From a6f7b3cb34fed7f5c01226df8750bdb02bbc3f2f Mon Sep 17 00:00:00 2001 From: Thibaut Girka Date: Sat, 13 Apr 2019 21:50:49 +0200 Subject: [PATCH 1/3] Prevent silenced local users from notifying remote users not following them This is an attempt to extend the local restrictions of silenced users to the federation. --- app/lib/activitypub/tag_manager.rb | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/app/lib/activitypub/tag_manager.rb b/app/lib/activitypub/tag_manager.rb index 892bb9974ab02f..595291342a361e 100644 --- a/app/lib/activitypub/tag_manager.rb +++ b/app/lib/activitypub/tag_manager.rb @@ -65,7 +65,14 @@ def to(status) when 'unlisted', 'private' [account_followers_url(status.account)] when 'direct', 'limited' - status.active_mentions.map { |mention| uri_for(mention.account) } + if status.account.silenced? + # Only notify followers if the account is locally silenced + account_ids = status.active_mentions.pluck(:account_id) + to = status.account.followers.where(id: account_ids).map { |account| uri_for(account) } + to.concat(FollowRequest.where(target_account_id: status.account_id, account_id: account_ids).map { |request| uri_for(request.account) }) + else + status.active_mentions.map { |mention| uri_for(mention.account) } + end end end @@ -86,7 +93,16 @@ def cc(status) cc << COLLECTIONS[:public] end - cc.concat(status.active_mentions.map { |mention| uri_for(mention.account) }) unless status.direct_visibility? || status.limited_visibility? + unless status.direct_visibility? || status.limited_visibility? + if status.account.silenced? + # Only notify followers if the account is locally silenced + account_ids = status.active_mentions.pluck(:account_id) + cc.concat(status.account.followers.where(id: account_ids).map { |account| uri_for(account) }) + cc.concat(FollowRequest.where(target_account_id: status.account_id, account_id: account_ids).map { |request| uri_for(request.account) }) + else + cc.concat(status.active_mentions.map { |mention| uri_for(mention.account) }) + end + end cc end From afceb848309867a1b8fb78aefdb0ca05fcdbc203 Mon Sep 17 00:00:00 2001 From: Thibaut Girka Date: Sun, 14 Apr 2019 11:22:11 +0200 Subject: [PATCH 2/3] Add tests --- spec/lib/activitypub/tag_manager_spec.rb | 32 ++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/spec/lib/activitypub/tag_manager_spec.rb b/spec/lib/activitypub/tag_manager_spec.rb index 0d16652169dfbd..6d246629e786d3 100644 --- a/spec/lib/activitypub/tag_manager_spec.rb +++ b/spec/lib/activitypub/tag_manager_spec.rb @@ -41,6 +41,22 @@ status.mentions.create(account: mentioned) expect(subject.to(status)).to eq [subject.uri_for(mentioned)] end + + it "returns URIs of mentions for direct silenced author's status only if they are followers or requesting to be" do + bob = Fabricate(:account, username: 'bob') + alice = Fabricate(:account, username: 'alice') + foo = Fabricate(:account) + author = Fabricate(:account, username: 'author', silenced: true) + status = Fabricate(:status, visibility: :direct, account: author) + bob.follow!(author) + FollowRequest.create!(account: foo, target_account: author) + status.mentions.create(account: alice) + status.mentions.create(account: bob) + status.mentions.create(account: foo) + expect(subject.to(status)).to include(subject.uri_for(bob)) + expect(subject.to(status)).to include(subject.uri_for(foo)) + expect(subject.to(status)).to_not include(subject.uri_for(alice)) + end end describe '#cc' do @@ -70,6 +86,22 @@ status.mentions.create(account: mentioned) expect(subject.cc(status)).to include(subject.uri_for(mentioned)) end + + it "returns URIs of mentions for silenced author's non-direct status only if they are followers or requesting to be" do + bob = Fabricate(:account, username: 'bob') + alice = Fabricate(:account, username: 'alice') + foo = Fabricate(:account) + author = Fabricate(:account, username: 'author', silenced: true) + status = Fabricate(:status, visibility: :public, account: author) + bob.follow!(author) + FollowRequest.create!(account: foo, target_account: author) + status.mentions.create(account: alice) + status.mentions.create(account: bob) + status.mentions.create(account: foo) + expect(subject.cc(status)).to include(subject.uri_for(bob)) + expect(subject.cc(status)).to include(subject.uri_for(foo)) + expect(subject.cc(status)).to_not include(subject.uri_for(alice)) + end end describe '#local_uri?' do From 45fe442b40ed227872648be7bb0a3ca719223562 Mon Sep 17 00:00:00 2001 From: Thibaut Girka Date: Sun, 14 Apr 2019 11:55:52 +0200 Subject: [PATCH 3/3] Add tests for making sure private status don't get sent over OStatus --- .../services/process_mentions_service_spec.rb | 27 ++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/spec/services/process_mentions_service_spec.rb b/spec/services/process_mentions_service_spec.rb index 963924fa9c42a0..8a6bb44acaad6b 100644 --- a/spec/services/process_mentions_service_spec.rb +++ b/spec/services/process_mentions_service_spec.rb @@ -1,10 +1,11 @@ require 'rails_helper' RSpec.describe ProcessMentionsService, type: :service do - let(:account) { Fabricate(:account, username: 'alice') } - let(:status) { Fabricate(:status, account: account, text: "Hello @#{remote_user.acct}") } + let(:account) { Fabricate(:account, username: 'alice') } + let(:visibility) { :public } + let(:status) { Fabricate(:status, account: account, text: "Hello @#{remote_user.acct}", visibility: visibility) } - context 'OStatus' do + context 'OStatus with public toot' do let(:remote_user) { Fabricate(:account, username: 'remote_user', protocol: :ostatus, domain: 'example.com', salmon_url: 'http://salmon.example.com') } subject { ProcessMentionsService.new } @@ -23,6 +24,26 @@ end end + context 'OStatus with private toot' do + let(:visibility) { :private } + let(:remote_user) { Fabricate(:account, username: 'remote_user', protocol: :ostatus, domain: 'example.com', salmon_url: 'http://salmon.example.com') } + + subject { ProcessMentionsService.new } + + before do + stub_request(:post, remote_user.salmon_url) + subject.call(status) + end + + it 'does not create a mention' do + expect(remote_user.mentions.where(status: status).count).to eq 0 + end + + it 'does not post to remote user\'s Salmon end point' do + expect(a_request(:post, remote_user.salmon_url)).to_not have_been_made + end + end + context 'ActivityPub' do let(:remote_user) { Fabricate(:account, username: 'remote_user', protocol: :activitypub, domain: 'example.com', inbox_url: 'http://example.com/inbox') }