notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/federation] Ensure pinned notes belong to the actor whose collection they're contained in

Browse source
This commit is contained in:
Laura Hausmann 2024-04-16 02:50:29 +02:00
parent a56d7f521c
commit 07f79ae77b
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Iceshrimp.Backend/Core/Services/NoteService.cs
View file

@ -701,7 +701,7 @@ public class NoteService(
.FirstOrDefaultAsync(p => p.Uri == note.Id);
if (dbNote == null) return await ProcessNoteAsync(note, actor);
logger.LogDebug("Processing note update {id} for note {noteId}", note.Id, dbNote.Id);
if (dbNote.User != actor)
@ -1237,8 +1237,11 @@ public class NoteService(
if (previousPins.SequenceEqual(notes.Where(p => p != null).Cast<Note>().Select(p => p.Id))) return;
var pins = notes.Where(p => p != null)
.Cast<Note>()
if (notes.OfType<Note>().Any(p => p.User != user))
throw GracefulException
.UnprocessableEntity("Refusing to ingest pinned notes attributed to different actor");
var pins = notes.OfType<Note>()
.Select(p => new UserNotePin
{
Id = IdHelpers.GenerateSlowflakeId(),