diff options
| author | William Pitcock <nenolod@dereferenced.org> | 2018-11-17 21:22:30 +0000 |
|---|---|---|
| committer | William Pitcock <nenolod@dereferenced.org> | 2018-11-17 21:22:57 +0000 |
| commit | dfcfb184b10428af8d37492e64f271c0275fc2c9 (patch) | |
| tree | d5920e48f086e916eb3d17bee22dafd38f204e9b /lib | |
| parent | b1a6e8d80d47efdea5110e9d86e080a16b5aeaa8 (diff) | |
| download | pleroma-dfcfb184b10428af8d37492e64f271c0275fc2c9.tar.gz pleroma-dfcfb184b10428af8d37492e64f271c0275fc2c9.zip | |
activitypub: transmogrifier: make deletes secure
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/web/activity_pub/transmogrifier.ex | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 1f886839e..5864855b0 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -467,15 +467,20 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do end end - # TODO: Make secure. + # TODO: We presently assume that any actor on the same origin domain as the object being + # deleted has the rights to delete that object. A better way to validate whether or not + # the object should be deleted is to refetch the object URI, which should return either + # an error or a tombstone. This would allow us to verify that a deletion actually took + # place. def handle_incoming( - %{"type" => "Delete", "object" => object_id, "actor" => actor, "id" => _id} = data + %{"type" => "Delete", "object" => object_id, "actor" => _actor, "id" => _id} = data ) do object_id = Utils.get_ap_id(object_id) with actor <- get_actor(data), - %User{} = _actor <- User.get_or_fetch_by_ap_id(actor), + %User{} = actor <- User.get_or_fetch_by_ap_id(actor), {:ok, object} <- get_obj_helper(object_id) || fetch_obj_helper(object_id), + :ok <- contain_origin(actor.ap_id, object.data), {:ok, activity} <- ActivityPub.delete(object, false) do {:ok, activity} else |