Mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2024-10-31 22:40:01 +00:00
Code Issues Projects Releases Packages Wiki Activity

[bugfix] Stop some statuses from being home timelined when they shouldn't be (#585)

Browse source 
* recursively check timelineability of parent status

* check following status creator

* add tests for hometimelineability (whew)

* add test with mix of public + unlocked vis
This commit is contained in:
tobi 2022-05-18 23:23:49 +02:00 committed by GitHub
parent b2810fedf2
commit 62d4d756d3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 328 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
internal/visibility/statushometimelineable.go
View file

@ -33,7 +33,7 @@ func (f *filter) StatusHometimelineable(ctx context.Context, targetStatus *gtsmo
}) })
// status owner should always be able to see their own status in their timeline so we can return early if this is the case // status owner should always be able to see their own status in their timeline so we can return early if this is the case
if timelineOwnerAccount != nil && targetStatus.AccountID == timelineOwnerAccount.ID { if targetStatus.AccountID == timelineOwnerAccount.ID {
return true, nil return true, nil
} }
@ -54,13 +54,29 @@ func (f *filter) StatusHometimelineable(ctx context.Context, targetStatus *gtsmo
} }
} }
// check we follow the originator of the status
if targetStatus.Account == nil {
tsa, err := f.db.GetAccountByID(ctx, targetStatus.AccountID)
if err != nil {
return false, fmt.Errorf("StatusHometimelineable: error getting status author account with id %s: %s", targetStatus.AccountID, err)
}
targetStatus.Account = tsa
}
following, err := f.db.IsFollowing(ctx, timelineOwnerAccount, targetStatus.Account)
if err != nil {
return false, fmt.Errorf("StatusHometimelineable: error checking if %s follows %s: %s", timelineOwnerAccount.ID, targetStatus.AccountID, err)
}
if !following {
return false, nil
}
// Don't timeline a status whose parent hasn't been dereferenced yet or can't be dereferenced. // Don't timeline a status whose parent hasn't been dereferenced yet or can't be dereferenced.
// If we have the reply to URI but don't have an ID for the replied-to account or the replied-to status in our database, we haven't dereferenced it yet. // If we have the reply to URI but don't have an ID for the replied-to account or the replied-to status in our database, we haven't dereferenced it yet.
if targetStatus.InReplyToURI != "" && (targetStatus.InReplyToID == "" || targetStatus.InReplyToAccountID == "") { if targetStatus.InReplyToURI != "" && (targetStatus.InReplyToID == "" || targetStatus.InReplyToAccountID == "") {
return false, nil return false, nil
} }
// if a status replies to an ID we know in the database, we need to make sure we also follow the replied-to status owner account // if a status replies to an ID we know in the database, we need to check that parent status too
if targetStatus.InReplyToID != "" { if targetStatus.InReplyToID != "" {
// pin the reply to status on to this status if it hasn't been done already // pin the reply to status on to this status if it hasn't been done already
if targetStatus.InReplyTo == nil { if targetStatus.InReplyTo == nil {
@ -81,18 +97,16 @@ func (f *filter) StatusHometimelineable(ctx context.Context, targetStatus *gtsmo
} }
// if it's a reply to the timelineOwnerAccount, we don't need to check if the timelineOwnerAccount follows itself, just return true, they can see it // if it's a reply to the timelineOwnerAccount, we don't need to check if the timelineOwnerAccount follows itself, just return true, they can see it
if targetStatus.AccountID == timelineOwnerAccount.ID { if targetStatus.InReplyToAccountID == timelineOwnerAccount.ID {
return true, nil return true, nil
} }
// the replied-to account != timelineOwnerAccount, so make sure the timelineOwnerAccount follows the replied-to account // make sure the parent status is also home timelineable, otherwise we shouldn't timeline this one either
follows, err := f.db.IsFollowing(ctx, timelineOwnerAccount, targetStatus.InReplyToAccount) parentStatusTimelineable, err := f.StatusHometimelineable(ctx, targetStatus.InReplyTo, timelineOwnerAccount)
if err != nil { if err != nil {
return false, fmt.Errorf("StatusHometimelineable: error checking follow from account %s to account %s: %s", timelineOwnerAccount.ID, targetStatus.InReplyToAccountID, err) return false, fmt.Errorf("StatusHometimelineable: error checking timelineability of parent status %s of status %s: %s", targetStatus.InReplyToID, targetStatus.ID, err)
} }
if !parentStatusTimelineable {
// we don't want to timeline a reply to a status whose owner isn't followed by the requesting account
if !follows {
return false, nil return false, nil
} }
} }

305
internal/visibility/statushometimelineable_test.go Normal file
View file

@ -0,0 +1,305 @@
/*
GoToSocial
Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package visibility_test
import (
"context"
"testing"
"github.com/stretchr/testify/suite"
"github.com/superseriousbusiness/gotosocial/internal/ap"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/testrig"
)
type StatusStatusHometimelineableTestSuite struct {
FilterStandardTestSuite
}
func (suite *StatusStatusHometimelineableTestSuite) TestOwnStatusHometimelineable() {
testStatus := suite.testStatuses["local_account_1_status_1"]
testAccount := suite.testAccounts["local_account_1"]
ctx := context.Background()
timelineable, err := suite.filter.StatusHometimelineable(ctx, testStatus, testAccount)
suite.NoError(err)
suite.True(timelineable)
}
func (suite *StatusStatusHometimelineableTestSuite) TestFollowingStatusHometimelineable() {
testStatus := suite.testStatuses["local_account_2_status_1"]
testAccount := suite.testAccounts["local_account_1"]
ctx := context.Background()
timelineable, err := suite.filter.StatusHometimelineable(ctx, testStatus, testAccount)
suite.NoError(err)
suite.True(timelineable)
}
func (suite *StatusStatusHometimelineableTestSuite) TestNotFollowingStatusHometimelineable() {
testStatus := suite.testStatuses["remote_account_1_status_1"]
testAccount := suite.testAccounts["local_account_1"]
ctx := context.Background()
timelineable, err := suite.filter.StatusHometimelineable(ctx, testStatus, testAccount)
suite.NoError(err)
suite.False(timelineable)
}
func (suite *StatusStatusHometimelineableTestSuite) TestChainReplyFollowersOnly() {
ctx := context.Background()
// This scenario makes sure that we don't timeline a status which is a followers-only
// reply to a followers-only status TO A FOLLOWERS-ONLY STATUS owned by someone the
// timeline owner account doesn't follow.
//
// In other words, remote_account_1 posts a followers-only status, which local_account_1 replies to;
// THEN, local_account_1 replies to their own reply. We don't want this last status to appear
// in the timeline of local_account_2, even though they follow local_account_1, because they
// *don't* follow remote_account_1.
//
// See: https://github.com/superseriousbusiness/gotosocial/issues/501
originalStatusParent := suite.testAccounts["remote_account_1"]
replyingAccount := suite.testAccounts["local_account_1"]
timelineOwnerAccount := suite.testAccounts["local_account_2"]
// put a followers-only status by remote_account_1 in the db
originalStatus := &gtsmodel.Status{
ID: "01G3957TS7XE2CMDKFG3MZPWAF",
URI: "http://fossbros-anonymous.io/users/foss_satan/statuses/01G3957TS7XE2CMDKFG3MZPWAF",
URL: "http://fossbros-anonymous.io/@foss_satan/statuses/01G3957TS7XE2CMDKFG3MZPWAF",
Content: "didn't expect dog",
CreatedAt: testrig.TimeMustParse("2021-09-20T12:40:37+02:00"),
UpdatedAt: testrig.TimeMustParse("2021-09-20T12:40:37+02:00"),
Local: false,
AccountURI: "http://fossbros-anonymous.io/users/foss_satan",
AccountID: originalStatusParent.ID,
InReplyToID: "",
InReplyToAccountID: "",
InReplyToURI: "",
BoostOfID: "",
ContentWarning: "",
Visibility: gtsmodel.VisibilityFollowersOnly,
Sensitive: false,
Language: "en",
CreatedWithApplicationID: "",
Federated: true,
Boostable: true,
Replyable: true,
Likeable: true,
ActivityStreamsType: ap.ObjectNote,
}
if err := suite.db.PutStatus(ctx, originalStatus); err != nil {
suite.FailNow(err.Error())
}
// this status should not be hometimelineable for local_account_2
originalStatusTimelineable, err := suite.filter.StatusHometimelineable(ctx, originalStatus, timelineOwnerAccount)
suite.NoError(err)
suite.False(originalStatusTimelineable)
// now a followers-only reply from zork
firstReplyStatus := &gtsmodel.Status{
ID: "01G395ESAYPK9161QSQEZKATJN",
URI: "http://localhost:8080/users/the_mighty_zork/statuses/01G395ESAYPK9161QSQEZKATJN",
URL: "http://localhost:8080/@the_mighty_zork/statuses/01G395ESAYPK9161QSQEZKATJN",
Content: "nbnbdy expects dog",
CreatedAt: testrig.TimeMustParse("2021-09-20T12:41:37+02:00"),
UpdatedAt: testrig.TimeMustParse("2021-09-20T12:41:37+02:00"),
Local: false,
AccountURI: "http://localhost:8080/users/the_mighty_zork",
AccountID: replyingAccount.ID,
InReplyToID: originalStatus.ID,
InReplyToAccountID: originalStatusParent.ID,
InReplyToURI: originalStatus.URI,
BoostOfID: "",
ContentWarning: "",
Visibility: gtsmodel.VisibilityFollowersOnly,
Sensitive: false,
Language: "en",
CreatedWithApplicationID: "",
Federated: true,
Boostable: true,
Replyable: true,
Likeable: true,
ActivityStreamsType: ap.ObjectNote,
}
if err := suite.db.PutStatus(ctx, firstReplyStatus); err != nil {
suite.FailNow(err.Error())
}
// this status should not be hometimelineable for local_account_2
firstReplyStatusTimelineable, err := suite.filter.StatusHometimelineable(ctx, firstReplyStatus, timelineOwnerAccount)
suite.NoError(err)
suite.False(firstReplyStatusTimelineable)
// now a followers-only reply from zork to the status they just replied to
secondReplyStatus := &gtsmodel.Status{
ID: "01G395NZQZGJYRBAES57KYZ7XP",
URI: "http://localhost:8080/users/the_mighty_zork/statuses/01G395NZQZGJYRBAES57KYZ7XP",
URL: "http://localhost:8080/@the_mighty_zork/statuses/01G395NZQZGJYRBAES57KYZ7XP",
Content: "*nobody",
CreatedAt: testrig.TimeMustParse("2021-09-20T12:42:37+02:00"),
UpdatedAt: testrig.TimeMustParse("2021-09-20T12:42:37+02:00"),
Local: false,
AccountURI: "http://localhost:8080/users/the_mighty_zork",
AccountID: replyingAccount.ID,
InReplyToID: firstReplyStatus.ID,
InReplyToAccountID: replyingAccount.ID,
InReplyToURI: firstReplyStatus.URI,
BoostOfID: "",
ContentWarning: "",
Visibility: gtsmodel.VisibilityFollowersOnly,
Sensitive: false,
Language: "en",
CreatedWithApplicationID: "",
Federated: true,
Boostable: true,
Replyable: true,
Likeable: true,
ActivityStreamsType: ap.ObjectNote,
}
if err := suite.db.PutStatus(ctx, secondReplyStatus); err != nil {
suite.FailNow(err.Error())
}
// this status should ALSO not be hometimelineable for local_account_2
secondReplyStatusTimelineable, err := suite.filter.StatusHometimelineable(ctx, secondReplyStatus, timelineOwnerAccount)
suite.NoError(err)
suite.False(secondReplyStatusTimelineable)
}
func (suite *StatusStatusHometimelineableTestSuite) TestChainReplyPublicAndUnlocked() {
ctx := context.Background()
// This scenario is exactly the same as the above test, but for a mix of unlocked + public posts
originalStatusParent := suite.testAccounts["remote_account_1"]
replyingAccount := suite.testAccounts["local_account_1"]
timelineOwnerAccount := suite.testAccounts["local_account_2"]
// put an unlocked status by remote_account_1 in the db
originalStatus := &gtsmodel.Status{
ID: "01G3957TS7XE2CMDKFG3MZPWAF",
URI: "http://fossbros-anonymous.io/users/foss_satan/statuses/01G3957TS7XE2CMDKFG3MZPWAF",
URL: "http://fossbros-anonymous.io/@foss_satan/statuses/01G3957TS7XE2CMDKFG3MZPWAF",
Content: "didn't expect dog",
CreatedAt: testrig.TimeMustParse("2021-09-20T12:40:37+02:00"),
UpdatedAt: testrig.TimeMustParse("2021-09-20T12:40:37+02:00"),
Local: false,
AccountURI: "http://fossbros-anonymous.io/users/foss_satan",
AccountID: originalStatusParent.ID,
InReplyToID: "",
InReplyToAccountID: "",
InReplyToURI: "",
BoostOfID: "",
ContentWarning: "",
Visibility: gtsmodel.VisibilityUnlocked,
Sensitive: false,
Language: "en",
CreatedWithApplicationID: "",
Federated: true,
Boostable: true,
Replyable: true,
Likeable: true,
ActivityStreamsType: ap.ObjectNote,
}
if err := suite.db.PutStatus(ctx, originalStatus); err != nil {
suite.FailNow(err.Error())
}
// this status should not be hometimelineable for local_account_2
originalStatusTimelineable, err := suite.filter.StatusHometimelineable(ctx, originalStatus, timelineOwnerAccount)
suite.NoError(err)
suite.False(originalStatusTimelineable)
// now a public reply from zork
firstReplyStatus := &gtsmodel.Status{
ID: "01G395ESAYPK9161QSQEZKATJN",
URI: "http://localhost:8080/users/the_mighty_zork/statuses/01G395ESAYPK9161QSQEZKATJN",
URL: "http://localhost:8080/@the_mighty_zork/statuses/01G395ESAYPK9161QSQEZKATJN",
Content: "nbnbdy expects dog",
CreatedAt: testrig.TimeMustParse("2021-09-20T12:41:37+02:00"),
UpdatedAt: testrig.TimeMustParse("2021-09-20T12:41:37+02:00"),
Local: false,
AccountURI: "http://localhost:8080/users/the_mighty_zork",
AccountID: replyingAccount.ID,
InReplyToID: originalStatus.ID,
InReplyToAccountID: originalStatusParent.ID,
InReplyToURI: originalStatus.URI,
BoostOfID: "",
ContentWarning: "",
Visibility: gtsmodel.VisibilityPublic,
Sensitive: false,
Language: "en",
CreatedWithApplicationID: "",
Federated: true,
Boostable: true,
Replyable: true,
Likeable: true,
ActivityStreamsType: ap.ObjectNote,
}
if err := suite.db.PutStatus(ctx, firstReplyStatus); err != nil {
suite.FailNow(err.Error())
}
// this status should not be hometimelineable for local_account_2
firstReplyStatusTimelineable, err := suite.filter.StatusHometimelineable(ctx, firstReplyStatus, timelineOwnerAccount)
suite.NoError(err)
suite.False(firstReplyStatusTimelineable)
// now an unlocked reply from zork to the status they just replied to
secondReplyStatus := &gtsmodel.Status{
ID: "01G395NZQZGJYRBAES57KYZ7XP",
URI: "http://localhost:8080/users/the_mighty_zork/statuses/01G395NZQZGJYRBAES57KYZ7XP",
URL: "http://localhost:8080/@the_mighty_zork/statuses/01G395NZQZGJYRBAES57KYZ7XP",
Content: "*nobody",
CreatedAt: testrig.TimeMustParse("2021-09-20T12:42:37+02:00"),
UpdatedAt: testrig.TimeMustParse("2021-09-20T12:42:37+02:00"),
Local: false,
AccountURI: "http://localhost:8080/users/the_mighty_zork",
AccountID: replyingAccount.ID,
InReplyToID: firstReplyStatus.ID,
InReplyToAccountID: replyingAccount.ID,
InReplyToURI: firstReplyStatus.URI,
BoostOfID: "",
ContentWarning: "",
Visibility: gtsmodel.VisibilityUnlocked,
Sensitive: false,
Language: "en",
CreatedWithApplicationID: "",
Federated: true,
Boostable: true,
Replyable: true,
Likeable: true,
ActivityStreamsType: ap.ObjectNote,
}
if err := suite.db.PutStatus(ctx, secondReplyStatus); err != nil {
suite.FailNow(err.Error())
}
// this status should ALSO not be hometimelineable for local_account_2
secondReplyStatusTimelineable, err := suite.filter.StatusHometimelineable(ctx, secondReplyStatus, timelineOwnerAccount)
suite.NoError(err)
suite.False(secondReplyStatusTimelineable)
}
func TestStatusHometimelineableTestSuite(t *testing.T) {
suite.Run(t, new(StatusStatusHometimelineableTestSuite))
}