[ActivityPub] Fix handling of Delete Activity
inbox_handler: - Call stronger validation method for Delete Activity objects - Take into account mixed object in handle_delete Activitypub_delete: - Add validation method for Delete Activity objects
This commit is contained in:
parent
489cab0f87
commit
b4b5d3e009
|
@ -39,12 +39,12 @@ class Activitypub_delete extends Managed_DataObject
|
||||||
/**
|
/**
|
||||||
* Generates an ActivityPub representation of a Delete
|
* Generates an ActivityPub representation of a Delete
|
||||||
*
|
*
|
||||||
* @param $actor
|
* @param string $actor actor URI
|
||||||
* @param array $object
|
* @param string $object object URI
|
||||||
* @return array pretty array to be used in a response
|
* @return array pretty array to be used in a response
|
||||||
* @author Diogo Cordeiro <diogo@fc.up.pt>
|
* @author Diogo Cordeiro <diogo@fc.up.pt>
|
||||||
*/
|
*/
|
||||||
public static function delete_to_array($actor, $object)
|
public static function delete_to_array(string $actor, string $object): array
|
||||||
{
|
{
|
||||||
$res = [
|
$res = [
|
||||||
'@context' => 'https://www.w3.org/ns/activitystreams',
|
'@context' => 'https://www.w3.org/ns/activitystreams',
|
||||||
|
@ -55,4 +55,33 @@ class Activitypub_delete extends Managed_DataObject
|
||||||
];
|
];
|
||||||
return $res;
|
return $res;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Verifies if a given object is acceptable for a Delete Activity.
|
||||||
|
*
|
||||||
|
* @param array|string $object
|
||||||
|
* @return bool
|
||||||
|
* @throws Exception
|
||||||
|
* @author Bruno Casteleiro <brunoccast@fc.up.pt>
|
||||||
|
*/
|
||||||
|
public static function validate_object($object): bool
|
||||||
|
{
|
||||||
|
if (!is_array($object)) {
|
||||||
|
if (!filter_var($object, FILTER_VALIDATE_URL)) {
|
||||||
|
throw new Exception('Object is not a valid Object URI for Activity.');
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (!isset($object['type'])) {
|
||||||
|
throw new Exception('Object type was not specified for Delete Activity.');
|
||||||
|
} else if ($object['type'] !== "Tombstone") {
|
||||||
|
throw new Exception('Invalid Object type for Delete Activity.');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!isset($object['id'])) {
|
||||||
|
throw new Exception('Object id was not specified for Delete Activity.');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -96,6 +96,8 @@ class Activitypub_inbox_handler
|
||||||
Activitypub_create::validate_object($this->object);
|
Activitypub_create::validate_object($this->object);
|
||||||
break;
|
break;
|
||||||
case 'Delete':
|
case 'Delete':
|
||||||
|
Activitypub_delete::validate_object($this->object);
|
||||||
|
break;
|
||||||
case 'Follow':
|
case 'Follow':
|
||||||
case 'Like':
|
case 'Like':
|
||||||
case 'Announce':
|
case 'Announce':
|
||||||
|
@ -207,12 +209,16 @@ class Activitypub_inbox_handler
|
||||||
* Handles a Delete Activity received by our inbox.
|
* Handles a Delete Activity received by our inbox.
|
||||||
*
|
*
|
||||||
* @param Profile $actor Actor
|
* @param Profile $actor Actor
|
||||||
* @param array $object Activity
|
* @param array|string $object Activity's object
|
||||||
* @throws AuthorizationException
|
* @throws AuthorizationException
|
||||||
* @author Diogo Cordeiro <diogo@fc.up.pt>
|
* @author Diogo Cordeiro <diogo@fc.up.pt>
|
||||||
*/
|
*/
|
||||||
private function handle_delete($actor, $object)
|
private function handle_delete(Profile $actor, $object)
|
||||||
{
|
{
|
||||||
|
if (is_array($object)) {
|
||||||
|
$object = $object['id'];
|
||||||
|
}
|
||||||
|
|
||||||
// some moderator could already have deleted the
|
// some moderator could already have deleted the
|
||||||
// notice, so we test it first
|
// notice, so we test it first
|
||||||
try {
|
try {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user