Don't allow federated deletes by default

2019-07-17 19:13:45 +01:00 · 2019-07-17 19:13:45 +01:00 · 58c213256c
parent 787b15f227
commit 58c213256c
5 changed files with 20 additions and 20 deletions
--- a/README.md
+++ b/README.md
@ -387,10 +387,10 @@ python3 epicyon.py --nickname [yournick] --domain [name] \
 ## Delete posts
-To delete a post you must first know its url. It is usually something like:
+To delete a post which you wrote you must first know its url. It is usually something like:
 ``` text
-https://domain/users/name/statuses/number
+https://yourDomain/users/yourNickname/statuses/number
 ```
 Once you know that they you can use the command:
@ -402,9 +402,9 @@ python3 epicyon.py --nickname [yournick] --domain [name] \
 Deletion of posts in a federated system is not always reliable. Some instances may not implement deletion, and this may be because of the possibility of spurious deletes being sent by an adversary to cause trouble.
-To disallow deletion requests by unauthenticated people on your server set the **--nodeletion** option.
+By default federated deletions are not permitted because of the potential for misuse. If you wish to enable it then set the option **--allowdeletion**.
-Another complication is that the followers collection may change between the time when a post was created and the time it was deleted, leaving some stranded copies.
+Another complication of federated deletion is that the followers collection may change between the time when a post was created and the time it was deleted, leaving some stranded copies.
 ## Announcements/repeats/boosts
--- a/daemon.py
+++ b/daemon.py
@ -814,7 +814,7 @@ def runDaemon(clientToServer: bool,baseDir: str,domain: str, \
              noannounce=False,cw=False,ocapAlways=False, \
              useTor=False,maxReplies=64, \
              domainMaxPostsPerDay=8640,accountMaxPostsPerDay=8640, \
-              nodeletion=False,debug=False) -> None:
+              allowDeletion=False,debug=False) -> None:
    if len(domain)==0:
        domain='localhost'
    if '.' not in domain:
@ -847,7 +847,7 @@ def runDaemon(clientToServer: bool,baseDir: str,domain: str, \
    httpd.ocapAlways=ocapAlways
    httpd.maxMessageLength=5000
    httpd.maxImageSize=10*1024*1024
-    httpd.nodeletion=nodeletion
+    httpd.allowDeletion=nodeletion
    httpd.acceptedCaps=["inbox:write","objects:read"]
    if noreply:
        httpd.acceptedCaps.append('inbox:noreply')
@ -872,7 +872,7 @@ def runDaemon(clientToServer: bool,baseDir: str,domain: str, \
                              domain,port,useTor,httpd.federationList, \
                              httpd.ocapAlways,maxReplies, \
                              domainMaxPostsPerDay,accountMaxPostsPerDay, \
-                              nodeletion,debug,httpd.acceptedCaps),daemon=True)
+                              allowDeletion,debug,httpd.acceptedCaps),daemon=True)
    httpd.thrInboxQueue.start()
    if clientToServer:
        print('Running ActivityPub client on ' + domain + ' port ' + str(port))
--- a/epicyon.py
+++ b/epicyon.py
@ -164,7 +164,7 @@ parser.add_argument('--message', dest='message', type=str,default=None, \
                    help='Message content')
 parser.add_argument('--delete', dest='delete', type=str,default=None, \
                    help='Delete a specified post')
-parser.add_argument("--nodeletion", type=str2bool, nargs='?', \
+parser.add_argument("--allowdeletion", type=str2bool, nargs='?', \
                    const=True, default=False, \
                    help="Do not allow deletions")
 parser.add_argument('--repeat','--announce', dest='announce', type=str,default=None, \
@ -779,4 +779,4 @@ runDaemon(args.client,baseDir,domain,port,httpPrefix, \
          args.noannounce,args.cw,ocapAlways, \
          useTor,args.maxReplies, \
          args.domainMaxPostsPerDay,args.accountMaxPostsPerDay, \
-          args.nodeletion,debug)
+          args.allowDeletion,debug)
--- a/inbox.py
+++ b/inbox.py
@ -823,7 +823,7 @@ def inboxAfterCapabilities(session,keyId: str,handle: str,messageJson: {}, \
                           federationList: [],ocapAlways: bool,debug: bool, \
                           acceptedCaps: [],
                           queueFilename :str,destinationFilename :str,
-                           maxReplies: int,nodeletion: bool) -> bool:
+                           maxReplies: int,allowDeletion: bool) -> bool:
    """ Anything which needs to be done after capabilities checks have passed
    """
    if receiveLike(session,handle, \
@ -877,7 +877,7 @@ def inboxAfterCapabilities(session,keyId: str,handle: str,messageJson: {}, \
            print('DEBUG: Undo announce accepted from '+keyId)
        return False
-    if not nodeletion:
+    if allowDeletion:
        if receiveDelete(session,handle, \
                         baseDir,httpPrefix, \
                         domain,port, \
@ -916,7 +916,7 @@ def runInboxQueue(baseDir: str,httpPrefix: str,sendThreads: [],postLog: [], \
                  domain: str,port: int,useTor: bool,federationList: [], \
                  ocapAlways: bool,maxReplies: int, \
                  domainMaxPostsPerDay: int,accountMaxPostsPerDay: int, \
-                  nodeletion: bool,debug: bool, \
+                  allowDeletion: bool,debug: bool, \
                  acceptedCaps=["inbox:write","objects:read"]) -> None:
    """Processes received items and moves them to
    the appropriate directories
@ -1179,7 +1179,7 @@ def runInboxQueue(baseDir: str,httpPrefix: str,sendThreads: [],postLog: [], \
                                               federationList,ocapAlways, \
                                               debug,acceptedCaps, \
                                               queueFilename,destination, \
-                                               maxReplies,nodeletion)
+                                               maxReplies,allowDeletion)
                    else:
                        if debug:
                            print('DEBUG: object capabilities check failed')
@ -1196,7 +1196,7 @@ def runInboxQueue(baseDir: str,httpPrefix: str,sendThreads: [],postLog: [], \
                                               federationList,ocapAlways, \
                                               debug,acceptedCaps, \
                                               queueFilename,destination, \
-                                               maxReplies,nodeletion)
+                                               maxReplies,allowDeletion)
                    if debug:
                        print('DEBUG: object capabilities check failed')
--- a/tests.py
+++ b/tests.py
@ -151,7 +151,7 @@ def createServerAlice(path: str,domain: str,port: int,federationList: [], \
    maxReplies=64
    domainMaxPostsPerDay=1000
    accountMaxPostsPerDay=1000
-    nodeletion=False
+    allowDeletion=True
    privateKeyPem,publicKeyPem,person,wfEndpoint= \
        createPerson(path,nickname,domain,port,httpPrefix,True,password)
    deleteAllPosts(path,nickname,domain,'inbox')
@ -180,7 +180,7 @@ def createServerAlice(path: str,domain: str,port: int,federationList: [], \
              noreply,nolike,nopics,noannounce,cw,ocapAlways, \
              useTor,maxReplies, \
              domainMaxPostsPerDay,accountMaxPostsPerDay, \
-              nodeletion,True)
+              allowDeletion,True)
 def createServerBob(path: str,domain: str,port: int,federationList: [], \
                    hasFollows: bool,hasPosts :bool,ocapAlways :bool):
@ -203,7 +203,7 @@ def createServerBob(path: str,domain: str,port: int,federationList: [], \
    maxReplies=64
    domainMaxPostsPerDay=1000
    accountMaxPostsPerDay=1000
-    nodeletion=False
+    allowDeletion=False
    privateKeyPem,publicKeyPem,person,wfEndpoint= \
        createPerson(path,nickname,domain,port,httpPrefix,True,password)
    deleteAllPosts(path,nickname,domain,'inbox')
@ -232,7 +232,7 @@ def createServerBob(path: str,domain: str,port: int,federationList: [], \
              noreply,nolike,nopics,noannounce,cw,ocapAlways, \
              useTor,maxReplies, \
              domainMaxPostsPerDay,accountMaxPostsPerDay, \
-              nodeletion,True)
+              allowDeletion,True)
 def createServerEve(path: str,domain: str,port: int,federationList: [], \
                    hasFollows: bool,hasPosts :bool,ocapAlways :bool):
@ -252,7 +252,7 @@ def createServerEve(path: str,domain: str,port: int,federationList: [], \
    noannounce=False
    cw=False
    maxReplies=64
-    nodeletion=False
+    allowDeletion=True
    privateKeyPem,publicKeyPem,person,wfEndpoint= \
        createPerson(path,nickname,domain,port,httpPrefix,True,password)
    deleteAllPosts(path,nickname,domain,'inbox')
@ -262,7 +262,7 @@ def createServerEve(path: str,domain: str,port: int,federationList: [], \
    print('Server running: Eve')
    runDaemon(False,path,domain,port,httpPrefix,federationList, \
              noreply,nolike,nopics,noannounce,cw,ocapAlways, \
-              useTor,maxReplies,nodeletion,True)
+              useTor,maxReplies,allowDeletion,True)
 def testPostMessageBetweenServers():
    print('Testing sending message from one server to the inbox of another')