Containment: Add a catch-all clause to contain_origin.
This commit is contained in:
parent
fb090b748a
commit
e835cd97f6
@ -64,6 +64,8 @@ def contain_origin(id, %{"actor" => _actor} = params) do
|
|||||||
def contain_origin(id, %{"attributedTo" => actor} = params),
|
def contain_origin(id, %{"attributedTo" => actor} = params),
|
||||||
do: contain_origin(id, Map.put(params, "actor", actor))
|
do: contain_origin(id, Map.put(params, "actor", actor))
|
||||||
|
|
||||||
|
def contain_origin(_id, _data), do: :error
|
||||||
|
|
||||||
def contain_origin_from_id(id, %{"id" => other_id} = _params) when is_binary(other_id) do
|
def contain_origin_from_id(id, %{"id" => other_id} = _params) when is_binary(other_id) do
|
||||||
id_uri = URI.parse(id)
|
id_uri = URI.parse(id)
|
||||||
other_uri = URI.parse(other_id)
|
other_uri = URI.parse(other_id)
|
||||||
|
@ -17,6 +17,16 @@ defmodule Pleroma.Object.ContainmentTest do
|
|||||||
end
|
end
|
||||||
|
|
||||||
describe "general origin containment" do
|
describe "general origin containment" do
|
||||||
|
test "works for completely actorless posts" do
|
||||||
|
assert :error ==
|
||||||
|
Containment.contain_origin("https://glaceon.social/users/monorail", %{
|
||||||
|
"deleted" => "2019-10-30T05:48:50.249606Z",
|
||||||
|
"formerType" => "Note",
|
||||||
|
"id" => "https://glaceon.social/users/monorail/statuses/103049757364029187",
|
||||||
|
"type" => "Tombstone"
|
||||||
|
})
|
||||||
|
end
|
||||||
|
|
||||||
test "contain_origin_from_id() catches obvious spoofing attempts" do
|
test "contain_origin_from_id() catches obvious spoofing attempts" do
|
||||||
data = %{
|
data = %{
|
||||||
"id" => "http://example.com/~alyssa/activities/1234.json"
|
"id" => "http://example.com/~alyssa/activities/1234.json"
|
||||||
|
Loading…
Reference in New Issue
Block a user