From e8fd40f3cadef5be7135778120cdae992d6c33e8 Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Wed, 9 Oct 2024 11:02:10 +0200
Subject: [PATCH] [bugfix] Fix replies not being stored pending approval
 (#3409)

---
 .../dereferencing/status_permitted.go         | 61 ++++++++++++-------
 1 file changed, 39 insertions(+), 22 deletions(-)

diff --git a/internal/federation/dereferencing/status_permitted.go b/internal/federation/dereferencing/status_permitted.go
index 4b246653c..9ad425c2f 100644
--- a/internal/federation/dereferencing/status_permitted.go
+++ b/internal/federation/dereferencing/status_permitted.go
@@ -235,7 +235,7 @@ func (d *Dereferencer) isPermittedReply(
 
 	// Status doesn't claim to be approved.
 	// Check interaction policy of inReplyTo
-	// to see if it doesn't require approval.
+	// to see what we need to do with it.
 	replyable, err := d.intFilter.StatusReplyable(ctx,
 		reply.Account,
 		inReplyTo,
@@ -260,35 +260,52 @@ func (d *Dereferencer) isPermittedReply(
 		)
 	}
 
-	// Reply is permitted according to the interaction
-	// policy set on the replied-to status (if any).
-
-	if !replyable.MatchedOnCollection() {
-		// If we didn't match on a collection,
-		// then we don't require an acceptIRI,
-		// and we don't need to send an Accept;
-		// just permit the reply full stop.
+	if replyable.Permitted() &&
+		!replyable.MatchedOnCollection() {
+		// Reply is permitted and match was *not* made
+		// based on inclusion in a followers/following
+		// collection. Just permit the reply full stop
+		// as no approval / accept URI is necessary.
 		return true, nil
 	}
 
-	// Reply is permitted, but match was made based
-	// on inclusion in a followers/following collection.
-	//
-	// If the status is ours, mark it as PreApproved
-	// so the processor knows to create and send out
-	// an Accept for it immediately.
-	if inReplyTo.IsLocal() {
+	// Reply is either permitted based on inclusion in a
+	// followers/following collection, *or* is permitted
+	// pending approval, though we know at this point
+	// that the status did not include an approvedBy URI.
+
+	if !inReplyTo.IsLocal() {
+		// If the replied-to status is remote, we should just
+		// drop this reply at this point, as we can't verify
+		// that the remote replied-to account approves it, and
+		// we can't verify the presence of a remote account
+		// in one of another remote account's collections.
+		//
+		// It's possible we'll get an Accept from the replied-
+		// to account later, and we can store this reply then.
+		return false, nil
+	}
+
+	// Replied-to status is ours, so the
+	// replied-to account is ours as well.
+
+	if replyable.MatchedOnCollection() {
+		// If permission was granted based on inclusion in
+		// a followers/following collection, pre-approve the
+		// reply, as we ourselves can validate presence of the
+		// replier in the appropriate collection. Pre-approval
+		// lets the processor know it should send out an Accept
+		// straight away on behalf of the replied-to account.
 		reply.PendingApproval = util.Ptr(true)
 		reply.PreApproved = true
 		return true, nil
 	}
 
-	// For replies to remote statuses, which matched
-	// on a followers/following collection, but did not
-	// include an acceptIRI, we should just drop it.
-	// It's possible we'll get an Accept for it later
-	// and we can check everything again.
-	return false, nil
+	// Reply just requires approval from the local account
+	// it replies to. Set PendingApproval so the processor
+	// knows to create a pending interaction request.
+	reply.PendingApproval = util.Ptr(true)
+	return true, nil
 }
 
 // unpermittedByParent marks the given reply as rejected