[bugfix] check remote status permissibility (#2703)

* add more stringent checks for remote status permissibility

* add check for inreplyto of a remote status being a boost

* do not permit inReplyTo boost wrapper statuses

* change comment wording

* fix calls to NewFederator()

* add code comments for NotPermitted() and SetNotPermitted()

* improve comment

* check that existing != nil before attempting delete

* ensure replying account isn't suspended

* use a debug log instead of info. check for boost using ID

* shorten log string length. make info level

* add note that replying to boost wrapper status shouldn't be able to happen anyways

* update to use onFail() function
This commit is contained in:
kim
2024-03-04 12:30:12 +00:00
committed by GitHub
parent f487fc5d4b
commit d85727e184
9 changed files with 154 additions and 16 deletions

View File

@ -90,9 +90,17 @@ func (suite *FromFediAPITestSuite) TestProcessReplyMention() {
replyingAccount := suite.testAccounts["remote_account_1"]
// Set the replyingAccount's last fetched_at
// date to something recent so no refresh is attempted.
// date to something recent so no refresh is attempted,
// and ensure it isn't a suspended account.
replyingAccount.FetchedAt = time.Now()
err := suite.state.DB.UpdateAccount(context.Background(), replyingAccount, "fetched_at")
replyingAccount.SuspendedAt = time.Time{}
replyingAccount.SuspensionOrigin = ""
err := suite.state.DB.UpdateAccount(context.Background(),
replyingAccount,
"fetched_at",
"suspended_at",
"suspension_origin",
)
suite.NoError(err)
// Get replying statusable to use from remote test statuses.