From 6e65da782e6c448c6fa1901303bfe3dc5bdd7e13 Mon Sep 17 00:00:00 2001
From: Ariadne Conill <ariadne@dereferenced.org>
Date: Fri, 8 Nov 2019 14:51:28 -0600
Subject: [PATCH] object containment: handle all cases where ID is invalid
 (missing, nil, non-string)

---
 lib/pleroma/object/containment.ex |  6 +++---
 test/object/containment_test.exs  | 14 ++++++++++++++
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/lib/pleroma/object/containment.ex b/lib/pleroma/object/containment.ex
index f077a9f32..5f9d75231 100644
--- a/lib/pleroma/object/containment.ex
+++ b/lib/pleroma/object/containment.ex
@@ -51,9 +51,7 @@ def contain_origin(id, %{"actor" => _actor} = params) do
   def contain_origin(id, %{"attributedTo" => actor} = params),
     do: contain_origin(id, Map.put(params, "actor", actor))
 
-  def contain_origin_from_id(_id, %{"id" => nil}), do: :error
-
-  def contain_origin_from_id(id, %{"id" => other_id} = _params) do
+  def contain_origin_from_id(id, %{"id" => other_id} = _params) when is_binary(other_id) do
     id_uri = URI.parse(id)
     other_uri = URI.parse(other_id)
 
@@ -64,6 +62,8 @@ def contain_origin_from_id(id, %{"id" => other_id} = _params) do
     end
   end
 
+  def contain_origin_from_id(_id, _data), do: :error
+
   def contain_child(%{"object" => %{"id" => id, "attributedTo" => _} = object}),
     do: contain_origin(id, object)
 
diff --git a/test/object/containment_test.exs b/test/object/containment_test.exs
index 61cd1b412..a909f6db2 100644
--- a/test/object/containment_test.exs
+++ b/test/object/containment_test.exs
@@ -67,6 +67,20 @@ test "users cannot be collided through fake direction spoofing attempts" do
              end) =~
                "[error] Could not decode user at fetch https://n1u.moe/users/rye, {:error, :error}"
     end
+
+    test "contain_origin_from_id() gracefully handles cases where no ID is present" do
+      data = %{
+        "type" => "Create",
+        "object" => %{
+          "id" => "http://example.net/~alyssa/activities/1234",
+          "attributedTo" => "http://example.org/~alyssa"
+        },
+        "actor" => "http://example.com/~bob"
+      }
+
+      :error =
+        Containment.contain_origin_from_id("http://example.net/~alyssa/activities/1234", data)
+    end
   end
 
   describe "containment of children" do