Merge branch 'notification-settings-docs-fix' into 'develop'

[akkoma] / lib / pleroma / object / containment.ex

diff --git a/lib/pleroma/object/containment.ex b/lib/pleroma/object/containment.ex
index 27e89d87fb839045d08db024cd3801801b7528c1..040537acf1a802502fce0d945682050534ef8c53 100644 (file)
--- a/lib/pleroma/object/containment.ex
+++ b/lib/pleroma/object/containment.ex
@@ -1,7 +1,9 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+

 defmodule Pleroma.Object.Containment do
   @moduledoc """
 defmodule Pleroma.Object.Containment do
   @moduledoc """

-  # Object Containment
-

   This module contains some useful functions for containing objects to specific
   origins and determining those origins.  They previously lived in the
   ActivityPub `Transmogrifier` module.
   This module contains some useful functions for containing objects to specific
   origins and determining those origins.  They previously lived in the
   ActivityPub `Transmogrifier` module.


@@ -9,9 +11,6 @@ defmodule Pleroma.Object.Containment do
   Object containment is an important step in validating remote objects to prevent
   spoofing, therefore removal of object containment functions is NOT recommended.
   """
   Object containment is an important step in validating remote objects to prevent
   spoofing, therefore removal of object containment functions is NOT recommended.
   """

-
-  require Logger
-

   def get_actor(%{"actor" => actor}) when is_binary(actor) do
     actor
   end
   def get_actor(%{"actor" => actor}) when is_binary(actor) do
     actor
   end


@@ -33,8 +32,23 @@ defmodule Pleroma.Object.Containment do
     get_actor(%{"actor" => actor})
   end
 
     get_actor(%{"actor" => actor})
   end
 

+  def get_object(%{"object" => id}) when is_binary(id) do
+    id
+  end
+
+  def get_object(%{"object" => %{"id" => id}}) when is_binary(id) do
+    id
+  end
+
+  def get_object(_) do
+    nil
+  end
+
+  defp compare_uris(%URI{host: host} = _id_uri, %URI{host: host} = _other_uri), do: :ok
+  defp compare_uris(_id_uri, _other_uri), do: :error
+

   @doc """
   @doc """

-  Checks that an imported AP object's actor matches the domain it came from.
+  Checks that an imported AP object's actor matches the host it came from.

   """
   def contain_origin(_id, %{"actor" => nil}), do: :error
 
   """
   def contain_origin(_id, %{"actor" => nil}), do: :error
 


@@ -42,23 +56,33 @@ defmodule Pleroma.Object.Containment do
     id_uri = URI.parse(id)
     actor_uri = URI.parse(get_actor(params))
 
     id_uri = URI.parse(id)
     actor_uri = URI.parse(get_actor(params))
 

-    if id_uri.host == actor_uri.host do
-      :ok
-    else
-      :error
-    end
+    compare_uris(actor_uri, id_uri)

   end
 
   end
 

-  def contain_origin_from_id(_id, %{"id" => nil}), do: :error
+  def contain_origin(id, %{"attributedTo" => actor} = params),
+    do: contain_origin(id, Map.put(params, "actor", actor))
+
+  def contain_origin(_id, _data), do: :error

 
 

-  def contain_origin_from_id(id, %{"id" => other_id} = _params) do
+  def contain_origin_from_id(id, %{"id" => other_id} = _params) when is_binary(other_id) do

     id_uri = URI.parse(id)
     other_uri = URI.parse(other_id)
 
     id_uri = URI.parse(id)
     other_uri = URI.parse(other_id)
 

-    if id_uri.host == other_uri.host do
-      :ok
-    else
-      :error
-    end
+    compare_uris(id_uri, other_uri)
+  end
+
+  # Mastodon pin activities don't have an id, so we check the object field, which will be pinned.
+  def contain_origin_from_id(id, %{"object" => object}) when is_binary(object) do
+    id_uri = URI.parse(id)
+    object_uri = URI.parse(object)
+
+    compare_uris(id_uri, object_uri)

   end
   end

+
+  def contain_origin_from_id(_id, _data), do: :error
+
+  def contain_child(%{"object" => %{"id" => id, "attributedTo" => _} = object}),
+    do: contain_origin(id, object)
+
+  def contain_child(_), do: :ok

 end
 end