[PLUGIN][Repeat] Fixed corner case where the user would return to repeat form page and try to repeat the note again.

This commit is contained in:
Eliseu Amaro 2021-11-16 19:39:03 +00:00
parent acc43a276b
commit 2561823550
Signed by: eliseuamaro
GPG Key ID: 96DA09D4B97BC2D5
2 changed files with 98 additions and 68 deletions

View File

@ -25,37 +25,40 @@ namespace Plugin\Repeat\Controller;
use App\Core\Controller;
use App\Core\DB\DB;
use App\Core\Event;
use App\Core\Form;
use function App\Core\I18n\_m;
use App\Core\Log;
use App\Core\Router\Router;
use App\Entity\Note;
use App\Util\Common;
use App\Util\Exception\InvalidFormException;
use App\Util\Exception\ClientException;
use App\Util\Exception\NoLoggedInUser;
use App\Util\Exception\NoSuchNoteException;
use App\Util\Exception\RedirectException;
use Plugin\Repeat\Entity\NoteRepeat;
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\HttpFoundation\Request;
use function App\Core\I18n\_m;
class Repeat extends Controller
{
/**
* @throws RedirectException
* @throws NoSuchNoteException
* @throws InvalidFormException
* Controller for the note repeat non-JS page
*
* @throws \App\Util\Exception\ServerException
* @throws ClientException
* @throws NoLoggedInUser
* @throws NoSuchNoteException
* @throws RedirectException
*/
public function repeatAddNote(Request $request, int $id): bool|array
{
$user = Common::ensureLoggedIn();
$opts = ['actor_id' => $user->getId(), 'repeat_of' => $id];
$note_already_repeated = DB::count('note_repeat', $opts) >= 1;
if (is_null($note_already_repeated)) {
throw new NoSuchNoteException();
// Before the form is rendered for the first time
if (\is_null($note_already_repeated)) {
throw new ClientException(_m('Note already repeated!'));
}
$note = Note::getWithPK(['id' => $id]);
@ -64,7 +67,7 @@ class Repeat extends Controller
[
'label' => _m('Repeat note!'),
'attr' => [
'title' => _m('Repeat this note!')
'title' => _m('Repeat this note!'),
],
],
],
@ -72,8 +75,12 @@ class Repeat extends Controller
$form_add_to_repeat->handleRequest($request);
if ($form_add_to_repeat->isSubmitted()) {
// If the user goes back to the form, again
if (DB::count('note_repeat', ['actor_id' => $user->getId(), 'repeat_of' => $id]) >= 1) {
throw new ClientException(_m('Note already repeated!'));
}
if (!is_null($note)) {
if (!\is_null($note)) {
$actor_id = $user->getId();
$content = $note->getContent();
@ -85,9 +92,9 @@ class Repeat extends Controller
'rendered' => $note->getRendered(),
'is_local' => true,
]);
DB::persist($repeat);
// Update DB
DB::persist($repeat);
DB::flush();
// Find the id of the note we just created
@ -95,11 +102,11 @@ class Repeat extends Controller
$og_id = $note->getId();
// Add it to note_repeat table
if (!is_null($repeat_id)) {
if (!\is_null($repeat_id)) {
DB::persist(NoteRepeat::create([
'note_id' => $repeat_id,
'actor_id' => $actor_id,
'repeat_of' => $og_id
'repeat_of' => $og_id,
]));
}
@ -107,10 +114,20 @@ class Repeat extends Controller
DB::flush();
}
if (array_key_exists('from', $get_params = $this->params())) {
# TODO anchor on element id
// Redirect user to where they came from
// Prevent open redirect
if (\array_key_exists('from', (array) $get_params = $this->params())) {
if (Router::isAbsolute($get_params['from'])) {
Log::warning("Actor {$actor_id} attempted to reply to a note and then get redirected to another host, or the URL was invalid ({$get_params['from']})");
throw new ClientException(_m('Can not redirect to outside the website from here'), 400); // 400 Bad request (deceptive)
} else {
// TODO anchor on element id
throw new RedirectException($get_params['from']);
}
} else {
// If we don't have a URL to return to, go to the instance root
throw new RedirectException('root');
}
}
return [
@ -121,18 +138,18 @@ class Repeat extends Controller
}
/**
* @throws RedirectException
* @throws NoSuchNoteException
* @throws InvalidFormException
* @throws \App\Util\Exception\ServerException
* @throws ClientException
* @throws NoLoggedInUser
* @throws NoSuchNoteException
* @throws RedirectException
*/
public function repeatRemoveNote(Request $request, int $id): array
{
$user = Common::ensureLoggedIn();
$opts = ['id' => $id];
$remove_repeat_note = DB::find('note', $opts);
if (is_null($remove_repeat_note)) {
if (\is_null($remove_repeat_note)) {
throw new NoSuchNoteException();
}
@ -141,7 +158,7 @@ class Repeat extends Controller
[
'label' => _m('Remove repeat'),
'attr' => [
'title' => _m('Remove note from repeats.')
'title' => _m('Remove note from repeats.'),
],
],
],
@ -161,10 +178,19 @@ class Repeat extends Controller
DB::flush();
}
if (array_key_exists('from', $get_params = $this->params())) {
# TODO anchor on element id
// Redirect user to where they came from
// Prevent open redirect
if (\array_key_exists('from', (array) $get_params = $this->params())) {
if (Router::isAbsolute($get_params['from'])) {
Log::warning("Actor {$actor_id} attempted to reply to a note and then get redirected to another host, or the URL was invalid ({$get_params['from']})");
throw new ClientException(_m('Can not redirect to outside the website from here'), 400); // 400 Bad request (deceptive)
} else {
// TODO anchor on element id
throw new RedirectException($get_params['from']);
}
} else {
throw new RedirectException('root'); // If we don't have a URL to return to, go to the instance root
}
}
return [

View File

@ -23,18 +23,20 @@ namespace Plugin\Repeat;
use App\Core\DB\DB;
use App\Core\Event;
use function App\Core\I18n\_m;
use App\Core\Modules\NoteHandlerPlugin;
use App\Core\Router\RouteLoader;
use App\Core\Router\Router;
use App\Entity\Actor;
use App\Entity\Note;
use App\Util\Common;
use App\Util\Exception\ClientException;
use App\Util\Exception\DuplicateFoundException;
use App\Util\Exception\InvalidFormException;
use App\Util\Exception\NoLoggedInUser;
use App\Util\Exception\NoSuchNoteException;
use App\Util\Exception\NotFoundException;
use App\Util\Exception\RedirectException;
use App\Util\Exception\ServerException;
use App\Util\Formatting;
use Plugin\Repeat\Entity\NoteRepeat;
use Symfony\Component\HttpFoundation\Request;
@ -47,7 +49,7 @@ class Repeat extends NoteHandlerPlugin
*
* @throws InvalidFormException
* @throws NoSuchNoteException
* @throws RedirectException
* @throws RedirectException*@throws ClientException*@throws DuplicateFoundException
*
* @return bool Event hook
*/
@ -58,17 +60,15 @@ class Repeat extends NoteHandlerPlugin
}
// If note is repeated, "is_repeated" is 1
$opts = ['repeat_of' => $note->getId()];
$is_repeat = DB::count('note_repeat', ['note_id' => $note->getId()]) >= 1;
try {
if (DB::findOneBy('note_repeat', $opts)) {
if (DB::findOneBy('note_repeat', ['repeat_of' => $note->getId()])) {
return Event::next;
}
} catch (DuplicateFoundException $e) {
} catch (NotFoundException $e) {
} catch (DuplicateFoundException|NotFoundException $e) {
}
$is_repeat = DB::count('note_repeat', ['note_id' => $note->getId()]) >= 1;
// Generating URL for repeat action route
$args = ['id' => $note->getId()];
$type = Router::ABSOLUTE_PATH;
@ -94,17 +94,15 @@ class Repeat extends NoteHandlerPlugin
}
/**
* @throws \App\Util\Exception\NoLoggedInUser
* Append on note information about user actions.
*
* @return array|bool
*/
public function onAppendCardNote(array $vars, array &$result) {
public function onAppendCardNote(array $vars, array &$result)
{
// if note is the original and user isn't the one who repeated, append on end "user repeated this"
// if user is the one who repeated, append on end "you repeated this, remove repeat?"
$check_user = true;
try {
$user = Common::ensureLoggedIn();
} catch (NoLoggedInUser $e) {
$check_user = false;
}
$check_user = !\is_null(Common::user());
$note = $vars['note'];
@ -116,12 +114,12 @@ class Repeat extends NoteHandlerPlugin
foreach ($note_repeats as $reply) {
$repeat_actor[] = Actor::getWithPK($reply->getActorId());
}
if (count($repeat_actor) < 1) {
return null;
if (\count($repeat_actor) < 1) {
return Event::next;
}
// Filter out multiple replies from the same actor
$repeat_actor = array_unique($repeat_actor, SORT_REGULAR);
$repeat_actor = array_unique($repeat_actor, \SORT_REGULAR);
// Add to complementary info
foreach ($repeat_actor as $actor) {
@ -130,7 +128,13 @@ class Repeat extends NoteHandlerPlugin
if ($check_user && $actor->getId() === (Common::actor())->getId()) {
// If the repeat is yours
$prepend = "<a href={$repeat_actor_url}>You</a>, " . ($prepend = &$complementary_info);
try {
$you_translation = _m('You');
} catch (ServerException $e) {
$you_translation = 'You';
}
$prepend = "<a href={$repeat_actor_url}>{$you_translation}</a>, " . ($prepend = &$complementary_info);
$complementary_info = $prepend;
} else {
// If the repeat is from someone else