Do not allow adding votes to expired polls (#10214)

* Do not allow adding votes to expired polls

* Only validate expires_at on create
lolsob-rspec
ThibG 2019-03-08 00:54:50 +01:00 committed by Eugen Rochko
parent b7a8a52bc5
commit dcbe6c16ba
4 changed files with 26 additions and 1 deletions

View File

@ -241,6 +241,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
def poll_vote? def poll_vote?
return false if replied_to_status.nil? || replied_to_status.poll.nil? || !replied_to_status.local? || !replied_to_status.poll.options.include?(@object['name']) return false if replied_to_status.nil? || replied_to_status.poll.nil? || !replied_to_status.local? || !replied_to_status.poll.options.include?(@object['name'])
return true if replied_to_status.poll.expired?
replied_to_status.poll.votes.create!(account: @account, choice: replied_to_status.poll.options.index(@object['name']), uri: @object['id']) replied_to_status.poll.votes.create!(account: @account, choice: replied_to_status.poll.options.index(@object['name']), uri: @object['id'])
end end

View File

@ -28,7 +28,7 @@ class Poll < ApplicationRecord
validates :options, presence: true validates :options, presence: true
validates :expires_at, presence: true, if: :local? validates :expires_at, presence: true, if: :local?
validates_with PollValidator, if: :local? validates_with PollValidator, on: :create, if: :local?
scope :attached, -> { where.not(status_id: nil) } scope :attached, -> { where.not(status_id: nil) }
scope :unattached, -> { where(status_id: nil) } scope :unattached, -> { where(status_id: nil) }

View File

@ -11,6 +11,8 @@ class VoteService < BaseService
@choices = choices @choices = choices
@votes = [] @votes = []
return if @poll.expired?
ApplicationRecord.transaction do ApplicationRecord.transaction do
@choices.each do |choice| @choices.each do |choice|
@votes << @poll.votes.create!(account: @account, choice: choice) @votes << @poll.votes.create!(account: @account, choice: choice)

View File

@ -482,6 +482,28 @@ RSpec.describe ActivityPub::Activity::Create do
expect(poll.reload.cached_tallies).to eq [1, 0] expect(poll.reload.cached_tallies).to eq [1, 0]
end end
end end
context 'when a vote to an expired local poll' do
let(:poll) do
poll = Fabricate.build(:poll, options: %w(Yellow Blue), expires_at: 1.day.ago)
poll.save(validate: false)
poll
end
let!(:local_status) { Fabricate(:status, owned_poll: poll) }
let(:object_json) do
{
id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join,
type: 'Note',
name: 'Yellow',
inReplyTo: ActivityPub::TagManager.instance.uri_for(local_status)
}
end
it 'does not add a vote to the poll' do
expect(poll.votes.first).to be_nil
end
end
end end
context 'when sender is followed by local users' do context 'when sender is followed by local users' do