Drop incoming Delete activities from unknown actors
This commit is contained in:
parent
1e8b79956e
commit
ceffb8a891
3 changed files with 38 additions and 1 deletions
1
changelog.d/drop-unknown-deletes.change
Normal file
1
changelog.d/drop-unknown-deletes.change
Normal file
|
@ -0,0 +1 @@
|
|||
Drop incoming Delete activities from unknown actors
|
|
@ -33,7 +33,8 @@ def perform(%Job{
|
|||
query_string: query_string
|
||||
}
|
||||
|
||||
with {:ok, %User{} = _actor} <- User.get_or_fetch_by_ap_id(conn_data.params["actor"]),
|
||||
with {_, false} <- {:unknown_delete, unknown_delete?(params)},
|
||||
User.get_or_fetch_by_ap_id(conn_data.params["actor"]),
|
||||
{:ok, _public_key} <- Signature.refetch_public_key(conn_data),
|
||||
{:signature, true} <- {:signature, Signature.validate_signature(conn_data)},
|
||||
{:ok, res} <- Federator.perform(:incoming_ap_doc, params) do
|
||||
|
@ -58,6 +59,7 @@ def timeout(_job), do: :timer.seconds(5)
|
|||
|
||||
defp process_errors(errors) do
|
||||
case errors do
|
||||
{:unknown_delete, true} -> {:cancel, "Delete from unknown actor"}
|
||||
{:error, :origin_containment_failed} -> {:cancel, :origin_containment_failed}
|
||||
{:error, :already_present} -> {:cancel, :already_present}
|
||||
{:error, {:validate_object, _} = reason} -> {:cancel, reason}
|
||||
|
@ -71,4 +73,16 @@ defp process_errors(errors) do
|
|||
e -> {:error, e}
|
||||
end
|
||||
end
|
||||
|
||||
defp unknown_delete?(%{
|
||||
"type" => "Delete",
|
||||
"actor" => actor
|
||||
}) do
|
||||
case User.get_cached_by_ap_id(actor) do
|
||||
%User{} -> false
|
||||
_ -> true
|
||||
end
|
||||
end
|
||||
|
||||
defp unknown_delete?(_), do: false
|
||||
end
|
||||
|
|
|
@ -245,4 +245,26 @@ test "it can validate the signature" do
|
|||
|
||||
assert {:ok, %Pleroma.Activity{}} = ReceiverWorker.perform(oban_job)
|
||||
end
|
||||
|
||||
# When activity is delivered to the inbox and we cannot immediately verify signature
|
||||
# we capture all the params and process it later in the Oban job.
|
||||
# This requires we replicate the same scenario by including additional fields in the params
|
||||
test "Deletes cancelled for an unknown actor" do
|
||||
params = %{
|
||||
"type" => "Delete",
|
||||
"actor" => "https://unknown.mastodon.instance/users/somebody"
|
||||
}
|
||||
|
||||
assert {:cancel, "Delete from unknown actor"} =
|
||||
ReceiverWorker.perform(%Oban.Job{
|
||||
args: %{
|
||||
"op" => "incoming_ap_doc",
|
||||
"method" => :post,
|
||||
"req_headers" => [],
|
||||
"request_path" => "/inbox",
|
||||
"query_string" => "",
|
||||
"params" => params
|
||||
}
|
||||
})
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue