type} = _params) when type in ["Actor", "Group"], do: true
@ -257,8 +257,8 @@ defmodule Mobilizon.Federation.ActivityPub.Utils do
def origin_check?(_id, _args), do: false def origin_check?(_id, _args), do: false
@spec compare_origins?(String.t(), String.t()) :: boolean() @spec are_same_origin?(String.t(), String.t()) :: boolean()
def compare_origins?(url_1, url_2) when is_binary(url_1) and is_binary(url_2) do def are_same_origin?(url_1, url_2) when is_binary(url_1) and is_binary(url_2) do
uri_1 = URI.parse(url_1) uri_1 = URI.parse(url_1)
uri_2 = URI.parse(url_2) uri_2 = URI.parse(url_2)