mirror of
https://github.com/jointakahe/takahe.git
synced 2024-11-25 08:41:00 +00:00
Ignore actor delete messages for unknown actors (#124)
This commit is contained in:
parent
b8460b0acd
commit
42c7b629cf
3 changed files with 38 additions and 0 deletions
|
@ -92,6 +92,7 @@ def identity(user, domain) -> Identity:
|
|||
"""
|
||||
identity = Identity.objects.create(
|
||||
actor_uri="https://example.com/@test@example.com/",
|
||||
inbox_uri="https://example.com/@test@example.com/inbox/",
|
||||
username="test",
|
||||
domain=domain,
|
||||
name="Test User",
|
||||
|
@ -125,6 +126,7 @@ def other_identity(user, domain) -> Identity:
|
|||
"""
|
||||
identity = Identity.objects.create(
|
||||
actor_uri="https://example.com/@other@example.com/",
|
||||
inbox_uri="https://example.com/@other@example.com/inbox/",
|
||||
username="other",
|
||||
domain=domain,
|
||||
name="Other User",
|
||||
|
@ -143,6 +145,7 @@ def remote_identity() -> Identity:
|
|||
domain = Domain.objects.create(domain="remote.test", local=False)
|
||||
return Identity.objects.create(
|
||||
actor_uri="https://remote.test/test-actor/",
|
||||
inbox_uri="https://remote.test/@test/inbox/",
|
||||
profile_uri="https://remote.test/@test/",
|
||||
username="test",
|
||||
domain=domain,
|
||||
|
|
|
@ -31,3 +31,25 @@ def test_webfinger_system_actor(client):
|
|||
data = client.get("/actor/", HTTP_ACCEPT="application/ld+json").json()
|
||||
assert data["id"] == "https://example.com/actor/"
|
||||
assert data["inbox"] == "https://example.com/actor/inbox/"
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_delete_actor(client, identity):
|
||||
data = {
|
||||
"@context": "https://www.w3.org/ns/activitystreams",
|
||||
"actor": "https://mastodon.social/users/fakec8b6984105c8f15070a2",
|
||||
"id": "https://mastodon.social/users/fakec8b6984105c8f15070a2#delete",
|
||||
"object": "https://mastodon.social/users/fakec8b6984105c8f15070a2",
|
||||
"signature": {
|
||||
"created": "2022-12-06T03:54:28Z",
|
||||
"creator": "https://mastodon.social/users/fakec8b6984105c8f15070a2#main-key",
|
||||
"signatureValue": "This value doesn't matter",
|
||||
"type": "RsaSignature2017",
|
||||
},
|
||||
"to": ["https://www.w3.org/ns/activitystreams#Public"],
|
||||
"type": "Delete",
|
||||
}
|
||||
resp = client.post(
|
||||
identity.inbox_uri, data=data, content_type="application/activity+json"
|
||||
)
|
||||
assert resp.status_code == 202
|
||||
|
|
|
@ -145,9 +145,21 @@ class Inbox(View):
|
|||
# This ensures that the signature used for the headers matches the actor
|
||||
# described in the payload.
|
||||
identity = Identity.by_actor_uri(document["actor"], create=True, transient=True)
|
||||
if (
|
||||
document["type"] == "Delete"
|
||||
and document["actor"] == document["object"]
|
||||
and not identity.pk
|
||||
):
|
||||
# We don't have an Identity record for the user. No-op
|
||||
exceptions.capture_message(
|
||||
f"Inbox: Discarded delete message for unknown actor {document['actor']}"
|
||||
)
|
||||
return HttpResponse(status=202)
|
||||
|
||||
if not identity.public_key:
|
||||
# See if we can fetch it right now
|
||||
async_to_sync(identity.fetch_actor)()
|
||||
|
||||
if not identity.public_key:
|
||||
exceptions.capture_message(
|
||||
f"Inbox error: cannot fetch actor {document['actor']}"
|
||||
|
@ -160,6 +172,7 @@ class Inbox(View):
|
|||
f"Inbox: Discarded message from {identity.domain}"
|
||||
)
|
||||
return HttpResponse(status=202)
|
||||
|
||||
# If there's a "signature" payload, verify against that
|
||||
if "signature" in document:
|
||||
try:
|
||||
|
|
Loading…
Reference in a new issue