SuperSeriousBusiness/GoToSocial
1
1
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial synced 2025-06-05 21:59:39 +02:00
Code Issues Projects Releases Wiki Activity

[bugfix] Prevent URL + URI for same account being used as alias target (#2545)

Browse Source 
* [bugfix] Ensure URL and URI for same account can't both be provided as alias

* test whoopsie from previous PR
This commit is contained in:
tobi
2024-01-20 12:45:43 +01:00
committed by GitHub
parent 33dbd3ab7a
commit b2cacd6b01
3 changed files with 32 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
internal/processing/account/alias.go
View File

@@ -96,26 +96,21 @@ func (p *Processor) Alias(
newAKAs[i].str = newAKAURI.String()
}
// Dedupe the URI/string pairs.
newAKAs = util.DeduplicateFunc(
newAKAs,
func(v uri) string {
return v.str
},
)
// For each deduped entry, get and
// check the target account, and set.
for _, newAKA := range newAKAs {
// Don't let account do anything
// daft by aliasing to itself.
if newAKA.str == account.URI {
if newAKA.str == account.URI ||
newAKA.str == account.URL {
continue
}
// Ensure we have a valid, up-to-date
// representation of the target account.
targetAccount, _, err := p.federator.GetAccountByURI(ctx, account.Username, newAKA.uri)
// Ensure we have account dereferenced.
targetAccount, _, err := p.federator.GetAccountByURI(ctx,
account.Username,
newAKA.uri,
)
if err != nil {
err := fmt.Errorf(
"error dereferencing also_known_as_uri (%s) account: %w",
@@ -124,7 +119,7 @@ func (p *Processor) Alias(
return nil, gtserror.NewErrorUnprocessableEntity(err, err.Error())
}
// Alias target must not be suspended.
// Target must not be suspended.
if !targetAccount.SuspendedAt.IsZero() {
err := fmt.Errorf(
"target account %s is suspended from this instance; "+
@@ -135,10 +130,21 @@ func (p *Processor) Alias(
}
// Alrighty-roo, looks good, add this one.
account.AlsoKnownAsURIs = append(account.AlsoKnownAsURIs, newAKA.str)
account.AlsoKnownAsURIs = append(account.AlsoKnownAsURIs, targetAccount.URI)
account.AlsoKnownAs = append(account.AlsoKnownAs, targetAccount)
}
// Dedupe URIs + accounts, in case someone
// provided both an account URL and an
// account URI above, for the same account.
account.AlsoKnownAsURIs = util.Deduplicate(account.AlsoKnownAsURIs)
account.AlsoKnownAs = util.DeduplicateFunc(
account.AlsoKnownAs,
func(a *gtsmodel.Account) string {
return a.URI
},
)
err := p.state.DB.UpdateAccount(ctx, account, "also_known_as_uris")
if err != nil {
err := gtserror.Newf("db error updating also_known_as_uri: %w", err)