[ActivityPub] Fix handling of Delete Activity

inbox_handler:
- Call stronger validation method for Delete Activity objects
- Take into account mixed object in handle_delete

Activitypub_delete:
- Add validation method for Delete Activity objects
This commit is contained in:
tenma 2019-08-08 17:21:56 +01:00 committed by Diogo Peralta Cordeiro
parent 489cab0f87
commit b4b5d3e009
2 changed files with 40 additions and 5 deletions

View File

@ -39,12 +39,12 @@ class Activitypub_delete extends Managed_DataObject
/** /**
* Generates an ActivityPub representation of a Delete * Generates an ActivityPub representation of a Delete
* *
* @param $actor * @param string $actor actor URI
* @param array $object * @param string $object object URI
* @return array pretty array to be used in a response * @return array pretty array to be used in a response
* @author Diogo Cordeiro <diogo@fc.up.pt> * @author Diogo Cordeiro <diogo@fc.up.pt>
*/ */
public static function delete_to_array($actor, $object) public static function delete_to_array(string $actor, string $object): array
{ {
$res = [ $res = [
'@context' => 'https://www.w3.org/ns/activitystreams', '@context' => 'https://www.w3.org/ns/activitystreams',
@ -55,4 +55,33 @@ class Activitypub_delete extends Managed_DataObject
]; ];
return $res; return $res;
} }
/**
* Verifies if a given object is acceptable for a Delete Activity.
*
* @param array|string $object
* @return bool
* @throws Exception
* @author Bruno Casteleiro <brunoccast@fc.up.pt>
*/
public static function validate_object($object): bool
{
if (!is_array($object)) {
if (!filter_var($object, FILTER_VALIDATE_URL)) {
throw new Exception('Object is not a valid Object URI for Activity.');
}
} else {
if (!isset($object['type'])) {
throw new Exception('Object type was not specified for Delete Activity.');
} else if ($object['type'] !== "Tombstone") {
throw new Exception('Invalid Object type for Delete Activity.');
}
if (!isset($object['id'])) {
throw new Exception('Object id was not specified for Delete Activity.');
}
}
return true;
}
} }

View File

@ -96,6 +96,8 @@ class Activitypub_inbox_handler
Activitypub_create::validate_object($this->object); Activitypub_create::validate_object($this->object);
break; break;
case 'Delete': case 'Delete':
Activitypub_delete::validate_object($this->object);
break;
case 'Follow': case 'Follow':
case 'Like': case 'Like':
case 'Announce': case 'Announce':
@ -207,12 +209,16 @@ class Activitypub_inbox_handler
* Handles a Delete Activity received by our inbox. * Handles a Delete Activity received by our inbox.
* *
* @param Profile $actor Actor * @param Profile $actor Actor
* @param array $object Activity * @param array|string $object Activity's object
* @throws AuthorizationException * @throws AuthorizationException
* @author Diogo Cordeiro <diogo@fc.up.pt> * @author Diogo Cordeiro <diogo@fc.up.pt>
*/ */
private function handle_delete($actor, $object) private function handle_delete(Profile $actor, $object)
{ {
if (is_array($object)) {
$object = $object['id'];
}
// some moderator could already have deleted the // some moderator could already have deleted the
// notice, so we test it first // notice, so we test it first
try { try {