mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2025-01-05 06:48:41 +00:00
Drop incoming Delete activities from unknown actors
This commit is contained in:
parent
1e8b79956e
commit
ceffb8a891
3 changed files with 38 additions and 1 deletions
1
changelog.d/drop-unknown-deletes.change
Normal file
1
changelog.d/drop-unknown-deletes.change
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Drop incoming Delete activities from unknown actors
|
|
@ -33,7 +33,8 @@ defmodule Pleroma.Workers.ReceiverWorker do
|
||||||
query_string: query_string
|
query_string: query_string
|
||||||
}
|
}
|
||||||
|
|
||||||
with {:ok, %User{} = _actor} <- User.get_or_fetch_by_ap_id(conn_data.params["actor"]),
|
with {_, false} <- {:unknown_delete, unknown_delete?(params)},
|
||||||
|
User.get_or_fetch_by_ap_id(conn_data.params["actor"]),
|
||||||
{:ok, _public_key} <- Signature.refetch_public_key(conn_data),
|
{:ok, _public_key} <- Signature.refetch_public_key(conn_data),
|
||||||
{:signature, true} <- {:signature, Signature.validate_signature(conn_data)},
|
{:signature, true} <- {:signature, Signature.validate_signature(conn_data)},
|
||||||
{:ok, res} <- Federator.perform(:incoming_ap_doc, params) do
|
{:ok, res} <- Federator.perform(:incoming_ap_doc, params) do
|
||||||
|
@ -58,6 +59,7 @@ defmodule Pleroma.Workers.ReceiverWorker do
|
||||||
|
|
||||||
defp process_errors(errors) do
|
defp process_errors(errors) do
|
||||||
case errors do
|
case errors do
|
||||||
|
{:unknown_delete, true} -> {:cancel, "Delete from unknown actor"}
|
||||||
{:error, :origin_containment_failed} -> {:cancel, :origin_containment_failed}
|
{:error, :origin_containment_failed} -> {:cancel, :origin_containment_failed}
|
||||||
{:error, :already_present} -> {:cancel, :already_present}
|
{:error, :already_present} -> {:cancel, :already_present}
|
||||||
{:error, {:validate_object, _} = reason} -> {:cancel, reason}
|
{:error, {:validate_object, _} = reason} -> {:cancel, reason}
|
||||||
|
@ -71,4 +73,16 @@ defmodule Pleroma.Workers.ReceiverWorker do
|
||||||
e -> {:error, e}
|
e -> {:error, e}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp unknown_delete?(%{
|
||||||
|
"type" => "Delete",
|
||||||
|
"actor" => actor
|
||||||
|
}) do
|
||||||
|
case User.get_cached_by_ap_id(actor) do
|
||||||
|
%User{} -> false
|
||||||
|
_ -> true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
defp unknown_delete?(_), do: false
|
||||||
end
|
end
|
||||||
|
|
|
@ -245,4 +245,26 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
|
||||||
|
|
||||||
assert {:ok, %Pleroma.Activity{}} = ReceiverWorker.perform(oban_job)
|
assert {:ok, %Pleroma.Activity{}} = ReceiverWorker.perform(oban_job)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# When activity is delivered to the inbox and we cannot immediately verify signature
|
||||||
|
# we capture all the params and process it later in the Oban job.
|
||||||
|
# This requires we replicate the same scenario by including additional fields in the params
|
||||||
|
test "Deletes cancelled for an unknown actor" do
|
||||||
|
params = %{
|
||||||
|
"type" => "Delete",
|
||||||
|
"actor" => "https://unknown.mastodon.instance/users/somebody"
|
||||||
|
}
|
||||||
|
|
||||||
|
assert {:cancel, "Delete from unknown actor"} =
|
||||||
|
ReceiverWorker.perform(%Oban.Job{
|
||||||
|
args: %{
|
||||||
|
"op" => "incoming_ap_doc",
|
||||||
|
"method" => :post,
|
||||||
|
"req_headers" => [],
|
||||||
|
"request_path" => "/inbox",
|
||||||
|
"query_string" => "",
|
||||||
|
"params" => params
|
||||||
|
}
|
||||||
|
})
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue