From: lain Date: Wed, 2 Dec 2020 11:18:43 +0000 (+0100) Subject: User: Don't allow local users in remote changesets X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=222312900e6d847e0d4823fb62b6eb3675a0180f;p=akkoma User: Don't allow local users in remote changesets --- diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index bcd5256c8..9222b5b2a 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -472,7 +472,20 @@ defmodule Pleroma.User do |> validate_format(:nickname, @email_regex) |> validate_length(:bio, max: bio_limit) |> validate_length(:name, max: name_limit) + |> validate_inclusion(:local, [true]) |> validate_fields(true) + |> validate_non_local() + end + + defp validate_non_local(cng) do + local? = get_field(cng, :local) + + if local? do + cng + |> add_error(:local, "User is local, can't update with this changeset.") + else + cng + end end def update_changeset(struct, params \\ %{}) do diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index c678dadb3..e01a940cb 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -895,6 +895,13 @@ defmodule Pleroma.UserTest do refute cs.valid? end) end + + test "it is invalid given a local user" do + user = insert(:user) + cs = User.remote_user_changeset(user, %{name: "tom from myspace"}) + + refute cs.valid? + end end describe "followers and friends" do