Validate alias IDs

This commit is contained in:
Alex Gleason 2020-07-17 19:11:28 -05:00
parent d0eb43b58b
commit bd1e2e3a58
No known key found for this signature in database
GPG Key ID: 7211D1F99744FBB7
3 changed files with 21 additions and 0 deletions

View File

@ -63,6 +63,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Support pagination in emoji packs API (for packs and for files in pack) - Support pagination in emoji packs API (for packs and for files in pack)
- Support for viewing instances favicons next to posts and accounts - Support for viewing instances favicons next to posts and accounts
- Added Pleroma.Upload.Filter.Exiftool as an alternate EXIF stripping mechanism targeting GPS/location metadata. - Added Pleroma.Upload.Filter.Exiftool as an alternate EXIF stripping mechanism targeting GPS/location metadata.
- Ability to set ActivityPub aliases for follower migration.
<details> <details>
<summary>API Changes</summary> <summary>API Changes</summary>

View File

@ -47,6 +47,8 @@ defmodule Pleroma.User do
# credo:disable-for-next-line Credo.Check.Readability.MaxLineLength # credo:disable-for-next-line Credo.Check.Readability.MaxLineLength
@email_regex ~r/^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/ @email_regex ~r/^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/
# credo:disable-for-next-line Credo.Check.Readability.MaxLineLength
@url_regex ~r/https?:\/\/[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&\/=]*)/
@strict_local_nickname_regex ~r/^[a-zA-Z\d]+$/ @strict_local_nickname_regex ~r/^[a-zA-Z\d]+$/
@extended_local_nickname_regex ~r/^[a-zA-Z\d_-]+$/ @extended_local_nickname_regex ~r/^[a-zA-Z\d_-]+$/
@ -2278,6 +2280,7 @@ def add_aliases(%User{} = user, aliases) when is_list(aliases) do
user user
|> change(%{ap_aliases: alias_set}) |> change(%{ap_aliases: alias_set})
|> validate_ap_aliases()
|> Repo.update() |> Repo.update()
end end
@ -2290,6 +2293,16 @@ def delete_aliases(%User{} = user, aliases) when is_list(aliases) do
user user
|> change(%{ap_aliases: alias_set}) |> change(%{ap_aliases: alias_set})
|> validate_ap_aliases()
|> Repo.update() |> Repo.update()
end end
defp validate_ap_aliases(changeset) do
validate_change(changeset, :ap_aliases, fn :ap_aliases, ap_aliases ->
case Enum.all?(ap_aliases, fn a -> Regex.match?(@url_regex, a) end) do
true -> []
false -> [ap_aliases: "Invalid ap_id format. Must be a URL."]
end
end)
end
end end

View File

@ -1876,6 +1876,13 @@ test "add_aliases/2" do
] ]
end end
test "add_aliases/2 with invalid alias" do
user = insert(:user)
{:error, _} = User.add_aliases(user, ["invalid_alias"])
{:error, _} = User.add_aliases(user, ["http://still_invalid"])
{:error, _} = User.add_aliases(user, ["http://validalias.com/users/dude", "invalid_alias"])
end
test "delete_aliases/2" do test "delete_aliases/2" do
user = user =
insert(:user, insert(:user,