diff options
| author | feld <feld@feld.me> | 2024-10-11 20:22:21 +0000 |
|---|---|---|
| committer | feld <feld@feld.me> | 2024-10-11 20:22:21 +0000 |
| commit | dd7f699d4a3580a59405fbfc51b96f90f5d84d7d (patch) | |
| tree | db76c3a7d4edb8029655a097f23bb303b983b31f /lib | |
| parent | 3f3f8bc57a3433e14d0e562bfa319f177bc6dd6c (diff) | |
| parent | f758b6e37c80f5adeba74009e1cc72a420937a30 (diff) | |
| download | pleroma-dd7f699d4a3580a59405fbfc51b96f90f5d84d7d.tar.gz pleroma-dd7f699d4a3580a59405fbfc51b96f90f5d84d7d.zip | |
Merge branch 'tusooa/3331-fix-incoming-block' into 'develop'
Fix incoming Blocks being rejected
Closes #3331
See merge request pleroma/pleroma!4282
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/constants.ex | 5 | ||||
| -rw-r--r-- | lib/pleroma/web/activity_pub/object_validator.ex | 12 |
2 files changed, 17 insertions, 0 deletions
diff --git a/lib/pleroma/constants.ex b/lib/pleroma/constants.ex index 5268ebe7a..2828c79a9 100644 --- a/lib/pleroma/constants.ex +++ b/lib/pleroma/constants.ex @@ -87,6 +87,7 @@ defmodule Pleroma.Constants do const(activity_types, do: [ + "Block", "Create", "Update", "Delete", @@ -115,6 +116,10 @@ defmodule Pleroma.Constants do ] ) + const(object_types, + do: ~w[Event Question Answer Audio Video Image Article Note Page ChatMessage] + ) + # basic regex, just there to weed out potential mistakes # https://datatracker.ietf.org/doc/html/rfc2045#section-5.1 const(mime_regex, diff --git a/lib/pleroma/web/activity_pub/object_validator.ex b/lib/pleroma/web/activity_pub/object_validator.ex index b3043b93a..35774d410 100644 --- a/lib/pleroma/web/activity_pub/object_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validator.ex @@ -11,6 +11,8 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do @behaviour Pleroma.Web.ActivityPub.ObjectValidator.Validating + import Pleroma.Constants, only: [activity_types: 0, object_types: 0] + alias Pleroma.Activity alias Pleroma.EctoType.ActivityPub.ObjectValidators alias Pleroma.Object @@ -38,6 +40,16 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do @impl true def validate(object, meta) + # This overload works together with the InboxGuardPlug + # and ensures that we are not accepting any activity type + # that cannot pass InboxGuardPlug. + # If we want to support any more activity types, make sure to + # add it in Pleroma.Constants's activity_types or object_types, + # and, if applicable, allowed_activity_types_from_strangers. + def validate(%{"type" => type}, _meta) + when type not in activity_types() and type not in object_types(), + do: {:error, :not_allowed_object_type} + def validate(%{"type" => "Block"} = block_activity, meta) do with {:ok, block_activity} <- block_activity |