diff options
author | ThibG <thib@sitedethib.com> | 2019-03-20 17:20:16 +0100 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2019-03-20 17:20:16 +0100 |
commit | 66d945209278c9344d503fe4e7a58d5c6f040e50 (patch) | |
tree | e6d83fb7c474e7542afb2ef54a9bfd8d1f6a6ea1 | |
parent | 158c31b9df538691666e5b91f48a0afecd2985fe (diff) |
Do not try fetching keys of unknown accounts on a Delete from them (#10326)
-rw-r--r-- | app/controllers/activitypub/inboxes_controller.rb | 16 | ||||
-rw-r--r-- | spec/controllers/activitypub/inboxes_controller_spec.rb | 4 |
2 files changed, 15 insertions, 5 deletions
diff --git a/app/controllers/activitypub/inboxes_controller.rb b/app/controllers/activitypub/inboxes_controller.rb index 8f5e1887e..1501b914e 100644 --- a/app/controllers/activitypub/inboxes_controller.rb +++ b/app/controllers/activitypub/inboxes_controller.rb @@ -2,11 +2,14 @@ class ActivityPub::InboxesController < Api::BaseController include SignatureVerification + include JsonLdHelper before_action :set_account def create - if signed_request_account + if unknown_deleted_account? + head 202 + elsif signed_request_account upgrade_account process_payload head 202 @@ -17,12 +20,19 @@ class ActivityPub::InboxesController < Api::BaseController private + def unknown_deleted_account? + json = Oj.load(body, mode: :strict) + json['type'] == 'Delete' && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists? + rescue Oj::ParseError + false + end + def set_account @account = Account.find_local!(params[:account_username]) if params[:account_username] end def body - @body ||= request.body.read + @body ||= request.body.read.force_encoding('UTF-8') end def upgrade_account @@ -36,6 +46,6 @@ class ActivityPub::InboxesController < Api::BaseController end def process_payload - ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body.force_encoding('UTF-8'), @account&.id) + ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body, @account&.id) end end diff --git a/spec/controllers/activitypub/inboxes_controller_spec.rb b/spec/controllers/activitypub/inboxes_controller_spec.rb index 4055d9342..eab4b8c3e 100644 --- a/spec/controllers/activitypub/inboxes_controller_spec.rb +++ b/spec/controllers/activitypub/inboxes_controller_spec.rb @@ -10,7 +10,7 @@ RSpec.describe ActivityPub::InboxesController, type: :controller do Fabricate(:account) end - post :create + post :create, body: '{}' expect(response).to have_http_status(202) end end @@ -21,7 +21,7 @@ RSpec.describe ActivityPub::InboxesController, type: :controller do false end - post :create + post :create, body: '{}' expect(response).to have_http_status(401) end end |