bss
/
pleroma
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: bss:1f4be2b3495b6df03843f923a53aff5913e1ef0d
Branches Tags
bss:develop
bss:stable
bss:vips
bss:weblate
bss:weblate-extract
bss:finch_everywhere
bss:update-deps
bss:deps-update
bss:features/image-object
bss:frontend-caching
bss:fix/articlenote-fixup-attachments
bss:fix/featured-collection-without-orderedItems-property
bss:features/ingestion-listen
bss:systemd-template-unit
bss:hj-develop-patch-68148-maintainers
bss:operation-warpsneed
bss:status-view
bss:quote-post
bss:mrf-tuples-fix
bss:birth-dates
bss:blocking-use-index
bss:bookwyrm-entities
bss:matrix
bss:cockroachdb
bss:object-flake
bss:2061-chat-deletion
bss:request-logger
bss:2795-small-fix-for-elixir-1-13
bss:fix-home-timeline
bss:2788-fix-user-timeline-when-pins-are-nil
bss:bugfix/apc2s-published
bss:features/attachment_direct
bss:chores/non-pipeline-cleanup
bss:features/ingestion-unfollow
bss:poll-notification-fixes
bss:feature/update-description-for-dynamic-render
bss:nsfw-api-mrf
bss:email-list
bss:frontend-enable
bss:fix/newlines-in-push-and-link-previews
bss:elixir-1.11-ci
bss:cycles-ensure-plug
bss:cycles-validator
bss:cycles-context
bss:bugfix/erlang-24-format
bss:cycles-config-url
bss:mrf-hashtag-default
bss:docs-asdf
bss:endpoint-url
bss:0-cycles-rough
bss:cycles
bss:instance-view-recompilation
bss:rich-media
bss:attachment-meta
bss:feature/mrf_auto_subject
bss:feature/2389-adding-tabs-into-descriptions
bss:feature/config-versioning
bss:earmark
bss:test/buildperf
bss:feature/2295-email-mention-notification
bss:flash-support-csp
bss:feature/2145-installer-and-configdb-changes
bss:issue/2190
bss:feature/installer
bss:feature/dynamic-supervisor
bss:feature/1820-unify-settings
bss:tests/openapi-oauth
bss:add-assets-to-static-file-constants
bss:feature/2515-admin-statuses
bss:feat/user-deletion-transaction
bss:delete-chats-for-deleted-users
bss:fix/user-delete
bss:youtube-fix
bss:feat/heif-upload-filter
bss:build-docker/feature/object-hashtags-rework
bss:descriptions-automatic-tabs
bss:3259-objects-attachments-media-background-migration
bss:groups
bss:feat/mrf-dnsrbl
bss:refactor/uploads
bss:gin-speedup
bss:release/2.2.3
bss:ilja_simple_policy_reasons_for_instance_specific_policies
bss:simplePolicy_reasons_for_instance_specific_policies
bss:features/validators-note-2
bss:store-ip
bss:deletion-resilience
bss:2151-conversation-stream
bss:test-speedup
bss:flag-stuff
bss:2307-object-activities-index-issue
bss:issue/2315-poll-notify
bss:features/emoji_reactions_list
bss:feature/1902-attachment-filename
bss:changelog-update
bss:2298-weird-follow-issue
bss:issue/2205
bss:alexgleason-oauth-form
bss:1668/default-disable-prometheus
bss:2232-double-delete
bss:features/ap_c2s_proxyUrl
bss:maint/niou-curses
bss:fix/2189-remote-user-deletion
bss:refactor/start-restart-pleroma
bss:feat/fedsocket-simplify
bss:media-preview-proxy
bss:arm64test
bss:fix/disable-favicons-in-tests
bss:matrix-explorations
bss:message-debug-mode
bss:2168-media-preview-proxy
bss:note-update
bss:issue/1969
bss:chore/update-floki-find-usage
bss:frontends/static
bss:frontends/logic-flow
bss:refactor/fe-bundles
bss:chores/our-libs-hex-releases
bss:1918-avatar-background-header-reset
bss:feature/1392-support-irreversible-filters
bss:namespace-move-notification
bss:1570-levenshtein-distance-user-search
bss:fix/mediaproxy-http-invalidation
bss:fix/http_secury_plug
bss:revert-6dd1575c
bss:chore/expose-invalidation-to-adminfe
bss:fix/1650-domain-mutes
bss:use-system-time
bss:bugfix/non-ap_enabled-direct_follow
bss:1754-bio-length-stable
bss:features/attachment_validator
bss:chore/unhide-features
bss:gun-memory-leak
bss:feature/undo-validator
bss:pleroma-fe-2020-05-01-c67e9daf
bss:mongoose-im-deactivated-users
bss:contrib/munin-healthcheck
bss:debug-remote-ip
bss:feature/add-subject-to-text-search
bss:fix/1604-emoji-path
bss:fix/dont-expose-remote-accounts-to-search-engines
bss:frontend-dl-task
bss:fix/epmd-loopback
bss:issue/1469
bss:rate-limiter-compile-time-and-runtime-settings-mix-with-increased-complexity
bss:relay-list-change-for-stable
bss:make-hashtags-fast-again
bss:chore/tag-settings-with-reboot
bss:features/link-previews-disable-remote
bss:fix/1518-admin-reports-timeout
bss:floki-fast_html-2-electric-boogalo
bss:revert/attachment-cleanup
bss:thumbnail-proxy
bss:fix-tags-again
bss:chore/benchmark-dedicated-db
bss:remote-follow-auth-fix
bss:feature/compile_get
bss:feature/user-whitelist
bss:fix/admin-api-grouped-reports-closed-reports
bss:fix/grouped-reports-for-deprecated-format
bss:release/1.0
bss:object-id-column
bss:feature/reply-filtering-mk3
bss:integration/alex.s/gun
bss:release/1.0.6
bss:release/1.0.5
bss:release/1.0.4
bss:release/1.0.3
bss:release/1.0.2
bss:release/1.0.1
bss:v2.4.4
bss:v2.4.3
bss:v2.4.2
bss:v2.4.1
bss:v2.4.0
bss:v2.3.0
bss:v2.2.2
bss:v2.2.1
bss:v2.2.0
bss:v2.1.2
bss:v2.1.1
bss:v2.1.0
bss:v2.0.7
bss:v2.0.6
bss:v2.0.5
bss:v2.0.4
bss:v2.0.3
bss:v2.0.2
bss:v2.0.1
bss:v2.0.0
bss:v1.1.9
bss:v1.1.8
bss:v1.1.7
bss:v1.1.6
bss:v1.1.5
bss:v1.1.4
bss:v1.1.3
bss:v1.1.2
bss:v1.1.1
bss:v1.1.0
bss:v1.0.91
bss:v1.0.90
bss:v1.0.7
bss:v1.0.6
bss:v1.0.5
bss:v1.0.4
bss:v1.0.3
bss:v1.0.2
bss:v1.0.1
bss:v1.0.0
bss:v0.9.99999
bss:v0.9.9999
bss:v0.9.999
bss:v0.9.99
bss:v0.9.9
...
compare: bss:f966abe4fbacf8fa91cf2b533f8abfb57d62f8b7
Branches Tags
bss:stable
bss:develop
bss:vips
bss:weblate
bss:weblate-extract
bss:finch_everywhere
bss:update-deps
bss:deps-update
bss:features/image-object
bss:frontend-caching
bss:fix/articlenote-fixup-attachments
bss:fix/featured-collection-without-orderedItems-property
bss:features/ingestion-listen
bss:systemd-template-unit
bss:hj-develop-patch-68148-maintainers
bss:operation-warpsneed
bss:status-view
bss:quote-post
bss:mrf-tuples-fix
bss:birth-dates
bss:blocking-use-index
bss:bookwyrm-entities
bss:matrix
bss:cockroachdb
bss:object-flake
bss:2061-chat-deletion
bss:request-logger
bss:2795-small-fix-for-elixir-1-13
bss:fix-home-timeline
bss:2788-fix-user-timeline-when-pins-are-nil
bss:bugfix/apc2s-published
bss:features/attachment_direct
bss:chores/non-pipeline-cleanup
bss:features/ingestion-unfollow
bss:poll-notification-fixes
bss:feature/update-description-for-dynamic-render
bss:nsfw-api-mrf
bss:email-list
bss:frontend-enable
bss:fix/newlines-in-push-and-link-previews
bss:elixir-1.11-ci
bss:cycles-ensure-plug
bss:cycles-validator
bss:cycles-context
bss:bugfix/erlang-24-format
bss:cycles-config-url
bss:mrf-hashtag-default
bss:docs-asdf
bss:endpoint-url
bss:0-cycles-rough
bss:cycles
bss:instance-view-recompilation
bss:rich-media
bss:attachment-meta
bss:feature/mrf_auto_subject
bss:feature/2389-adding-tabs-into-descriptions
bss:feature/config-versioning
bss:earmark
bss:test/buildperf
bss:feature/2295-email-mention-notification
bss:flash-support-csp
bss:feature/2145-installer-and-configdb-changes
bss:issue/2190
bss:feature/installer
bss:feature/dynamic-supervisor
bss:feature/1820-unify-settings
bss:tests/openapi-oauth
bss:add-assets-to-static-file-constants
bss:feature/2515-admin-statuses
bss:feat/user-deletion-transaction
bss:delete-chats-for-deleted-users
bss:fix/user-delete
bss:youtube-fix
bss:feat/heif-upload-filter
bss:build-docker/feature/object-hashtags-rework
bss:descriptions-automatic-tabs
bss:3259-objects-attachments-media-background-migration
bss:groups
bss:feat/mrf-dnsrbl
bss:refactor/uploads
bss:gin-speedup
bss:release/2.2.3
bss:ilja_simple_policy_reasons_for_instance_specific_policies
bss:simplePolicy_reasons_for_instance_specific_policies
bss:features/validators-note-2
bss:store-ip
bss:deletion-resilience
bss:2151-conversation-stream
bss:test-speedup
bss:flag-stuff
bss:2307-object-activities-index-issue
bss:issue/2315-poll-notify
bss:features/emoji_reactions_list
bss:feature/1902-attachment-filename
bss:changelog-update
bss:2298-weird-follow-issue
bss:issue/2205
bss:alexgleason-oauth-form
bss:1668/default-disable-prometheus
bss:2232-double-delete
bss:features/ap_c2s_proxyUrl
bss:maint/niou-curses
bss:fix/2189-remote-user-deletion
bss:refactor/start-restart-pleroma
bss:feat/fedsocket-simplify
bss:media-preview-proxy
bss:arm64test
bss:fix/disable-favicons-in-tests
bss:matrix-explorations
bss:message-debug-mode
bss:2168-media-preview-proxy
bss:note-update
bss:issue/1969
bss:chore/update-floki-find-usage
bss:frontends/static
bss:frontends/logic-flow
bss:refactor/fe-bundles
bss:chores/our-libs-hex-releases
bss:1918-avatar-background-header-reset
bss:feature/1392-support-irreversible-filters
bss:namespace-move-notification
bss:1570-levenshtein-distance-user-search
bss:fix/mediaproxy-http-invalidation
bss:fix/http_secury_plug
bss:revert-6dd1575c
bss:chore/expose-invalidation-to-adminfe
bss:fix/1650-domain-mutes
bss:use-system-time
bss:bugfix/non-ap_enabled-direct_follow
bss:1754-bio-length-stable
bss:features/attachment_validator
bss:chore/unhide-features
bss:gun-memory-leak
bss:feature/undo-validator
bss:pleroma-fe-2020-05-01-c67e9daf
bss:mongoose-im-deactivated-users
bss:contrib/munin-healthcheck
bss:debug-remote-ip
bss:feature/add-subject-to-text-search
bss:fix/1604-emoji-path
bss:fix/dont-expose-remote-accounts-to-search-engines
bss:frontend-dl-task
bss:fix/epmd-loopback
bss:issue/1469
bss:rate-limiter-compile-time-and-runtime-settings-mix-with-increased-complexity
bss:relay-list-change-for-stable
bss:make-hashtags-fast-again
bss:chore/tag-settings-with-reboot
bss:features/link-previews-disable-remote
bss:fix/1518-admin-reports-timeout
bss:floki-fast_html-2-electric-boogalo
bss:revert/attachment-cleanup
bss:thumbnail-proxy
bss:fix-tags-again
bss:chore/benchmark-dedicated-db
bss:remote-follow-auth-fix
bss:feature/compile_get
bss:feature/user-whitelist
bss:fix/admin-api-grouped-reports-closed-reports
bss:fix/grouped-reports-for-deprecated-format
bss:release/1.0
bss:object-id-column
bss:feature/reply-filtering-mk3
bss:integration/alex.s/gun
bss:release/1.0.6
bss:release/1.0.5
bss:release/1.0.4
bss:release/1.0.3
bss:release/1.0.2
bss:release/1.0.1
bss:v2.4.4
bss:v2.4.3
bss:v2.4.2
bss:v2.4.1
bss:v2.4.0
bss:v2.3.0
bss:v2.2.2
bss:v2.2.1
bss:v2.2.0
bss:v2.1.2
bss:v2.1.1
bss:v2.1.0
bss:v2.0.7
bss:v2.0.6
bss:v2.0.5
bss:v2.0.4
bss:v2.0.3
bss:v2.0.2
bss:v2.0.1
bss:v2.0.0
bss:v1.1.9
bss:v1.1.8
bss:v1.1.7
bss:v1.1.6
bss:v1.1.5
bss:v1.1.4
bss:v1.1.3
bss:v1.1.2
bss:v1.1.1
bss:v1.1.0
bss:v1.0.91
bss:v1.0.90
bss:v1.0.7
bss:v1.0.6
bss:v1.0.5
bss:v1.0.4
bss:v1.0.3
bss:v1.0.2
bss:v1.0.1
bss:v1.0.0
bss:v0.9.99999
bss:v0.9.9999
bss:v0.9.999
bss:v0.9.99
bss:v0.9.9

3 Commits
1f4be2b349 ... f966abe4fb

Author SHA1 Message Date
Haelwenn f966abe4fb Merge branch 'release/2.5.5' into 'stable' 
Release 2.5.5

See merge request pleroma/pleroma!3949
 2023-09-03 12:12:44 +00:00
Haelwenn (lanodan) Monnier 385492577d mix: version 2.5.5 2023-09-03 11:19:26 +02:00
Mint 535a5ecad0 CommonAPI: Prevent users from accessing media of other users 
commit 1afde067b1 upstream.
 2023-09-03 11:19:13 +02:00
11 changed files with 92 additions and 32 deletions
Show Stats Expand all files Collapse all files

7
CHANGELOG.md
View File

@ -14,7 +14,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Removed ### Removed
## 2.5.54 ## 2.5.5
## Security
- Prevent users from accessing media of other users by creating a status with reused attachment ID
## 2.5.4
## Security ## Security
- Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem - Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem

1
changelog.d/check-attachment-attribution.security Normal file
View File

@ -0,0 +1 @@
CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID

6
lib/pleroma/scheduled_activity.ex
View File

@ -40,7 +40,11 @@ defp with_media_attachments(
%{changes: %{params: %{"media_ids" => media_ids} = params}} = changeset %{changes: %{params: %{"media_ids" => media_ids} = params}} = changeset
) )
when is_list(media_ids) do when is_list(media_ids) do
media_attachments = Utils.attachments_from_ids(%{media_ids: media_ids}) media_attachments =
Utils.attachments_from_ids(
%{media_ids: media_ids},
User.get_cached_by_id(changeset.data.user_id)
)
params = params =
params params

12
lib/pleroma/web/common_api.ex
View File

@ -33,6 +33,7 @@ def block(blocker, blocked) do
def post_chat_message(%User{} = user, %User{} = recipient, content, opts \\ []) do def post_chat_message(%User{} = user, %User{} = recipient, content, opts \\ []) do
with maybe_attachment <- opts[:media_id] && Object.get_by_id(opts[:media_id]), with maybe_attachment <- opts[:media_id] && Object.get_by_id(opts[:media_id]),
:ok <- validate_chat_attachment_attribution(maybe_attachment, user),
:ok <- validate_chat_content_length(content, !!maybe_attachment), :ok <- validate_chat_content_length(content, !!maybe_attachment),
{_, {:ok, chat_message_data, _meta}} <- {_, {:ok, chat_message_data, _meta}} <-
{:build_object, {:build_object,
@ -71,6 +72,17 @@ defp format_chat_content(content) do
text text
end end
defp validate_chat_attachment_attribution(nil, _), do: :ok
defp validate_chat_attachment_attribution(attachment, user) do
with :ok <- Object.authorize_access(attachment, user) do
:ok
else
e ->
e
end
end
defp validate_chat_content_length(_, true), do: :ok defp validate_chat_content_length(_, true), do: :ok
defp validate_chat_content_length(nil, false), do: {:error, :no_content} defp validate_chat_content_length(nil, false), do: {:error, :no_content}

2
lib/pleroma/web/common_api/activity_draft.ex
View File

@ -111,7 +111,7 @@ defp full_payload(%{status: status, summary: summary} = draft) do
end end
defp attachments(%{params: params} = draft) do defp attachments(%{params: params} = draft) do
attachments = Utils.attachments_from_ids(params) attachments = Utils.attachments_from_ids(params, draft.user)
draft = %__MODULE__{draft | attachments: attachments} draft = %__MODULE__{draft | attachments: attachments}
case Utils.validate_attachments_count(attachments) do case Utils.validate_attachments_count(attachments) do

31
lib/pleroma/web/common_api/utils.ex
View File

@ -23,21 +23,21 @@ defmodule Pleroma.Web.CommonAPI.Utils do
require Logger require Logger
require Pleroma.Constants require Pleroma.Constants
def attachments_from_ids(%{media_ids: ids, descriptions: desc}) do def attachments_from_ids(%{media_ids: ids, descriptions: desc}, user) do
attachments_from_ids_descs(ids, desc) attachments_from_ids_descs(ids, desc, user)
end end
def attachments_from_ids(%{media_ids: ids}) do def attachments_from_ids(%{media_ids: ids}, user) do
attachments_from_ids_no_descs(ids) attachments_from_ids_no_descs(ids, user)
end end
def attachments_from_ids(_), do: [] def attachments_from_ids(_, _), do: []
def attachments_from_ids_no_descs([]), do: [] def attachments_from_ids_no_descs([], _), do: []
def attachments_from_ids_no_descs(ids) do def attachments_from_ids_no_descs(ids, user) do
Enum.map(ids, fn media_id -> Enum.map(ids, fn media_id ->
case get_attachment(media_id) do case get_attachment(media_id, user) do
%Object{data: data} -> data %Object{data: data} -> data
_ -> nil _ -> nil
end end
@ -45,21 +45,26 @@ def attachments_from_ids_no_descs(ids) do
|> Enum.reject(&is_nil/1) |> Enum.reject(&is_nil/1)
end end
def attachments_from_ids_descs([], _), do: [] def attachments_from_ids_descs([], _, _), do: []
def attachments_from_ids_descs(ids, descs_str) do def attachments_from_ids_descs(ids, descs_str, user) do
{_, descs} = Jason.decode(descs_str) {_, descs} = Jason.decode(descs_str)
Enum.map(ids, fn media_id -> Enum.map(ids, fn media_id ->
with %Object{data: data} <- get_attachment(media_id) do with %Object{data: data} <- get_attachment(media_id, user) do
Map.put(data, "name", descs[media_id]) Map.put(data, "name", descs[media_id])
end end
end) end)
|> Enum.reject(&is_nil/1) |> Enum.reject(&is_nil/1)
end end
defp get_attachment(media_id) do defp get_attachment(media_id, user) do
Repo.get(Object, media_id) with %Object{data: _data} = object <- Repo.get(Object, media_id),
:ok <- Object.authorize_access(object, user) do
object
else
_ -> nil
end
end end
@spec get_to_and_cc(ActivityDraft.t()) :: {list(String.t()), list(String.t())} @spec get_to_and_cc(ActivityDraft.t()) :: {list(String.t()), list(String.t())}

2
mix.exs
View File

@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
def project do def project do
[ [
app: :pleroma, app: :pleroma,
version: version("2.5.4"), version: version("2.5.5"),
elixir: "~> 1.11", elixir: "~> 1.11",
elixirc_paths: elixirc_paths(Mix.env()), elixirc_paths: elixirc_paths(Mix.env()),
compilers: [:phoenix, :gettext] ++ Mix.compilers(), compilers: [:phoenix, :gettext] ++ Mix.compilers(),

41
test/pleroma/web/common_api/utils_test.exs
View File

@ -586,41 +586,56 @@ test "returns recipients when object not found" do
end end
end end
describe "attachments_from_ids_descs/2" do describe "attachments_from_ids_descs/3" do
test "returns [] when attachment ids is empty" do test "returns [] when attachment ids is empty" do
assert Utils.attachments_from_ids_descs([], "{}") == [] assert Utils.attachments_from_ids_descs([], "{}", nil) == []
end end
test "returns list attachments with desc" do test "returns list attachments with desc" do
object = insert(:note) user = insert(:user)
object = insert(:note, %{user: user})
desc = Jason.encode!(%{object.id => "test-desc"}) desc = Jason.encode!(%{object.id => "test-desc"})
assert Utils.attachments_from_ids_descs(["#{object.id}", "34"], desc) == [ assert Utils.attachments_from_ids_descs(["#{object.id}", "34"], desc, user) == [
Map.merge(object.data, %{"name" => "test-desc"}) Map.merge(object.data, %{"name" => "test-desc"})
] ]
end end
end end
describe "attachments_from_ids/1" do describe "attachments_from_ids/2" do
test "returns attachments with descs" do test "returns attachments with descs" do
object = insert(:note) user = insert(:user)
object = insert(:note, %{user: user})
desc = Jason.encode!(%{object.id => "test-desc"}) desc = Jason.encode!(%{object.id => "test-desc"})
assert Utils.attachments_from_ids(%{ assert Utils.attachments_from_ids(
media_ids: ["#{object.id}"], %{
descriptions: desc media_ids: ["#{object.id}"],
}) == [ descriptions: desc
},
user
) == [
Map.merge(object.data, %{"name" => "test-desc"}) Map.merge(object.data, %{"name" => "test-desc"})
] ]
end end
test "returns attachments without descs" do test "returns attachments without descs" do
object = insert(:note) user = insert(:user)
assert Utils.attachments_from_ids(%{media_ids: ["#{object.id}"]}) == [object.data] object = insert(:note, %{user: user})
assert Utils.attachments_from_ids(%{media_ids: ["#{object.id}"]}, user) == [object.data]
end end
test "returns [] when not pass media_ids" do test "returns [] when not pass media_ids" do
assert Utils.attachments_from_ids(%{}) == [] assert Utils.attachments_from_ids(%{}, nil) == []
end
test "returns [] when media_ids not belong to current user" do
user = insert(:user)
user2 = insert(:user)
object = insert(:attachment, %{user: user})
assert Utils.attachments_from_ids(%{media_ids: ["#{object.id}"]}, user2) == []
end end
end end

18
test/pleroma/web/common_api_test.exs
View File

@ -279,6 +279,24 @@ test "it reject messages via MRF" do
assert {:reject, "[KeywordPolicy] Matches with rejected keyword"} == assert {:reject, "[KeywordPolicy] Matches with rejected keyword"} ==
CommonAPI.post_chat_message(author, recipient, "GNO/Linux") CommonAPI.post_chat_message(author, recipient, "GNO/Linux")
end end
test "it reject messages with attachments not belonging to user" do
author = insert(:user)
not_author = insert(:user)
recipient = author
attachment = insert(:attachment, %{user: not_author})
{:error, message} =
CommonAPI.post_chat_message(
author,
recipient,
"123",
media_id: attachment.id
)
assert message == :forbidden
end
end end
describe "unblocking" do describe "unblocking" do

2
test/pleroma/web/mastodon_api/views/scheduled_activity_view_test.exs
View File

@ -48,7 +48,7 @@ test "A scheduled activity with a media attachment" do
id: to_string(scheduled_activity.id), id: to_string(scheduled_activity.id),
media_attachments: media_attachments:
%{media_ids: [upload.id]} %{media_ids: [upload.id]}
|> Utils.attachments_from_ids() |> Utils.attachments_from_ids(user)
|> Enum.map(&StatusView.render("attachment.json", %{attachment: &1})), |> Enum.map(&StatusView.render("attachment.json", %{attachment: &1})),
params: %{ params: %{
in_reply_to_id: to_string(activity.id), in_reply_to_id: to_string(activity.id),

2
test/pleroma/web/pleroma_api/views/chat_message_reference_view_test.exs
View File

@ -24,7 +24,7 @@ test "it displays a chat message" do
filename: "an_image.jpg" filename: "an_image.jpg"
} }
{:ok, upload} = ActivityPub.upload(file, actor: user.ap_id) {:ok, upload} = ActivityPub.upload(file, actor: recipient.ap_id)
{:ok, activity} = {:ok, activity} =
CommonAPI.post_chat_message(user, recipient, "kippis :firefox:", idempotency_key: "123") CommonAPI.post_chat_message(user, recipient, "kippis :firefox:", idempotency_key: "123")