Merge branch 'fix/truncate-remote-user-fields' into 'develop'
Truncate remote user fields See merge request pleroma/pleroma!1619
This commit is contained in:
parent
f486556346
commit
40727b28a7
@ -177,11 +177,25 @@ def following_count(%User{} = user) do
|
||||
|> Repo.aggregate(:count, :id)
|
||||
end
|
||||
|
||||
defp truncate_if_exists(params, key, max_length) do
|
||||
if Map.has_key?(params, key) and is_binary(params[key]) do
|
||||
{value, _chopped} = String.split_at(params[key], max_length)
|
||||
Map.put(params, key, value)
|
||||
else
|
||||
params
|
||||
end
|
||||
end
|
||||
|
||||
def remote_user_creation(params) do
|
||||
bio_limit = Pleroma.Config.get([:instance, :user_bio_length], 5000)
|
||||
name_limit = Pleroma.Config.get([:instance, :user_name_length], 100)
|
||||
|
||||
params = Map.put(params, :info, params[:info] || %{})
|
||||
params =
|
||||
params
|
||||
|> Map.put(:info, params[:info] || %{})
|
||||
|> truncate_if_exists(:name, name_limit)
|
||||
|> truncate_if_exists(:bio, bio_limit)
|
||||
|
||||
info_cng = User.Info.remote_user_creation(%User.Info{}, params[:info])
|
||||
|
||||
changes =
|
||||
|
@ -242,6 +242,13 @@ def set_keys(info, keys) do
|
||||
end
|
||||
|
||||
def remote_user_creation(info, params) do
|
||||
params =
|
||||
if Map.has_key?(params, :fields) do
|
||||
Map.put(params, :fields, Enum.map(params[:fields], &truncate_field/1))
|
||||
else
|
||||
params
|
||||
end
|
||||
|
||||
info
|
||||
|> cast(params, [
|
||||
:ap_enabled,
|
||||
@ -326,6 +333,16 @@ defp valid_field?(%{"name" => name, "value" => value}) do
|
||||
|
||||
defp valid_field?(_), do: false
|
||||
|
||||
defp truncate_field(%{"name" => name, "value" => value}) do
|
||||
{name, _chopped} =
|
||||
String.split_at(name, Pleroma.Config.get([:instance, :account_field_name_length], 255))
|
||||
|
||||
{value, _chopped} =
|
||||
String.split_at(value, Pleroma.Config.get([:instance, :account_field_value_length], 255))
|
||||
|
||||
%{"name" => name, "value" => value}
|
||||
end
|
||||
|
||||
@spec confirmation_changeset(Info.t(), keyword()) :: Changeset.t()
|
||||
def confirmation_changeset(info, opts) do
|
||||
need_confirmation? = Keyword.get(opts, :need_confirmation)
|
||||
|
@ -570,22 +570,6 @@ test "it has required fields" do
|
||||
refute cs.valid?
|
||||
end)
|
||||
end
|
||||
|
||||
test "it restricts some sizes" do
|
||||
bio_limit = Pleroma.Config.get([:instance, :user_bio_length], 5000)
|
||||
name_limit = Pleroma.Config.get([:instance, :user_name_length], 100)
|
||||
|
||||
[bio: bio_limit, name: name_limit]
|
||||
|> Enum.each(fn {field, size} ->
|
||||
string = String.pad_leading(".", size)
|
||||
cs = User.remote_user_creation(Map.put(@valid_remote, field, string))
|
||||
assert cs.valid?
|
||||
|
||||
string = String.pad_leading(".", size + 1)
|
||||
cs = User.remote_user_creation(Map.put(@valid_remote, field, string))
|
||||
refute cs.valid?
|
||||
end)
|
||||
end
|
||||
end
|
||||
|
||||
describe "followers and friends" do
|
||||
@ -1117,11 +1101,60 @@ test "get_public_key_for_ap_id fetches a user that's not in the db" do
|
||||
assert {:ok, _key} = User.get_public_key_for_ap_id("http://mastodon.example.org/users/admin")
|
||||
end
|
||||
|
||||
test "insert or update a user from given data" do
|
||||
user = insert(:user, %{nickname: "nick@name.de"})
|
||||
data = %{ap_id: user.ap_id <> "xxx", name: user.name, nickname: user.nickname}
|
||||
describe "insert or update a user from given data" do
|
||||
test "with normal data" do
|
||||
user = insert(:user, %{nickname: "nick@name.de"})
|
||||
data = %{ap_id: user.ap_id <> "xxx", name: user.name, nickname: user.nickname}
|
||||
|
||||
assert {:ok, %User{}} = User.insert_or_update_user(data)
|
||||
assert {:ok, %User{}} = User.insert_or_update_user(data)
|
||||
end
|
||||
|
||||
test "with overly long fields" do
|
||||
current_max_length = Pleroma.Config.get([:instance, :account_field_value_length], 255)
|
||||
user = insert(:user, nickname: "nickname@supergood.domain")
|
||||
|
||||
data = %{
|
||||
ap_id: user.ap_id,
|
||||
name: user.name,
|
||||
nickname: user.nickname,
|
||||
info: %{
|
||||
fields: [
|
||||
%{"name" => "myfield", "value" => String.duplicate("h", current_max_length + 1)}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
assert {:ok, %User{}} = User.insert_or_update_user(data)
|
||||
end
|
||||
|
||||
test "with an overly long bio" do
|
||||
current_max_length = Pleroma.Config.get([:instance, :user_bio_length], 5000)
|
||||
user = insert(:user, nickname: "nickname@supergood.domain")
|
||||
|
||||
data = %{
|
||||
ap_id: user.ap_id,
|
||||
name: user.name,
|
||||
nickname: user.nickname,
|
||||
bio: String.duplicate("h", current_max_length + 1),
|
||||
info: %{}
|
||||
}
|
||||
|
||||
assert {:ok, %User{}} = User.insert_or_update_user(data)
|
||||
end
|
||||
|
||||
test "with an overly long display name" do
|
||||
current_max_length = Pleroma.Config.get([:instance, :user_name_length], 100)
|
||||
user = insert(:user, nickname: "nickname@supergood.domain")
|
||||
|
||||
data = %{
|
||||
ap_id: user.ap_id,
|
||||
name: String.duplicate("h", current_max_length + 1),
|
||||
nickname: user.nickname,
|
||||
info: %{}
|
||||
}
|
||||
|
||||
assert {:ok, %User{}} = User.insert_or_update_user(data)
|
||||
end
|
||||
end
|
||||
|
||||
describe "per-user rich-text filtering" do
|
||||
|
Loading…
Reference in New Issue
Block a user