mrf/simple_policy: check actor against accept/reject
This commit is contained in:
parent
25cffffaf1
commit
58aeabd020
|
@ -22,6 +22,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
- Admin API: Return `total` when querying for reports
|
- Admin API: Return `total` when querying for reports
|
||||||
- Mastodon API: Return `pleroma.direct_conversation_id` when creating a direct message (`POST /api/v1/statuses`)
|
- Mastodon API: Return `pleroma.direct_conversation_id` when creating a direct message (`POST /api/v1/statuses`)
|
||||||
- Admin API: Return link alongside with token on password reset
|
- Admin API: Return link alongside with token on password reset
|
||||||
|
- MRF (Simple Policy): Also use `:accept`/`:reject` on the actors rather than only their activities
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
- Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`)
|
- Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`)
|
||||||
|
|
|
@ -168,7 +168,9 @@ def filter(%{"id" => actor, "type" => obj_type} = object)
|
||||||
when obj_type in ["Application", "Group", "Organization", "Person", "Service"] do
|
when obj_type in ["Application", "Group", "Organization", "Person", "Service"] do
|
||||||
actor_info = URI.parse(actor)
|
actor_info = URI.parse(actor)
|
||||||
|
|
||||||
with {:ok, object} <- check_avatar_removal(actor_info, object),
|
with {:ok, object} <- check_accept(actor_info, object),
|
||||||
|
{:ok, object} <- check_reject(actor_info, object),
|
||||||
|
{:ok, object} <- check_avatar_removal(actor_info, object),
|
||||||
{:ok, object} <- check_banner_removal(actor_info, object) do
|
{:ok, object} <- check_banner_removal(actor_info, object) do
|
||||||
{:ok, object}
|
{:ok, object}
|
||||||
else
|
else
|
||||||
|
|
|
@ -236,7 +236,7 @@ test "is empty" do
|
||||||
assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
|
assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
|
||||||
end
|
end
|
||||||
|
|
||||||
test "has a matching host" do
|
test "activity has a matching host" do
|
||||||
Config.put([:mrf_simple, :reject], ["remote.instance"])
|
Config.put([:mrf_simple, :reject], ["remote.instance"])
|
||||||
|
|
||||||
remote_message = build_remote_message()
|
remote_message = build_remote_message()
|
||||||
|
@ -244,13 +244,21 @@ test "has a matching host" do
|
||||||
assert SimplePolicy.filter(remote_message) == {:reject, nil}
|
assert SimplePolicy.filter(remote_message) == {:reject, nil}
|
||||||
end
|
end
|
||||||
|
|
||||||
test "match with wildcard domain" do
|
test "activity matches with wildcard domain" do
|
||||||
Config.put([:mrf_simple, :reject], ["*.remote.instance"])
|
Config.put([:mrf_simple, :reject], ["*.remote.instance"])
|
||||||
|
|
||||||
remote_message = build_remote_message()
|
remote_message = build_remote_message()
|
||||||
|
|
||||||
assert SimplePolicy.filter(remote_message) == {:reject, nil}
|
assert SimplePolicy.filter(remote_message) == {:reject, nil}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "actor has a matching host" do
|
||||||
|
Config.put([:mrf_simple, :reject], ["remote.instance"])
|
||||||
|
|
||||||
|
remote_user = build_remote_user()
|
||||||
|
|
||||||
|
assert SimplePolicy.filter(remote_user) == {:reject, nil}
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "when :accept" do
|
describe "when :accept" do
|
||||||
|
@ -264,7 +272,7 @@ test "is empty" do
|
||||||
assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
|
assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
|
||||||
end
|
end
|
||||||
|
|
||||||
test "is not empty but it doesn't have a matching host" do
|
test "is not empty but activity doesn't have a matching host" do
|
||||||
Config.put([:mrf_simple, :accept], ["non.matching.remote"])
|
Config.put([:mrf_simple, :accept], ["non.matching.remote"])
|
||||||
|
|
||||||
local_message = build_local_message()
|
local_message = build_local_message()
|
||||||
|
@ -274,7 +282,7 @@ test "is not empty but it doesn't have a matching host" do
|
||||||
assert SimplePolicy.filter(remote_message) == {:reject, nil}
|
assert SimplePolicy.filter(remote_message) == {:reject, nil}
|
||||||
end
|
end
|
||||||
|
|
||||||
test "has a matching host" do
|
test "activity has a matching host" do
|
||||||
Config.put([:mrf_simple, :accept], ["remote.instance"])
|
Config.put([:mrf_simple, :accept], ["remote.instance"])
|
||||||
|
|
||||||
local_message = build_local_message()
|
local_message = build_local_message()
|
||||||
|
@ -284,7 +292,7 @@ test "has a matching host" do
|
||||||
assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
|
assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
|
||||||
end
|
end
|
||||||
|
|
||||||
test "match with wildcard domain" do
|
test "activity matches with wildcard domain" do
|
||||||
Config.put([:mrf_simple, :accept], ["*.remote.instance"])
|
Config.put([:mrf_simple, :accept], ["*.remote.instance"])
|
||||||
|
|
||||||
local_message = build_local_message()
|
local_message = build_local_message()
|
||||||
|
@ -293,6 +301,14 @@ test "match with wildcard domain" do
|
||||||
assert SimplePolicy.filter(local_message) == {:ok, local_message}
|
assert SimplePolicy.filter(local_message) == {:ok, local_message}
|
||||||
assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
|
assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "actor has a matching host" do
|
||||||
|
Config.put([:mrf_simple, :accept], ["remote.instance"])
|
||||||
|
|
||||||
|
remote_user = build_remote_user()
|
||||||
|
|
||||||
|
assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "when :avatar_removal" do
|
describe "when :avatar_removal" do
|
||||||
|
|
Loading…
Reference in a new issue