Prevent silenced local users from notifying remote users not following them (#10575)

author ThibG <thib@sitedethib.com>

Thu, 9 May 2019 20:05:43 +0000 (22:05 +0200)

committer Eugen Rochko <eugen@zeonfederated.com>

Thu, 9 May 2019 20:05:43 +0000 (22:05 +0200)
author ThibG <thib@sitedethib.com>
Thu, 9 May 2019 20:05:43 +0000 (22:05 +0200)
committer Eugen Rochko <eugen@zeonfederated.com>
Thu, 9 May 2019 20:05:43 +0000 (22:05 +0200)
diff --git a/app/lib/activitypub/tag_manager.rb b/app/lib/activitypub/tag_manager.rb

index 892bb9974ab02ff97eb8a6d2a282280e15368231..595291342a361ea583adc5cfc9e4b19450c42c42 100644 (file)
--- a/app/lib/activitypub/tag_manager.rb
+++ b/app/lib/activitypub/tag_manager.rb
@@ -65,7 +65,14 @@ class ActivityPub::TagManager
      when 'unlisted', 'private'
        [account_followers_url(status.account)]
      when 'direct', 'limited'
-      status.active_mentions.map { |mention| uri_for(mention.account) }
+      if status.account.silenced?
+        # Only notify followers if the account is locally silenced
+        account_ids = status.active_mentions.pluck(:account_id)
+        to = status.account.followers.where(id: account_ids).map { |account| uri_for(account) }
+        to.concat(FollowRequest.where(target_account_id: status.account_id, account_id: account_ids).map { |request| uri_for(request.account) })
+      else
+        status.active_mentions.map { |mention| uri_for(mention.account) }
+      end
      end
    end
  
@@ -86,7 +93,16 @@ class ActivityPub::TagManager
        cc << COLLECTIONS[:public]
      end
  
-    cc.concat(status.active_mentions.map { |mention| uri_for(mention.account) }) unless status.direct_visibility? || status.limited_visibility?
+    unless status.direct_visibility? || status.limited_visibility?
+      if status.account.silenced?
+        # Only notify followers if the account is locally silenced
+        account_ids = status.active_mentions.pluck(:account_id)
+        cc.concat(status.account.followers.where(id: account_ids).map { |account| uri_for(account) })
+        cc.concat(FollowRequest.where(target_account_id: status.account_id, account_id: account_ids).map { |request| uri_for(request.account) })
+      else
+        cc.concat(status.active_mentions.map { |mention| uri_for(mention.account) })
+      end
+    end
  
      cc
    end
diff --git a/spec/lib/activitypub/tag_manager_spec.rb b/spec/lib/activitypub/tag_manager_spec.rb

index 0d16652169dfbdc8248edae23de5eec216653590..6d246629e786d3b6dfacc407af4f5bb602ce55bb 100644 (file)
--- a/spec/lib/activitypub/tag_manager_spec.rb
+++ b/spec/lib/activitypub/tag_manager_spec.rb
@@ -41,6 +41,22 @@ RSpec.describe ActivityPub::TagManager do
        status.mentions.create(account: mentioned)
        expect(subject.to(status)).to eq [subject.uri_for(mentioned)]
      end
+
+    it "returns URIs of mentions for direct silenced author's status only if they are followers or requesting to be" do
+      bob    = Fabricate(:account, username: 'bob')
+      alice  = Fabricate(:account, username: 'alice')
+      foo    = Fabricate(:account)
+      author = Fabricate(:account, username: 'author', silenced: true)
+      status = Fabricate(:status, visibility: :direct, account: author)
+      bob.follow!(author)
+      FollowRequest.create!(account: foo, target_account: author)
+      status.mentions.create(account: alice)
+      status.mentions.create(account: bob)
+      status.mentions.create(account: foo)
+      expect(subject.to(status)).to include(subject.uri_for(bob))
+      expect(subject.to(status)).to include(subject.uri_for(foo))
+      expect(subject.to(status)).to_not include(subject.uri_for(alice))
+    end
    end
  
    describe '#cc' do
@@ -70,6 +86,22 @@ RSpec.describe ActivityPub::TagManager do
        status.mentions.create(account: mentioned)
        expect(subject.cc(status)).to include(subject.uri_for(mentioned))
      end
+
+    it "returns URIs of mentions for silenced author's non-direct status only if they are followers or requesting to be" do
+      bob    = Fabricate(:account, username: 'bob')
+      alice  = Fabricate(:account, username: 'alice')
+      foo    = Fabricate(:account)
+      author = Fabricate(:account, username: 'author', silenced: true)
+      status = Fabricate(:status, visibility: :public, account: author)
+      bob.follow!(author)
+      FollowRequest.create!(account: foo, target_account: author)
+      status.mentions.create(account: alice)
+      status.mentions.create(account: bob)
+      status.mentions.create(account: foo)
+      expect(subject.cc(status)).to include(subject.uri_for(bob))
+      expect(subject.cc(status)).to include(subject.uri_for(foo))
+      expect(subject.cc(status)).to_not include(subject.uri_for(alice))
+    end
    end
  
    describe '#local_uri?' do
diff --git a/spec/services/process_mentions_service_spec.rb b/spec/services/process_mentions_service_spec.rb

index 963924fa9c42a0c526e06c2bcccddc386f8e14c3..8a6bb44acaad6ba4abf6ae4aa241a125512bc8ad 100644 (file)
--- a/spec/services/process_mentions_service_spec.rb
+++ b/spec/services/process_mentions_service_spec.rb
@@ -1,10 +1,11 @@
  require 'rails_helper'
  
  RSpec.describe ProcessMentionsService, type: :service do
-  let(:account) { Fabricate(:account, username: 'alice') }
-  let(:status)  { Fabricate(:status, account: account, text: "Hello @#{remote_user.acct}") }
+  let(:account)    { Fabricate(:account, username: 'alice') }
+  let(:visibility) { :public }
+  let(:status)     { Fabricate(:status, account: account, text: "Hello @#{remote_user.acct}", visibility: visibility) }
  
-  context 'OStatus' do
+  context 'OStatus with public toot' do
      let(:remote_user) { Fabricate(:account, username: 'remote_user', protocol: :ostatus, domain: 'example.com', salmon_url: 'http://salmon.example.com') }
  
      subject { ProcessMentionsService.new }
@@ -23,6 +24,26 @@ RSpec.describe ProcessMentionsService, type: :service do
      end
    end
  
+  context 'OStatus with private toot' do
+    let(:visibility)  { :private }
+    let(:remote_user) { Fabricate(:account, username: 'remote_user', protocol: :ostatus, domain: 'example.com', salmon_url: 'http://salmon.example.com') }
+
+    subject { ProcessMentionsService.new }
+
+    before do
+      stub_request(:post, remote_user.salmon_url)
+      subject.call(status)
+    end
+
+    it 'does not create a mention' do
+      expect(remote_user.mentions.where(status: status).count).to eq 0
+    end
+
+    it 'does not post to remote user\'s Salmon end point' do
+      expect(a_request(:post, remote_user.salmon_url)).to_not have_been_made
+    end
+  end
+
    context 'ActivityPub' do
      let(:remote_user) { Fabricate(:account, username: 'remote_user', protocol: :activitypub, domain: 'example.com', inbox_url: 'http://example.com/inbox') }
author	ThibG <thib@sitedethib.com>
	Thu, 9 May 2019 20:05:43 +0000 (22:05 +0200)
committer	Eugen Rochko <eugen@zeonfederated.com>
	Thu, 9 May 2019 20:05:43 +0000 (22:05 +0200)
app/lib/activitypub/tag_manager.rb		patch \| blob \| history
spec/lib/activitypub/tag_manager_spec.rb		patch \| blob \| history
spec/services/process_mentions_service_spec.rb		patch \| blob \| history