Allow to dereference Follow object for ActivityPub (#5772)

* Allow to dereference Follow object for ActivityPub

* Accept IRI as object representation for Accept activity
signup-info-prompt
Akihiko Odaki 2018-01-04 02:08:57 +09:00 committed by Eugen Rochko
parent 53d99ebf4f
commit 161c72d66d
10 changed files with 134 additions and 31 deletions

View File

@ -0,0 +1,18 @@
# frozen_string_literal: true
class ActivityPub::FollowsController < Api::BaseController
include SignatureVerification
def show
render(
json: FollowRequest.includes(:account).references(:account).find_by!(
id: params.require(:id),
accounts: { domain: nil, username: params.require(:account_username) },
target_account: signed_request_account
),
serializer: ActivityPub::FollowSerializer,
adapter: ActivityPub::Adapter,
content_type: 'application/activity+json'
)
end
end

View File

@ -2,16 +2,18 @@
class ActivityPub::Activity::Accept < ActivityPub::Activity class ActivityPub::Activity::Accept < ActivityPub::Activity
def perform def perform
case @object['type'] if @object.respond_to?(:[]) &&
when 'Follow' @object['type'] == 'Follow' && @object['actor'].present?
accept_follow accept_follow_from @object['actor']
else
accept_follow_object @object
end end
end end
private private
def accept_follow def accept_follow_from(actor)
target_account = account_from_uri(target_uri) target_account = account_from_uri(value_or_id(actor))
return if target_account.nil? || !target_account.local? return if target_account.nil? || !target_account.local?
@ -19,7 +21,8 @@ class ActivityPub::Activity::Accept < ActivityPub::Activity
follow_request&.authorize! follow_request&.authorize!
end end
def target_uri def accept_follow_object(object)
@target_uri ||= value_or_id(@object['actor']) follow_request = ActivityPub::TagManager.instance.uri_to_resource(value_or_id(object), FollowRequest)
follow_request&.authorize!
end end
end end

View File

@ -28,6 +28,8 @@ class ActivityPub::TagManager
return target.uri if target.respond_to?(:local?) && !target.local? return target.uri if target.respond_to?(:local?) && !target.local?
case target.object_type case target.object_type
when :follow
account_follow_url(target.account.username, target)
when :person when :person
account_url(target) account_url(target)
when :note, :comment, :activity when :note, :comment, :activity
@ -97,6 +99,12 @@ class ActivityPub::TagManager
case klass.name case klass.name
when 'Account' when 'Account'
klass.find_local(uri_to_local_id(uri, :username)) klass.find_local(uri_to_local_id(uri, :username))
when 'FollowRequest'
params = Rails.application.routes.recognize_path(uri)
klass.joins(:account).find_by!(
accounts: { domain: nil, username: params[:account_username] },
id: params[:id]
)
else else
StatusFinder.new(uri).status StatusFinder.new(uri).status
end end

View File

@ -21,6 +21,10 @@ class FollowRequest < ApplicationRecord
validates :account_id, uniqueness: { scope: :target_account_id } validates :account_id, uniqueness: { scope: :target_account_id }
def object_type
:follow
end
def authorize! def authorize!
account.follow!(target_account, reblogs: show_reblogs) account.follow!(target_account, reblogs: show_reblogs)
MergeWorker.perform_async(target_account.id, account.id) MergeWorker.perform_async(target_account.id, account.id)

View File

@ -1,11 +1,12 @@
# frozen_string_literal: true # frozen_string_literal: true
class ActivityPub::FollowSerializer < ActiveModel::Serializer class ActivityPub::FollowSerializer < ActiveModel::Serializer
attributes :id, :type, :actor attributes :type, :actor
attribute :id, if: :dereferencable?
attribute :virtual_object, key: :object attribute :virtual_object, key: :object
def id def id
[ActivityPub::TagManager.instance.uri_for(object.account), '#follows/', object.id].join ActivityPub::TagManager.instance.uri_for(object)
end end
def type def type
@ -19,4 +20,8 @@ class ActivityPub::FollowSerializer < ActiveModel::Serializer
def virtual_object def virtual_object
ActivityPub::TagManager.instance.uri_for(object.target_account) ActivityPub::TagManager.instance.uri_for(object.target_account)
end end
def dereferencable?
object.respond_to?(:object_type)
end
end end

View File

@ -8,7 +8,7 @@
= fa_icon 'user-times' = fa_icon 'user-times'
= t('accounts.unfollow') = t('accounts.unfollow')
- else - else
= link_to account_follow_path(account), data: { method: :post }, class: 'icon-button' do = link_to account_follows_path(account), data: { method: :post }, class: 'icon-button' do
= fa_icon 'user-plus' = fa_icon 'user-plus'
= t('accounts.follow') = t('accounts.follow')
- elsif !user_signed_in? - elsif !user_signed_in?

View File

@ -54,7 +54,8 @@ Rails.application.routes.draw do
resources :followers, only: [:index], controller: :follower_accounts resources :followers, only: [:index], controller: :follower_accounts
resources :following, only: [:index], controller: :following_accounts resources :following, only: [:index], controller: :following_accounts
resource :follow, only: [:create], controller: :account_follow resources :follows, only: [:show], module: :activitypub
resource :follow, only: [:create], controller: :account_follow, as: :follows
resource :unfollow, only: [:create], controller: :account_unfollow resource :unfollow, only: [:create], controller: :account_unfollow
resource :outbox, only: [:show], module: :activitypub resource :outbox, only: [:show], module: :activitypub
resource :inbox, only: [:create], module: :activitypub resource :inbox, only: [:create], module: :activitypub

View File

@ -0,0 +1,43 @@
# frozen_string_literal: true
require 'rails_helper'
describe ActivityPub::FollowsController, type: :controller do
let(:follow_request) { Fabricate(:follow_request, account: account) }
render_views
context 'with local account' do
let(:account) { Fabricate(:account, domain: nil) }
it 'returns follow request' do
signed_request = Request.new(:get, account_follow_url(account, follow_request))
signed_request.on_behalf_of(follow_request.target_account)
request.headers.merge! signed_request.headers
get :show, params: { id: follow_request, account_username: account.username }
expect(body_as_json[:id]).to eq ActivityPub::TagManager.instance.uri_for(follow_request)
expect(response).to have_http_status :success
end
it 'returns http 404 without signature' do
get :show, params: { id: follow_request, account_username: account.username }
expect(response).to have_http_status 404
end
end
context 'with remote account' do
let(:account) { Fabricate(:account, domain: Faker::Internet.domain_name) }
it 'returns http 404' do
signed_request = Request.new(:get, account_follow_url(account, follow_request))
signed_request.on_behalf_of(follow_request.target_account)
request.headers.merge! signed_request.headers
get :show, params: { id: follow_request, account_username: account.username }
expect(response).to have_http_status 404
end
end
end

View File

@ -3,36 +3,49 @@ require 'rails_helper'
RSpec.describe ActivityPub::Activity::Accept do RSpec.describe ActivityPub::Activity::Accept do
let(:sender) { Fabricate(:account) } let(:sender) { Fabricate(:account) }
let(:recipient) { Fabricate(:account) } let(:recipient) { Fabricate(:account) }
let!(:follow_request) { Fabricate(:follow_request, account: recipient, target_account: sender) }
let(:json) do
{
'@context': 'https://www.w3.org/ns/activitystreams',
id: 'foo',
type: 'Accept',
actor: ActivityPub::TagManager.instance.uri_for(sender),
object: {
id: 'bar',
type: 'Follow',
actor: ActivityPub::TagManager.instance.uri_for(recipient),
object: ActivityPub::TagManager.instance.uri_for(sender),
},
}.with_indifferent_access
end
describe '#perform' do describe '#perform' do
subject { described_class.new(json, sender) } subject { described_class.new(json, sender) }
before do before do
Fabricate(:follow_request, account: recipient, target_account: sender)
subject.perform subject.perform
end end
it 'creates a follow relationship' do context 'with concerete object representation' do
expect(recipient.following?(sender)).to be true let(:json) do
{
'@context': 'https://www.w3.org/ns/activitystreams',
id: 'foo',
type: 'Accept',
actor: ActivityPub::TagManager.instance.uri_for(sender),
object: {
type: 'Follow',
actor: ActivityPub::TagManager.instance.uri_for(recipient),
object: ActivityPub::TagManager.instance.uri_for(sender),
},
}.with_indifferent_access
end
it 'creates a follow relationship' do
expect(recipient.following?(sender)).to be true
end
end end
it 'removes the follow request' do context 'with object represented by id' do
expect(recipient.requested?(sender)).to be false let(:json) do
{
'@context': 'https://www.w3.org/ns/activitystreams',
id: 'foo',
type: 'Accept',
actor: ActivityPub::TagManager.instance.uri_for(sender),
object: ActivityPub::TagManager.instance.uri_for(follow_request),
}.with_indifferent_access
end
it 'creates a follow relationship' do
expect(recipient.following?(sender)).to be true
end
end end
end end
end end

View File

@ -27,4 +27,12 @@ RSpec.describe FollowRequest, type: :model do
expect(follow_request.account.muting_reblogs?(target)).to be true expect(follow_request.account.muting_reblogs?(target)).to be true
end end
end end
describe '#object_type' do
let(:follow_request) { Fabricate(:follow_request) }
it 'equals to :follow' do
expect(follow_request.object_type).to eq :follow
end
end
end end