bigbuffet/pleroma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ReceiverWorker: cancel job if user fetch is forbidden

Browse source 
An instance block with authenticated fetch being required can cause this as we couldn't get the user to find their public key to verify the signature. Commonly observed if someone boosts/Announces a post from an instance that blocked you.
This commit is contained in:
Mark Felder 2024-08-28 15:45:13 -04:00
parent 58f646bcda
commit fc450fdefc
2 changed files with 52 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/pleroma/workers/receiver_worker.ex
View file

@ -56,17 +56,20 @@ def timeout(%_{args: %{"timeout" => timeout}}), do: timeout
def timeout(_job), do: :timer.seconds(5) def timeout(_job), do: :timer.seconds(5)
defp process_errors({:error, {:error, _} = error}), do: process_errors(error)
defp process_errors(errors) do defp process_errors(errors) do
case errors do case errors do
{:error, :origin_containment_failed} -> {:cancel, :origin_containment_failed} {:error, :origin_containment_failed} -> {:cancel, :origin_containment_failed}
{:error, :already_present} -> {:cancel, :already_present} {:error, :already_present} -> {:cancel, :already_present}
{:error, {:validate_object, _} = reason} -> {:cancel, reason} {:error, {:validate_object, _} = reason} -> {:cancel, reason}
{:error, {:error, {:validate, {:error, _changeset} = reason}}} -> {:cancel, reason} {:error, {:validate, {:error, _changeset} = reason}} -> {:cancel, reason}
{:error, {:reject, _} = reason} -> {:cancel, reason} {:error, {:reject, _} = reason} -> {:cancel, reason}
{:signature, false} -> {:cancel, :invalid_signature} {:signature, false} -> {:cancel, :invalid_signature}
{:error, "Object has been deleted"} = reason -> {:cancel, reason} {:error, "Object has been deleted"} = reason -> {:cancel, reason}
{:error, {:side_effects, {:error, :no_object_actor}} = reason} -> {:cancel, reason} {:error, {:side_effects, {:error, :no_object_actor}} = reason} -> {:cancel, reason}
{:error, :not_found} = reason -> {:cancel, reason} {:error, :not_found} = reason -> {:cancel, reason}
{:error, :forbidden} = reason -> {:cancel, reason}
{:error, _} = e -> e {:error, _} = e -> e
e -> {:error, e} e -> {:error, e}
end end

48
test/pleroma/workers/receiver_worker_test.exs
View file

@ -51,6 +51,54 @@ test "it does not retry duplicates" do
}) })
end end
test "it does not retry if a user fetch fails with a 403" do
Tesla.Mock.mock(fn
%{url: "https://simpsons.com/users/bart"} ->
%Tesla.Env{
status: 403,
body: ""
}
end)
params =
%{
"@context" => [
"https://www.w3.org/ns/activitystreams",
"https://w3id.org/security/v1"
],
"actor" => "https://simpsons.com/users/bart",
"cc" => [],
"id" => "https://simpsons.com/activity/eat-my-shorts",
"object" => %{},
"to" => ["https://www.w3.org/ns/activitystreams#Public"],
"type" => "Create"
}
req_headers = [
["accept-encoding", "gzip"],
["content-length", "31337"],
["content-type", "application/activity+json"],
["date", "Wed, 28 Aug 2024 15:36:31 GMT"],
["digest", "SHA-256=ouge/6HP2/QryG6F3JNtZ6vzs/hSwMk67xdxe87eH7A="],
["host", "bikeshed.party"],
[
"signature",
"does not matter as user needs to be fetched first"
]
]
{:ok, oban_job} =
Federator.incoming_ap_doc(%{
method: "POST",
req_headers: req_headers,
request_path: "/inbox",
params: params,
query_string: ""
})
assert {:cancel, {:error, :forbidden}} = ReceiverWorker.perform(oban_job)
end
test "it can validate the signature" do test "it can validate the signature" do
Tesla.Mock.mock(fn Tesla.Mock.mock(fn
%{url: "https://mastodon.social/users/bastianallgeier"} -> %{url: "https://mastodon.social/users/bastianallgeier"} ->