mirror of
https://akkoma.dev/AkkomaGang/akkoma.git
synced 2024-12-24 02:02:19 +00:00
Merge branch 'feature/restrict-c2s' into 'develop'
AP C2S: Restrict creation to `Note`s for now. See merge request pleroma/pleroma!2472
This commit is contained in:
commit
769d95644d
|
@ -396,7 +396,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
|
|||
|> json(err)
|
||||
end
|
||||
|
||||
defp handle_user_activity(%User{} = user, %{"type" => "Create"} = params) do
|
||||
defp handle_user_activity(
|
||||
%User{} = user,
|
||||
%{"type" => "Create", "object" => %{"type" => "Note"}} = params
|
||||
) do
|
||||
object =
|
||||
params["object"]
|
||||
|> Map.merge(Map.take(params, ["to", "cc"]))
|
||||
|
|
|
@ -815,6 +815,21 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
|
|||
assert object["content"] == activity["object"]["content"]
|
||||
end
|
||||
|
||||
test "it rejects anything beyond 'Note' creations", %{conn: conn, activity: activity} do
|
||||
user = insert(:user)
|
||||
|
||||
activity =
|
||||
activity
|
||||
|> put_in(["object", "type"], "Benis")
|
||||
|
||||
_result =
|
||||
conn
|
||||
|> assign(:user, user)
|
||||
|> put_req_header("content-type", "application/activity+json")
|
||||
|> post("/users/#{user.nickname}/outbox", activity)
|
||||
|> json_response(400)
|
||||
end
|
||||
|
||||
test "it inserts an incoming sensitive activity into the database", %{
|
||||
conn: conn,
|
||||
activity: activity
|
||||
|
|
Loading…
Reference in a new issue