# For now, just strip HTML
stripped_content = Pleroma.HTML.strip_tags(object_cast_data["content"]),
object_cast_data = object_cast_data |> Map.put("content", stripped_content),
+ {_, true} <- {:to_fields_match, cast_data["to"] == object_cast_data["to"]},
{_, {:ok, validated_object, _meta}} <-
{:validate_object, ObjectValidator.validate(object_cast_data, %{})},
{_, {:ok, _created_object}} <- {:persist_object, Object.create(validated_object)},
use Pleroma.Web, :view
alias Pleroma.Chat
+ alias Pleroma.User
+ alias Pleroma.Web.MastodonAPI.AccountView
+
+ def render("show.json", %{chat: %Chat{} = chat} = opts) do
+ recipient = User.get_cached_by_ap_id(chat.recipient)
- def render("show.json", %{chat: %Chat{} = chat}) do
%{
id: chat.id |> to_string(),
recipient: chat.recipient,
+ recipient_account: AccountView.render("show.json", Map.put(opts, :user, recipient)),
unread: chat.unread
}
end
import Pleroma.Factory
alias Pleroma.Activity
+ alias Pleroma.Chat
alias Pleroma.Object
alias Pleroma.Web.ActivityPub.Transmogrifier
{:error, _} = Transmogrifier.handle_incoming(data)
end
+ test "it rejects messages where the `to` field of activity and object don't match" do
+ data =
+ File.read!("test/fixtures/create-chat-message.json")
+ |> Poison.decode!()
+
+ author = insert(:user, ap_id: data["actor"])
+ _recipient = insert(:user, ap_id: List.first(data["to"]))
+
+ data =
+ data
+ |> Map.put("to", author.ap_id)
+
+ {:error, _} = Transmogrifier.handle_incoming(data)
+ end
+
test "it inserts it and creates a chat" do
data =
File.read!("test/fixtures/create-chat-message.json")
assert object
assert object.data["content"] == "You expected a cute girl? Too bad. alert('XSS')"
+
+ refute Chat.get(author.id, recipient.ap_id)
+ assert Chat.get(recipient.id, author.ap_id)
end
end
end
--- /dev/null
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.PleromaAPI.ChatMessageViewTest do
+ use Pleroma.DataCase
+
+ alias Pleroma.Chat
+ alias Pleroma.Web.PleromaAPI.ChatView
+ alias Pleroma.Web.MastodonAPI.AccountView
+
+ import Pleroma.Factory
+
+ test "it represents a chat" do
+ user = insert(:user)
+ recipient = insert(:user)
+
+ {:ok, chat} = Chat.get_or_create(user.id, recipient.ap_id)
+
+ represented_chat = ChatView.render("show.json", chat: chat)
+
+ assert represented_chat == %{
+ id: "#{chat.id}",
+ recipient: recipient.ap_id,
+ recipient_account: AccountView.render("show.json", user: recipient),
+ unread: 0
+ }
+ end
+end
projects / akkoma / commitdiff