From d4cf963749d2f6bb8e47a670e8cc4819ff659f49 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 25 Oct 2018 18:12:22 +0200 Subject: [PATCH] Allow inbox owner to view implicitly targeted ActivityPub payload (#9093) Fix #9091 --- app/controllers/activitypub/inboxes_controller.rb | 2 +- app/lib/activitypub/activity/create.rb | 13 ++++++++++++- app/workers/activitypub/processing_worker.rb | 4 ++-- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/app/controllers/activitypub/inboxes_controller.rb b/app/controllers/activitypub/inboxes_controller.rb index af51e32d5d..8f5e1887ea 100644 --- a/app/controllers/activitypub/inboxes_controller.rb +++ b/app/controllers/activitypub/inboxes_controller.rb @@ -36,6 +36,6 @@ class ActivityPub::InboxesController < Api::BaseController end def process_payload - ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body.force_encoding('UTF-8')) + ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body.force_encoding('UTF-8'), @account&.id) end end diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb index 7e6702a634..92cdf45787 100644 --- a/app/lib/activitypub/activity/create.rb +++ b/app/lib/activitypub/activity/create.rb @@ -81,11 +81,22 @@ class ActivityPub::Activity::Create < ActivityPub::Activity @mentions << Mention.new(account: account, silent: true) # If there is at least one silent mention, then the status can be considered - # as a limited-audience status, and not strictly a direct message + # as a limited-audience status, and not strictly a direct message, but only + # if we considered a direct message in the first place next unless @params[:visibility] == :direct @params[:visibility] = :limited end + + # If the payload was delivered to a specific inbox, the inbox owner must have + # access to it, unless they already have access to it anyway + return if @options[:delivered_to_account_id].nil? || @mentions.any? { mention.account_id == @options[:delivered_to_account_id] } + + @mentions << Mention.new(account_id: @options[:delivered_to_account_id], silent: true) + + return unless @param[:visibility] == :direct + + @params[:visibility] = :limited end def attach_tags(status) diff --git a/app/workers/activitypub/processing_worker.rb b/app/workers/activitypub/processing_worker.rb index 0e2e0edddb..a8a3ebf0f5 100644 --- a/app/workers/activitypub/processing_worker.rb +++ b/app/workers/activitypub/processing_worker.rb @@ -5,7 +5,7 @@ class ActivityPub::ProcessingWorker sidekiq_options backtrace: true - def perform(account_id, body) - ActivityPub::ProcessCollectionService.new.call(body, Account.find(account_id), override_timestamps: true) + def perform(account_id, body, delivered_to_account_id = nil) + ActivityPub::ProcessCollectionService.new.call(body, Account.find(account_id), override_timestamps: true, delivered_to_account_id: delivered_to_account_id) end end