DeleteValidator: Deleting a user is valid.

This commit is contained in:
lain 2020-04-30 15:42:30 +02:00
parent 4dc5302f45
commit 1fb383f368
4 changed files with 31 additions and 4 deletions

View file

@ -12,9 +12,20 @@ defmodule Pleroma.Web.ActivityPub.Builder do
@spec delete(User.t(), String.t()) :: {:ok, map(), keyword()} @spec delete(User.t(), String.t()) :: {:ok, map(), keyword()}
def delete(actor, object_id) do def delete(actor, object_id) do
object = Object.normalize(object_id) object = Object.normalize(object_id, false)
to = (object.data["to"] || []) ++ (object.data["cc"] || []) user = !object && User.get_cached_by_ap_id(object_id)
to =
case {object, user} do
{%Object{}, _} ->
# We are deleting an object, address everyone who was originally mentioned
(object.data["to"] || []) ++ (object.data["cc"] || [])
{_, %User{follower_address: follower_address}} ->
# We are deleting a user, address the followers of that user
[follower_address]
end
{:ok, {:ok,
%{ %{

View file

@ -49,4 +49,15 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations do
end end
end) end)
end end
def validate_object_or_user_presence(cng, field_name \\ :object) do
cng
|> validate_change(field_name, fn field_name, object ->
if Object.get_cached_by_ap_id(object) || User.get_cached_by_ap_id(object) do
[]
else
[{field_name, "can't find object"}]
end
end)
end
end end

View file

@ -31,7 +31,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidator do
|> validate_required([:id, :type, :actor, :to, :cc, :object]) |> validate_required([:id, :type, :actor, :to, :cc, :object])
|> validate_inclusion(:type, ["Delete"]) |> validate_inclusion(:type, ["Delete"])
|> validate_same_domain() |> validate_same_domain()
|> validate_object_presence() |> validate_object_or_user_presence()
end end
def validate_same_domain(cng) do def validate_same_domain(cng) do

View file

@ -15,14 +15,19 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
{:ok, post_activity} = CommonAPI.post(user, %{"status" => "cancel me daddy"}) {:ok, post_activity} = CommonAPI.post(user, %{"status" => "cancel me daddy"})
{:ok, valid_post_delete, _} = Builder.delete(user, post_activity.data["object"]) {:ok, valid_post_delete, _} = Builder.delete(user, post_activity.data["object"])
{:ok, valid_user_delete, _} = Builder.delete(user, user.ap_id)
%{user: user, valid_post_delete: valid_post_delete} %{user: user, valid_post_delete: valid_post_delete, valid_user_delete: valid_user_delete}
end end
test "it is valid for a post deletion", %{valid_post_delete: valid_post_delete} do test "it is valid for a post deletion", %{valid_post_delete: valid_post_delete} do
assert match?({:ok, _, _}, ObjectValidator.validate(valid_post_delete, [])) assert match?({:ok, _, _}, ObjectValidator.validate(valid_post_delete, []))
end end
test "it is valid for a user deletion", %{valid_user_delete: valid_user_delete} do
assert match?({:ok, _, _}, ObjectValidator.validate(valid_user_delete, []))
end
test "it's invalid if the id is missing", %{valid_post_delete: valid_post_delete} do test "it's invalid if the id is missing", %{valid_post_delete: valid_post_delete} do
no_id = no_id =
valid_post_delete valid_post_delete