Merge branch 'bugfix/block-follow-relationships' into 'develop'
fix follow relationship leaks when blocked See merge request pleroma/pleroma!230
This commit is contained in:
commit
be800d7936
@ -505,15 +505,33 @@ def search(query, resolve) do
|
||||
Repo.all(q)
|
||||
end
|
||||
|
||||
def block(user, %{ap_id: ap_id}) do
|
||||
blocks = user.info["blocks"] || []
|
||||
new_blocks = Enum.uniq([ap_id | blocks])
|
||||
new_info = Map.put(user.info, "blocks", new_blocks)
|
||||
def block(blocker, %User{ap_id: ap_id} = blocked) do
|
||||
# sever any follow relationships to prevent leaks per activitypub (Pleroma issue #213)
|
||||
blocker =
|
||||
if following?(blocker, blocked) do
|
||||
{:ok, blocker, _} = unfollow(blocker, blocked)
|
||||
blocker
|
||||
else
|
||||
blocker
|
||||
end
|
||||
|
||||
cs = User.info_changeset(user, %{info: new_info})
|
||||
if following?(blocked, blocker) do
|
||||
unfollow(blocked, blocker)
|
||||
end
|
||||
|
||||
blocks = blocker.info["blocks"] || []
|
||||
new_blocks = Enum.uniq([ap_id | blocks])
|
||||
new_info = Map.put(blocker.info, "blocks", new_blocks)
|
||||
|
||||
cs = User.info_changeset(blocker, %{info: new_info})
|
||||
update_and_set_cache(cs)
|
||||
end
|
||||
|
||||
# helper to handle the block given only an actor's AP id
|
||||
def block(blocker, %{ap_id: ap_id}) do
|
||||
block(blocker, User.get_by_ap_id(ap_id))
|
||||
end
|
||||
|
||||
def unblock(user, %{ap_id: ap_id}) do
|
||||
blocks = user.info["blocks"] || []
|
||||
new_blocks = List.delete(blocks, ap_id)
|
||||
|
@ -359,6 +359,61 @@ test "it unblocks users" do
|
||||
|
||||
refute User.blocks?(user, blocked_user)
|
||||
end
|
||||
|
||||
test "blocks tear down cyclical follow relationships" do
|
||||
blocker = insert(:user)
|
||||
blocked = insert(:user)
|
||||
|
||||
{:ok, blocker} = User.follow(blocker, blocked)
|
||||
{:ok, blocked} = User.follow(blocked, blocker)
|
||||
|
||||
assert User.following?(blocker, blocked)
|
||||
assert User.following?(blocked, blocker)
|
||||
|
||||
{:ok, blocker} = User.block(blocker, blocked)
|
||||
blocked = Repo.get(User, blocked.id)
|
||||
|
||||
assert User.blocks?(blocker, blocked)
|
||||
|
||||
refute User.following?(blocker, blocked)
|
||||
refute User.following?(blocked, blocker)
|
||||
end
|
||||
|
||||
test "blocks tear down blocker->blocked follow relationships" do
|
||||
blocker = insert(:user)
|
||||
blocked = insert(:user)
|
||||
|
||||
{:ok, blocker} = User.follow(blocker, blocked)
|
||||
|
||||
assert User.following?(blocker, blocked)
|
||||
refute User.following?(blocked, blocker)
|
||||
|
||||
{:ok, blocker} = User.block(blocker, blocked)
|
||||
blocked = Repo.get(User, blocked.id)
|
||||
|
||||
assert User.blocks?(blocker, blocked)
|
||||
|
||||
refute User.following?(blocker, blocked)
|
||||
refute User.following?(blocked, blocker)
|
||||
end
|
||||
|
||||
test "blocks tear down blocked->blocker follow relationships" do
|
||||
blocker = insert(:user)
|
||||
blocked = insert(:user)
|
||||
|
||||
{:ok, blocked} = User.follow(blocked, blocker)
|
||||
|
||||
refute User.following?(blocker, blocked)
|
||||
assert User.following?(blocked, blocker)
|
||||
|
||||
{:ok, blocker} = User.block(blocker, blocked)
|
||||
blocked = Repo.get(User, blocked.id)
|
||||
|
||||
assert User.blocks?(blocker, blocked)
|
||||
|
||||
refute User.following?(blocker, blocked)
|
||||
refute User.following?(blocked, blocker)
|
||||
end
|
||||
end
|
||||
|
||||
describe "domain blocking" do
|
||||
|
@ -392,6 +392,37 @@ test "it works for incoming blocks" do
|
||||
assert User.blocks?(blocker, user)
|
||||
end
|
||||
|
||||
test "incoming blocks successfully tear down any follow relationship" do
|
||||
blocker = insert(:user)
|
||||
blocked = insert(:user)
|
||||
|
||||
data =
|
||||
File.read!("test/fixtures/mastodon-block-activity.json")
|
||||
|> Poison.decode!()
|
||||
|> Map.put("object", blocked.ap_id)
|
||||
|> Map.put("actor", blocker.ap_id)
|
||||
|
||||
{:ok, blocker} = User.follow(blocker, blocked)
|
||||
{:ok, blocked} = User.follow(blocked, blocker)
|
||||
|
||||
assert User.following?(blocker, blocked)
|
||||
assert User.following?(blocked, blocker)
|
||||
|
||||
{:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
|
||||
|
||||
assert data["type"] == "Block"
|
||||
assert data["object"] == blocked.ap_id
|
||||
assert data["actor"] == blocker.ap_id
|
||||
|
||||
blocker = User.get_by_ap_id(data["actor"])
|
||||
blocked = User.get_by_ap_id(data["object"])
|
||||
|
||||
assert User.blocks?(blocker, blocked)
|
||||
|
||||
refute User.following?(blocker, blocked)
|
||||
refute User.following?(blocked, blocker)
|
||||
end
|
||||
|
||||
test "it works for incoming unblocks with an existing block" do
|
||||
user = insert(:user)
|
||||
|
||||
|
@ -60,7 +60,7 @@ test "represent a relationship" do
|
||||
|
||||
expected = %{
|
||||
id: to_string(other_user.id),
|
||||
following: true,
|
||||
following: false,
|
||||
followed_by: false,
|
||||
blocking: true,
|
||||
muting: false,
|
||||
|
Loading…
Reference in New Issue
Block a user