user: when processing a block in User.block(), ensure all follow relationships are...

this is needed for activitypub conformance

ref #213

diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index b27397e13956fc5ae16e638ff3e2ef69c1e21d2b..bfa5d78a42c28d2ccb3f980a579f93c85f5a6968 100644 (file)
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -505,12 +505,25 @@ defmodule Pleroma.User do
     Repo.all(q)
   end
 
-  def block(user, %{ap_id: ap_id}) do
-    blocks = user.info["blocks"] || []
+  def block(blocker, %User{ap_id: ap_id} = blocked) do
+    # sever any follow relationships to prevent leaks per activitypub (Pleroma issue #213)
+    blocker =
+      if following?(blocker, blocked) do
+        {:ok, blocker, _} = unfollow(blocker, blocked)
+        blocker
+      else
+        blocker
+      end
+
+    if following?(blocked, blocker) do
+      unfollow(blocked, blocker)
+    end
+
+    blocks = blocker.info["blocks"] || []
     new_blocks = Enum.uniq([ap_id | blocks])
-    new_info = Map.put(user.info, "blocks", new_blocks)
+    new_info = Map.put(blocker.info, "blocks", new_blocks)
 
-    cs = User.info_changeset(user, %{info: new_info})
+    cs = User.info_changeset(blocker, %{info: new_info})
     update_and_set_cache(cs)
   end