Drop incoming Delete activities from unknown actors

This commit is contained in:
Mark Felder 2024-08-23 13:52:19 -04:00
parent 1e8b79956e
commit ceffb8a891
3 changed files with 38 additions and 1 deletions

View file

@ -0,0 +1 @@
Drop incoming Delete activities from unknown actors

View file

@ -33,7 +33,8 @@ def perform(%Job{
query_string: query_string
}
with {:ok, %User{} = _actor} <- User.get_or_fetch_by_ap_id(conn_data.params["actor"]),
with {_, false} <- {:unknown_delete, unknown_delete?(params)},
User.get_or_fetch_by_ap_id(conn_data.params["actor"]),
{:ok, _public_key} <- Signature.refetch_public_key(conn_data),
{:signature, true} <- {:signature, Signature.validate_signature(conn_data)},
{:ok, res} <- Federator.perform(:incoming_ap_doc, params) do
@ -58,6 +59,7 @@ def timeout(_job), do: :timer.seconds(5)
defp process_errors(errors) do
case errors do
{:unknown_delete, true} -> {:cancel, "Delete from unknown actor"}
{:error, :origin_containment_failed} -> {:cancel, :origin_containment_failed}
{:error, :already_present} -> {:cancel, :already_present}
{:error, {:validate_object, _} = reason} -> {:cancel, reason}
@ -71,4 +73,16 @@ defp process_errors(errors) do
e -> {:error, e}
end
end
defp unknown_delete?(%{
"type" => "Delete",
"actor" => actor
}) do
case User.get_cached_by_ap_id(actor) do
%User{} -> false
_ -> true
end
end
defp unknown_delete?(_), do: false
end

View file

@ -245,4 +245,26 @@ test "it can validate the signature" do
assert {:ok, %Pleroma.Activity{}} = ReceiverWorker.perform(oban_job)
end
# When activity is delivered to the inbox and we cannot immediately verify signature
# we capture all the params and process it later in the Oban job.
# This requires we replicate the same scenario by including additional fields in the params
test "Deletes cancelled for an unknown actor" do
params = %{
"type" => "Delete",
"actor" => "https://unknown.mastodon.instance/users/somebody"
}
assert {:cancel, "Delete from unknown actor"} =
ReceiverWorker.perform(%Oban.Job{
args: %{
"op" => "incoming_ap_doc",
"method" => :post,
"req_headers" => [],
"request_path" => "/inbox",
"query_string" => "",
"params" => params
}
})
end
end