From: rinpatch <rinpatch@sdf.org>
Date: Tue, 8 Sep 2020 09:49:27 +0000 (+0000)
Subject: Merge branch 'fix/2087-metadata' into 'develop'
X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=13e606941c6ff5de64b0b104e2b0c1f2a66fda59;p=akkoma

Merge branch 'fix/2087-metadata' into 'develop'

Fix/2087 metadata

See merge request pleroma/secteam/pleroma!11
---

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 07bc6d77c..8ff00c161 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## unreleased-patch - ???
 
+### Security
+- Fix metadata leak for accounts and statuses on private instances
+
+### Changed
+
+- **Breaking:** The metadata providers RelMe and Feed are no longer configurable. RelMe should always be activated and Feed only provides a <link> header tag for the actual RSS/Atom feed when the instance is public.
+
+### Added
+
+- Rich media failure tracking (along with `:failure_backoff` option)
+
 ### Fixed
 - Mastodon API: Search parameter `following` now correctly returns the followings rather than the followers
 
diff --git a/config/config.exs b/config/config.exs
index 246712b9f..694909bfd 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -453,9 +453,7 @@ config :pleroma, :gopher,
 config :pleroma, Pleroma.Web.Metadata,
   providers: [
     Pleroma.Web.Metadata.Providers.OpenGraph,
-    Pleroma.Web.Metadata.Providers.TwitterCard,
-    Pleroma.Web.Metadata.Providers.RelMe,
-    Pleroma.Web.Metadata.Providers.Feed
+    Pleroma.Web.Metadata.Providers.TwitterCard
   ],
   unfurl_nsfw: false
 
diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md
index 2f440adf4..b4504d1d7 100644
--- a/docs/configuration/cheatsheet.md
+++ b/docs/configuration/cheatsheet.md
@@ -352,8 +352,6 @@ config :pleroma, Pleroma.Web.MediaProxy.Invalidation.Http,
 * `providers`: a list of metadata providers to enable. Providers available:
     * `Pleroma.Web.Metadata.Providers.OpenGraph`
     * `Pleroma.Web.Metadata.Providers.TwitterCard`
-    * `Pleroma.Web.Metadata.Providers.RelMe` - add links from user bio with rel=me into the `<header>` as `<link rel=me>`.
-    * `Pleroma.Web.Metadata.Providers.Feed` - add a link to a user's Atom feed into the `<header>` as `<link rel=alternate>`.
 * `unfurl_nsfw`: If set to `true` nsfw attachments will be shown in previews.
 
 ### :rich_media (consumer)
diff --git a/lib/pleroma/web/feed/tag_controller.ex b/lib/pleroma/web/feed/tag_controller.ex
index 39b2a766a..93a8294b7 100644
--- a/lib/pleroma/web/feed/tag_controller.ex
+++ b/lib/pleroma/web/feed/tag_controller.ex
@@ -9,7 +9,15 @@ defmodule Pleroma.Web.Feed.TagController do
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.Feed.FeedView
 
-  def feed(conn, %{"tag" => raw_tag} = params) do
+  def feed(conn, params) do
+    unless Pleroma.Config.restrict_unauthenticated_access?(:activities, :local) do
+      render_feed(conn, params)
+    else
+      render_error(conn, :not_found, "Not found")
+    end
+  end
+
+  def render_feed(conn, %{"tag" => raw_tag} = params) do
     {format, tag} = parse_tag(raw_tag)
 
     activities =
diff --git a/lib/pleroma/web/feed/user_controller.ex b/lib/pleroma/web/feed/user_controller.ex
index 9cd334a33..71eb1ea7e 100644
--- a/lib/pleroma/web/feed/user_controller.ex
+++ b/lib/pleroma/web/feed/user_controller.ex
@@ -37,7 +37,15 @@ defmodule Pleroma.Web.Feed.UserController do
     end
   end
 
-  def feed(conn, %{"nickname" => nickname} = params) do
+  def feed(conn, params) do
+    unless Pleroma.Config.restrict_unauthenticated_access?(:profiles, :local) do
+      render_feed(conn, params)
+    else
+      errors(conn, {:error, :not_found})
+    end
+  end
+
+  def render_feed(conn, %{"nickname" => nickname} = params) do
     format = get_format(conn)
 
     format =
diff --git a/lib/pleroma/web/metadata.ex b/lib/pleroma/web/metadata.ex
index a9f70c43e..0f2d8d1e7 100644
--- a/lib/pleroma/web/metadata.ex
+++ b/lib/pleroma/web/metadata.ex
@@ -7,8 +7,9 @@ defmodule Pleroma.Web.Metadata do
 
   def build_tags(params) do
     providers = [
+      Pleroma.Web.Metadata.Providers.RelMe,
       Pleroma.Web.Metadata.Providers.RestrictIndexing
-      | Pleroma.Config.get([__MODULE__, :providers], [])
+      | activated_providers()
     ]
 
     Enum.reduce(providers, "", fn parser, acc ->
@@ -42,4 +43,12 @@ defmodule Pleroma.Web.Metadata do
   def activity_nsfw?(_) do
     false
   end
+
+  defp activated_providers do
+    unless Pleroma.Config.restrict_unauthenticated_access?(:activities, :local) do
+      [Pleroma.Web.Metadata.Providers.Feed | Pleroma.Config.get([__MODULE__, :providers], [])]
+    else
+      []
+    end
+  end
 end
diff --git a/test/web/feed/tag_controller_test.exs b/test/web/feed/tag_controller_test.exs
index 3c29cd94f..868e40965 100644
--- a/test/web/feed/tag_controller_test.exs
+++ b/test/web/feed/tag_controller_test.exs
@@ -181,4 +181,17 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
              'yeah #PleromaArt'
            ]
   end
+
+  describe "private instance" do
+    setup do: clear_config([:instance, :public])
+
+    test "returns 404 for tags feed", %{conn: conn} do
+      Config.put([:instance, :public], false)
+
+      conn
+      |> put_req_header("accept", "application/rss+xml")
+      |> get(tag_feed_path(conn, :feed, "pleromaart"))
+      |> response(404)
+    end
+  end
 end
diff --git a/test/web/feed/user_controller_test.exs b/test/web/feed/user_controller_test.exs
index 0d2a61967..9a5610baa 100644
--- a/test/web/feed/user_controller_test.exs
+++ b/test/web/feed/user_controller_test.exs
@@ -246,4 +246,20 @@ defmodule Pleroma.Web.Feed.UserControllerTest do
       assert response == ~S({"error":"Not found"})
     end
   end
+
+  describe "private instance" do
+    setup do: clear_config([:instance, :public])
+
+    test "returns 404 for user feed", %{conn: conn} do
+      Config.put([:instance, :public], false)
+      user = insert(:user)
+
+      {:ok, _} = CommonAPI.post(user, %{status: "test"})
+
+      assert conn
+             |> put_req_header("accept", "application/atom+xml")
+             |> get(user_feed_path(conn, :feed, user.nickname))
+             |> response(404)
+    end
+  end
 end
diff --git a/test/web/metadata/metadata_test.exs b/test/web/metadata/metadata_test.exs
index 3f8b29e58..9d3121b7b 100644
--- a/test/web/metadata/metadata_test.exs
+++ b/test/web/metadata/metadata_test.exs
@@ -22,4 +22,13 @@ defmodule Pleroma.Web.MetadataTest do
                "<meta content=\"noindex, noarchive\" name=\"robots\">"
     end
   end
+
+  describe "no metadata for private instances" do
+    test "for local user" do
+      clear_config([:instance, :public], false)
+      user = insert(:user, bio: "This is my secret fedi account bio")
+
+      assert "" = Pleroma.Web.Metadata.build_tags(%{user: user})
+    end
+  end
 end