User: truncate remote user fields instead of rejecting

This commit is contained in:
Haelwenn (lanodan) Monnier 2024-08-13 20:06:01 +02:00 committed by Floatingghost
parent c0a99df06a
commit 2b1a252cc7
4 changed files with 20 additions and 2 deletions

View file

@ -0,0 +1 @@
Truncate remote user fields, avoids them getting rejected

View file

@ -443,6 +443,7 @@ defmodule Pleroma.User do
def remote_user_changeset(struct \\ %User{local: false}, params) do def remote_user_changeset(struct \\ %User{local: false}, params) do
bio_limit = Config.get([:instance, :user_bio_length], 5000) bio_limit = Config.get([:instance, :user_bio_length], 5000)
name_limit = Config.get([:instance, :user_name_length], 100) name_limit = Config.get([:instance, :user_name_length], 100)
fields_limit = Config.get([:instance, :max_remote_account_fields], 0)
name = name =
case params[:name] do case params[:name] do
@ -456,6 +457,7 @@ defmodule Pleroma.User do
|> Map.put_new(:last_refreshed_at, NaiveDateTime.utc_now()) |> Map.put_new(:last_refreshed_at, NaiveDateTime.utc_now())
|> truncate_if_exists(:name, name_limit) |> truncate_if_exists(:name, name_limit)
|> truncate_if_exists(:bio, bio_limit) |> truncate_if_exists(:bio, bio_limit)
|> Map.update(:fields, [], &Enum.take(&1, fields_limit))
|> truncate_fields_param() |> truncate_fields_param()
|> fix_follower_address() |> fix_follower_address()

View file

@ -966,6 +966,21 @@ defmodule Pleroma.UserTest do
refute cs.valid? refute cs.valid?
end end
test "it truncates fields" do
clear_config([:instance, :max_remote_account_fields], 2)
fields = [
%{"name" => "One", "value" => "Uno"},
%{"name" => "Two", "value" => "Dos"},
%{"name" => "Three", "value" => "Tres"}
]
cs = User.remote_user_changeset(@valid_remote |> Map.put(:fields, fields))
assert [%{"name" => "One", "value" => "Uno"}, %{"name" => "Two", "value" => "Dos"}] ==
Ecto.Changeset.get_field(cs, :fields)
end
end end
describe "followers and friends" do describe "followers and friends" do

View file

@ -119,8 +119,8 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.UserUpdateHandlingTest do
user = User.get_cached_by_ap_id(user.ap_id) user = User.get_cached_by_ap_id(user.ap_id)
assert user.fields == [ assert user.fields == [
%{"name" => "foo", "value" => "updated"}, %{"name" => "foo", "value" => "bar"},
%{"name" => "foo1", "value" => "updated"} %{"name" => "foo11", "value" => "bar11"}
] ]
update_data = update_data =