Add support for reversible suspensions through ActivityPub (#14989)

author: Eugen Rochko <eugen@zeonfederated.com> 2020-11-08 00:28:39 +0100
committer: GitHub <noreply@github.com> 2020-11-08 00:28:39 +0100
commit: 3134691948aeacb16b7386ed77bbea4581beec40 (patch)
tree: 45ecf62f19879f08bf4c35584c58a64ea09c0c27 /app
parent: ee8cf246cfe8e05914ad7dcf81596f8535b3e161 (diff)
25 files changed, 252 insertions, 66 deletions
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index 6d711afd0..ccb5ef8e8 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -102,6 +102,10 @@ class AccountsController < ApplicationController
     params[:username]
   end
 
+  def skip_temporary_suspension_response?
+    request.format == :json
+  end
+
   def rss_url
     if tag_requested?
       short_account_tag_url(@account, params[:tag], format: 'rss')
diff --git a/app/controllers/activitypub/base_controller.rb b/app/controllers/activitypub/base_controller.rb
index 0c2591e97..4cbc3ab8f 100644
--- a/app/controllers/activitypub/base_controller.rb
+++ b/app/controllers/activitypub/base_controller.rb
@@ -8,4 +8,8 @@ class ActivityPub::BaseController < Api::BaseController
   def set_cache_headers
     response.headers['Vary'] = 'Signature' if authorized_fetch_mode?
   end
+
+  def skip_temporary_suspension_response?
+    false
+  end
 end
diff --git a/app/controllers/activitypub/inboxes_controller.rb b/app/controllers/activitypub/inboxes_controller.rb
index fdb60d590..d3044f180 100644
--- a/app/controllers/activitypub/inboxes_controller.rb
+++ b/app/controllers/activitypub/inboxes_controller.rb
@@ -33,6 +33,10 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
     params[:account_username].present?
   end
 
+  def skip_temporary_suspension_response?
+    true
+  end
+
   def body
     return @body if defined?(@body)
 
diff --git a/app/controllers/activitypub/replies_controller.rb b/app/controllers/activitypub/replies_controller.rb
index 43bf4e657..fde6c861f 100644
--- a/app/controllers/activitypub/replies_controller.rb
+++ b/app/controllers/activitypub/replies_controller.rb
@@ -31,7 +31,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
   end
 
   def set_replies
-    @replies = only_other_accounts? ? Status.where.not(account_id: @account.id) : @account.statuses
+    @replies = only_other_accounts? ? Status.where.not(account_id: @account.id).joins(:account).merge(Account.without_suspended) : @account.statuses
     @replies = @replies.where(in_reply_to_id: @status.id, visibility: [:public, :unlisted])
     @replies = @replies.paginate_by_min_id(DESCENDANTS_LIMIT, params[:min_id])
   end
diff --git a/app/controllers/concerns/account_owned_concern.rb b/app/controllers/concerns/account_owned_concern.rb
index 460f71f65..62e379846 100644
--- a/app/controllers/concerns/account_owned_concern.rb
+++ b/app/controllers/concerns/account_owned_concern.rb
@@ -29,6 +29,24 @@ module AccountOwnedConcern
   end
 
   def check_account_suspension
-    expires_in(3.minutes, public: true) && gone if @account.suspended?
+    if @account.suspended_permanently?
+      permanent_suspension_response
+    elsif @account.suspended? && !skip_temporary_suspension_response?
+      temporary_suspension_response
+    end
+  end
+
+  def skip_temporary_suspension_response?
+    false
+  end
+
+  def permanent_suspension_response
+    expires_in(3.minutes, public: true)
+    gone
+  end
+
+  def temporary_suspension_response
+    expires_in(3.minutes, public: true)
+    forbidden
   end
 end
diff --git a/app/controllers/follower_accounts_controller.rb b/app/controllers/follower_accounts_controller.rb
index ab0749963..ff4df2adf 100644
--- a/app/controllers/follower_accounts_controller.rb
+++ b/app/controllers/follower_accounts_controller.rb
@@ -52,6 +52,14 @@ class FollowerAccountsController < ApplicationController
     account_followers_url(@account, page: page) unless page.nil?
   end
 
+  def next_page_url
+    page_url(follows.next_page) if follows.respond_to?(:next_page)
+  end
+
+  def prev_page_url
+    page_url(follows.prev_page) if follows.respond_to?(:prev_page)
+  end
+
   def collection_presenter
     if page_requested?
       ActivityPub::CollectionPresenter.new(
@@ -60,8 +68,8 @@ class FollowerAccountsController < ApplicationController
         size: @account.followers_count,
         items: follows.map { |f| ActivityPub::TagManager.instance.uri_for(f.account) },
         part_of: account_followers_url(@account),
-        next: page_url(follows.next_page),
-        prev: page_url(follows.prev_page)
+        next: next_page_url,
+        prev: prev_page_url
       )
     else
       ActivityPub::CollectionPresenter.new(
diff --git a/app/controllers/following_accounts_controller.rb b/app/controllers/following_accounts_controller.rb
index 918bdac0a..6bb95c454 100644
--- a/app/controllers/following_accounts_controller.rb
+++ b/app/controllers/following_accounts_controller.rb
@@ -52,6 +52,14 @@ class FollowingAccountsController < ApplicationController
     account_following_index_url(@account, page: page) unless page.nil?
   end
 
+  def next_page_url
+    page_url(follows.next_page) if follows.respond_to?(:next_page)
+  end
+
+  def prev_page_url
+    page_url(follows.prev_page) if follows.respond_to?(:prev_page)
+  end
+
   def collection_presenter
     if page_requested?
       ActivityPub::CollectionPresenter.new(
@@ -60,8 +68,8 @@ class FollowingAccountsController < ApplicationController
         size: @account.following_count,
         items: follows.map { |f| ActivityPub::TagManager.instance.uri_for(f.target_account) },
         part_of: account_following_index_url(@account),
-        next: page_url(follows.next_page),
-        prev: page_url(follows.prev_page)
+        next: next_page_url,
+        prev: prev_page_url
       )
     else
       ActivityPub::CollectionPresenter.new(
diff --git a/app/controllers/settings/deletes_controller.rb b/app/controllers/settings/deletes_controller.rb
index f96c83b80..7b8f8d207 100644
--- a/app/controllers/settings/deletes_controller.rb
+++ b/app/controllers/settings/deletes_controller.rb
@@ -42,7 +42,7 @@ class Settings::DeletesController < Settings::BaseController
   end
 
   def destroy_account!
-    current_account.suspend!
+    current_account.suspend!(origin: :local)
     AccountDeletionWorker.perform_async(current_user.account_id)
     sign_out
   end
diff --git a/app/controllers/well_known/webfinger_controller.rb b/app/controllers/well_known/webfinger_controller.rb
index 9de9db6ba..0227f722a 100644
--- a/app/controllers/well_known/webfinger_controller.rb
+++ b/app/controllers/well_known/webfinger_controller.rb
@@ -35,7 +35,7 @@ module WellKnown
     end
 
     def check_account_suspension
-      expires_in(3.minutes, public: true) && gone if @account.suspended?
+      expires_in(3.minutes, public: true) && gone if @account.suspended_permanently?
     end
 
     def bad_request
diff --git a/app/javascript/styles/mastodon/widgets.scss b/app/javascript/styles/mastodon/widgets.scss
index 5b97d1ec4..47e02d41d 100644
--- a/app/javascript/styles/mastodon/widgets.scss
+++ b/app/javascript/styles/mastodon/widgets.scss
@@ -2,6 +2,10 @@
   margin-bottom: 10px;
   box-shadow: 0 0 15px rgba($base-shadow-color, 0.2);
 
+  &:last-child {
+    margin-bottom: 0;
+  }
+
   &__img {
     width: 100%;
     position: relative;
diff --git a/app/lib/activitypub/adapter.rb b/app/lib/activitypub/adapter.rb
index 9a786c9a4..2d6b87659 100644
--- a/app/lib/activitypub/adapter.rb
+++ b/app/lib/activitypub/adapter.rb
@@ -23,6 +23,7 @@ class ActivityPub::Adapter < ActiveModelSerializers::Adapter::Base
     discoverable: { 'toot' => 'http://joinmastodon.org/ns#', 'discoverable' => 'toot:discoverable' },
     voters_count: { 'toot' => 'http://joinmastodon.org/ns#', 'votersCount' => 'toot:votersCount' },
     olm: { 'toot' => 'http://joinmastodon.org/ns#', 'Device' => 'toot:Device', 'Ed25519Signature' => 'toot:Ed25519Signature', 'Ed25519Key' => 'toot:Ed25519Key', 'Curve25519Key' => 'toot:Curve25519Key', 'EncryptedMessage' => 'toot:EncryptedMessage', 'publicKeyBase64' => 'toot:publicKeyBase64', 'deviceId' => 'toot:deviceId', 'claim' => { '@type' => '@id', '@id' => 'toot:claim' }, 'fingerprintKey' => { '@type' => '@id', '@id' => 'toot:fingerprintKey' }, 'identityKey' => { '@type' => '@id', '@id' => 'toot:identityKey' }, 'devices' => { '@type' => '@id', '@id' => 'toot:devices' }, 'messageFranking' => 'toot:messageFranking', 'messageType' => 'toot:messageType', 'cipherText' => 'toot:cipherText' },
+    suspended: { 'toot' => 'http://joinmastodon.org/ns#', 'suspended' => 'toot:suspended' },
   }.freeze
 
   def self.default_key_transform
diff --git a/app/lib/webfinger.rb b/app/lib/webfinger.rb
index b2374c494..c7aa43bb3 100644
--- a/app/lib/webfinger.rb
+++ b/app/lib/webfinger.rb
@@ -2,6 +2,8 @@
 
 class Webfinger
   class Error < StandardError; end
+  class GoneError < Error; end
+  class RedirectError < StandardError; end
 
   class Response
     def initialize(body)
@@ -47,6 +49,8 @@ class Webfinger
         res.body_with_limit
       elsif res.code == 404 && use_fallback
         body_from_host_meta
+      elsif res.code == 410
+        raise Webfinger::GoneError, "#{@uri} is gone from the server"
       else
         raise Webfinger::Error, "Request for #{@uri} returned HTTP #{res.code}"
       end
diff --git a/app/models/account.rb b/app/models/account.rb
index d2112a13d..bc9bcc72d 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -51,6 +51,7 @@
 #  header_storage_schema_version :integer
 #  devices_url                   :string
 #  sensitized_at                 :datetime
+#  suspension_origin             :integer
 #
 
 class Account < ApplicationRecord
@@ -73,6 +74,7 @@ class Account < ApplicationRecord
   }.freeze
 
   enum protocol: [:ostatus, :activitypub]
+  enum suspension_origin: [:local, :remote], _prefix: true
 
   validates :username, presence: true
   validates_with UniqueUsernameValidator, if: -> { will_save_change_to_username? }
@@ -222,17 +224,25 @@ class Account < ApplicationRecord
     suspended_at.present?
   end
 
-  def suspend!(date = Time.now.utc)
+  def suspended_permanently?
+    suspended? && deletion_request.nil?
+  end
+
+  def suspended_temporarily?
+    suspended? && deletion_request.present?
+  end
+
+  def suspend!(date: Time.now.utc, origin: :local)
     transaction do
       create_deletion_request!
-      update!(suspended_at: date)
+      update!(suspended_at: date, suspension_origin: origin)
     end
   end
 
   def unsuspend!
     transaction do
       deletion_request&.destroy!
-      update!(suspended_at: nil)
+      update!(suspended_at: nil, suspension_origin: nil)
     end
   end
 
diff --git a/app/models/admin/account_action.rb b/app/models/admin/account_action.rb
index 11ce737f3..bf222391f 100644
--- a/app/models/admin/account_action.rb
+++ b/app/models/admin/account_action.rb
@@ -127,7 +127,7 @@ class Admin::AccountAction
   def handle_suspend!
     authorize(target_account, :suspend?)
     log_action(:suspend, target_account)
-    target_account.suspend!
+    target_account.suspend!(origin: :local)
   end
 
   def text_for_warning
diff --git a/app/policies/account_policy.rb b/app/policies/account_policy.rb
index 679119075..262ada42e 100644
--- a/app/policies/account_policy.rb
+++ b/app/policies/account_policy.rb
@@ -18,11 +18,11 @@ class AccountPolicy < ApplicationPolicy
   end
 
   def destroy?
-    record.suspended? && record.deletion_request.present? && admin?
+    record.suspended_temporarily? && admin?
   end
 
   def unsuspend?
-    staff?
+    staff? && record.suspension_origin_local?
   end
 
   def sensitive?
diff --git a/app/serializers/activitypub/actor_serializer.rb b/app/serializers/activitypub/actor_serializer.rb
index 5d2741b17..759ef30f9 100644
--- a/app/serializers/activitypub/actor_serializer.rb
+++ b/app/serializers/activitypub/actor_serializer.rb
@@ -7,7 +7,7 @@ class ActivityPub::ActorSerializer < ActivityPub::Serializer
 
   context_extensions :manually_approves_followers, :featured, :also_known_as,
                      :moved_to, :property_value, :identity_proof,
-                     :discoverable, :olm
+                     :discoverable, :olm, :suspended
 
   attributes :id, :type, :following, :followers,
              :inbox, :outbox, :featured, :featured_tags,
@@ -23,6 +23,7 @@ class ActivityPub::ActorSerializer < ActivityPub::Serializer
   attribute :devices, unless: :instance_actor?
   attribute :moved_to, if: :moved?
   attribute :also_known_as, if: :also_known_as?
+  attribute :suspended, if: :suspended?
 
   class EndpointsSerializer < ActivityPub::Serializer
     include RoutingHelper
@@ -39,7 +40,7 @@ class ActivityPub::ActorSerializer < ActivityPub::Serializer
   has_one :icon,  serializer: ActivityPub::ImageSerializer, if: :avatar_exists?
   has_one :image, serializer: ActivityPub::ImageSerializer, if: :header_exists?
 
-  delegate :moved?, :instance_actor?, to: :object
+  delegate :suspended?, :instance_actor?, to: :object
 
   def id
     object.instance_actor? ? instance_actor_url : account_url(object)
@@ -93,12 +94,16 @@ class ActivityPub::ActorSerializer < ActivityPub::Serializer
     object.username
   end
 
+  def discoverable
+    object.suspended? ? false : (object.discoverable || false)
+  end
+
   def name
-    object.display_name
+    object.suspended? ? '' : object.display_name
   end
 
   def summary
-    Formatter.instance.simplified_format(object)
+    object.suspended? ? '' : Formatter.instance.simplified_format(object)
   end
 
   def icon
@@ -113,36 +118,44 @@ class ActivityPub::ActorSerializer < ActivityPub::Serializer
     object
   end
 
+  def suspended
+    object.suspended?
+  end
+
   def url
     object.instance_actor? ? about_more_url(instance_actor: true) : short_account_url(object)
   end
 
   def avatar_exists?
-    object.avatar?
+    !object.suspended? && object.avatar?
   end
 
   def header_exists?
-    object.header?
+    !object.suspended? && object.header?
   end
 
   def manually_approves_followers
-    object.locked
+    object.suspended? ? false : object.locked
   end
 
   def virtual_tags
-    object.emojis + object.tags
+    object.suspended? ? [] : (object.emojis + object.tags)
   end
 
   def virtual_attachments
-    object.fields + object.identity_proofs.active
+    object.suspended? ? [] : (object.fields + object.identity_proofs.active)
   end
 
   def moved_to
     ActivityPub::TagManager.instance.uri_for(object.moved_to_account)
   end
 
+  def moved?
+    !object.suspended? && object.moved?
+  end
+
   def also_known_as?
-    !object.also_known_as.empty?
+    !object.suspended? && !object.also_known_as.empty?
   end
 
   class CustomEmojiSerializer < ActivityPub::EmojiSerializer
diff --git a/app/services/activitypub/process_account_service.rb b/app/services/activitypub/process_account_service.rb
index 9f95f1950..4cb8e09db 100644
--- a/app/services/activitypub/process_account_service.rb
+++ b/app/services/activitypub/process_account_service.rb
@@ -18,10 +18,11 @@ class ActivityPub::ProcessAccountService < BaseService
 
     RedisLock.acquire(lock_options) do |lock|
       if lock.acquired?
-        @account          = Account.remote.find_by(uri: @uri) if @options[:only_key]
-        @account        ||= Account.find_remote(@username, @domain)
-        @old_public_key   = @account&.public_key
-        @old_protocol     = @account&.protocol
+        @account            = Account.remote.find_by(uri: @uri) if @options[:only_key]
+        @account          ||= Account.find_remote(@username, @domain)
+        @old_public_key     = @account&.public_key
+        @old_protocol       = @account&.protocol
+        @suspension_changed = false
 
         create_account if @account.nil?
         update_account
@@ -37,8 +38,9 @@ class ActivityPub::ProcessAccountService < BaseService
     after_protocol_change! if protocol_changed?
     after_key_change! if key_changed? && !@options[:signed_with_known_key]
     clear_tombstones! if key_changed?
+    after_suspension_change! if suspension_changed?
 
-    unless @options[:only_key]
+    unless @options[:only_key] || @account.suspended?
       check_featured_collection! if @account.featured_collection_url.present?
       check_links! unless @account.fields.empty?
     end
@@ -52,20 +54,23 @@ class ActivityPub::ProcessAccountService < BaseService
 
   def create_account
     @account = Account.new
-    @account.protocol     = :activitypub
-    @account.username     = @username
-    @account.domain       = @domain
-    @account.private_key  = nil
-    @account.suspended_at = domain_block.created_at if auto_suspend?
-    @account.silenced_at  = domain_block.created_at if auto_silence?
+    @account.protocol          = :activitypub
+    @account.username          = @username
+    @account.domain            = @domain
+    @account.private_key       = nil
+    @account.suspended_at      = domain_block.created_at if auto_suspend?
+    @account.suspension_origin = :local if auto_suspend?
+    @account.silenced_at       = domain_block.created_at if auto_silence?
+    @account.save
   end
 
   def update_account
     @account.last_webfingered_at = Time.now.utc unless @options[:only_key]
     @account.protocol            = :activitypub
 
-    set_immediate_attributes!
-    set_fetchable_attributes! unless @options[:only_keys]
+    set_suspension!
+    set_immediate_attributes! unless @account.suspended?
+    set_fetchable_attributes! unless @options[:only_keys] || @account.suspended?
 
     @account.save_with_optional_media!
   end
@@ -99,6 +104,18 @@ class ActivityPub::ProcessAccountService < BaseService
     @account.moved_to_account  = @json['movedTo'].present? ? moved_account : nil
   end
 
+  def set_suspension!
+    return if @account.suspended? && @account.suspension_origin_local?
+
+    if @account.suspended? && !@json['suspended']
+      @account.unsuspend!
+      @suspension_changed = true
+    elsif !@account.suspended? && @json['suspended']
+      @account.suspend!(origin: :remote)
+      @suspension_changed = true
+    end
+  end
+
   def after_protocol_change!
     ActivityPub::PostUpgradeWorker.perform_async(@account.domain)
   end
@@ -107,6 +124,14 @@ class ActivityPub::ProcessAccountService < BaseService
     RefollowWorker.perform_async(@account.id)
   end
 
+  def after_suspension_change!
+    if @account.suspended?
+      Admin::SuspensionWorker.perform_async(@account.id)
+    else
+      Admin::UnsuspensionWorker.perform_async(@account.id)
+    end
+  end
+
   def check_featured_collection!
     ActivityPub::SynchronizeFeaturedCollectionWorker.perform_async(@account.id)
   end
@@ -227,6 +252,10 @@ class ActivityPub::ProcessAccountService < BaseService
     !@old_public_key.nil? && @old_public_key != @account.public_key
   end
 
+  def suspension_changed?
+    @suspension_changed
+  end
+
   def clear_tombstones!
     Tombstone.where(account_id: @account.id).delete_all
   end
diff --git a/app/services/activitypub/process_collection_service.rb b/app/services/activitypub/process_collection_service.rb
index e6ccaccc9..f1d175dac 100644
--- a/app/services/activitypub/process_collection_service.rb
+++ b/app/services/activitypub/process_collection_service.rb
@@ -8,7 +8,7 @@ class ActivityPub::ProcessCollectionService < BaseService
     @json    = Oj.load(body, mode: :strict)
     @options = options
 
-    return if !supported_context? || (different_actor? && verify_account!.nil?) || @account.suspended? || @account.local?
+    return if !supported_context? || (different_actor? && verify_account!.nil?) || suspended_actor? || @account.local?
 
     case @json['type']
     when 'Collection', 'CollectionPage'
@@ -28,6 +28,14 @@ class ActivityPub::ProcessCollectionService < BaseService
     @json['actor'].present? && value_or_id(@json['actor']) != @account.uri
   end
 
+  def suspended_actor?
+    @account.suspended? && !activity_allowed_while_suspended?
+  end
+
+  def activity_allowed_while_suspended?
+    %w(Delete Reject Undo Update).include?(@json['type'])
+  end
+
   def process_items(items)
     items.reverse_each.map { |item| process_item(item) }.compact
   end
diff --git a/app/services/block_domain_service.rb b/app/services/block_domain_service.rb
index 1cf3382b3..76cc36ff6 100644
--- a/app/services/block_domain_service.rb
+++ b/app/services/block_domain_service.rb
@@ -16,7 +16,7 @@ class BlockDomainService < BaseService
     scope = Account.by_domain_and_subdomains(domain_block.domain)
 
     scope.where(silenced_at: domain_block.created_at).in_batches.update_all(silenced_at: nil) unless domain_block.silence?
-    scope.where(suspended_at: domain_block.created_at).in_batches.update_all(suspended_at: nil) unless domain_block.suspend?
+    scope.where(suspended_at: domain_block.created_at).in_batches.update_all(suspended_at: nil, suspension_origin: nil) unless domain_block.suspend?
   end
 
   def process_domain_block!
@@ -34,7 +34,8 @@ class BlockDomainService < BaseService
   end
 
   def suspend_accounts!
-    blocked_domain_accounts.without_suspended.in_batches.update_all(suspended_at: @domain_block.created_at)
+    blocked_domain_accounts.without_suspended.in_batches.update_all(suspended_at: @domain_block.created_at, suspension_origin: :local)
+
     blocked_domain_accounts.where(suspended_at: @domain_block.created_at).reorder(nil).find_each do |account|
       DeleteAccountService.new.call(account, reserve_username: true, suspended_at: @domain_block.created_at)
     end
diff --git a/app/services/delete_account_service.rb b/app/services/delete_account_service.rb
index 15bdd13e3..de6488c78 100644
--- a/app/services/delete_account_service.rb
+++ b/app/services/delete_account_service.rb
@@ -64,8 +64,15 @@ class DeleteAccountService < BaseService
   def reject_follows!
     return if @account.local? || !@account.activitypub?
 
+    # When deleting a remote account, the account obviously doesn't
+    # actually become deleted on its origin server, i.e. unlike a
+    # locally deleted account it continues to have access to its home
+    # feed and other content. To prevent it from being able to continue
+    # to access toots it would receive because it follows local accounts,
+    # we have to force it to unfollow them.
+
     ActivityPub::DeliveryWorker.push_bulk(Follow.where(account: @account)) do |follow|
-      [build_reject_json(follow), follow.target_account_id, follow.account.inbox_url]
+      [Oj.dump(serialize_payload(follow, ActivityPub::RejectFollowSerializer)), follow.target_account_id, @account.inbox_url]
     end
   end
 
@@ -114,19 +121,20 @@ class DeleteAccountService < BaseService
 
     return unless @options[:reserve_username]
 
-    @account.silenced_at      = nil
-    @account.suspended_at     = @options[:suspended_at] || Time.now.utc
-    @account.locked           = false
-    @account.memorial         = false
-    @account.discoverable     = false
-    @account.display_name     = ''
-    @account.note             = ''
-    @account.fields           = []
-    @account.statuses_count   = 0
-    @account.followers_count  = 0
-    @account.following_count  = 0
-    @account.moved_to_account = nil
-    @account.trust_level      = :untrusted
+    @account.silenced_at       = nil
+    @account.suspended_at      = @options[:suspended_at] || Time.now.utc
+    @account.suspension_origin = :local
+    @account.locked            = false
+    @account.memorial          = false
+    @account.discoverable      = false
+    @account.display_name      = ''
+    @account.note              = ''
+    @account.fields            = []
+    @account.statuses_count    = 0
+    @account.followers_count   = 0
+    @account.following_count   = 0
+    @account.moved_to_account  = nil
+    @account.trust_level       = :untrusted
     @account.avatar.destroy
     @account.header.destroy
     @account.save!
@@ -154,10 +162,6 @@ class DeleteAccountService < BaseService
     @delete_actor_json ||= Oj.dump(serialize_payload(@account, ActivityPub::DeleteActorSerializer, signer: @account))
   end
 
-  def build_reject_json(follow)
-    Oj.dump(serialize_payload(follow, ActivityPub::RejectFollowSerializer))
-  end
-
   def delivery_inboxes
     @delivery_inboxes ||= @account.followers.inboxes + Relay.enabled.pluck(:inbox_url)
   end
diff --git a/app/services/resolve_account_service.rb b/app/services/resolve_account_service.rb
index 3f7bb7cc5..4783e6d33 100644
--- a/app/services/resolve_account_service.rb
+++ b/app/services/resolve_account_service.rb
@@ -5,8 +5,6 @@ class ResolveAccountService < BaseService
   include DomainControlHelper
   include WebfingerHelper
 
-  class WebfingerRedirectError < StandardError; end
-
   # Find or create an account record for a remote user. When creating,
   # look up the user's webfinger and fetch ActivityPub data
   # @param [String, Account] uri URI in the username@domain format or account record
@@ -40,13 +38,18 @@ class ResolveAccountService < BaseService
 
     @account ||= Account.find_remote(@username, @domain)
 
-    return @account if @account&.local? || !webfinger_update_due?
+    if gone_from_origin? && not_yet_deleted?
+      queue_deletion!
+      return
+    end
+
+    return @account if @account&.local? || gone_from_origin? || !webfinger_update_due?
 
     # Now it is certain, it is definitely a remote account, and it
     # either needs to be created, or updated from fresh data
 
     process_account!
-  rescue Webfinger::Error, WebfingerRedirectError, Oj::ParseError => e
+  rescue Webfinger::Error, Oj::ParseError => e
     Rails.logger.debug "Webfinger query for #{@uri} failed: #{e}"
     nil
   end
@@ -86,10 +89,12 @@ class ResolveAccountService < BaseService
     elsif !redirected
       return process_webfinger!("#{confirmed_username}@#{confirmed_domain}", true)
     else
-      raise WebfingerRedirectError, "The URI #{uri} tries to hijack #{@username}@#{@domain}"
+      raise Webfinger::RedirectError, "The URI #{uri} tries to hijack #{@username}@#{@domain}"
     end
 
     @domain = nil if TagManager.instance.local_domain?(@domain)
+  rescue Webfinger::GoneError
+    @gone = true
   end
 
   def process_account!
@@ -131,6 +136,18 @@ class ResolveAccountService < BaseService
     @actor_json = supported_context?(json) && equals_or_includes_any?(json['type'], ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES) ? json : nil
   end
 
+  def gone_from_origin?
+    @gone
+  end
+
+  def not_yet_deleted?
+    @account.present? && !@account.local?
+  end
+
+  def queue_deletion!
+    AccountDeletionWorker.perform_async(@account.id, reserve_username: false)
+  end
+
   def lock_options
     { redis: Redis.current, key: "resolve:#{@username}@#{@domain}" }
   end
diff --git a/app/services/suspend_account_service.rb b/app/services/suspend_account_service.rb
index f08c41e17..d7f29963c 100644
--- a/app/services/suspend_account_service.rb
+++ b/app/services/suspend_account_service.rb
@@ -1,10 +1,14 @@
 # frozen_string_literal: true
 
 class SuspendAccountService < BaseService
+  include Payloadable
+
   def call(account)
     @account = account
 
     suspend!
+    reject_remote_follows!
+    distribute_update_actor!
     unmerge_from_home_timelines!
     unmerge_from_list_timelines!
     privatize_media_attachments!
@@ -16,6 +20,31 @@ class SuspendAccountService < BaseService
     @account.suspend! unless @account.suspended?
   end
 
+  def reject_remote_follows!
+    return if @account.local? || !@account.activitypub?
+
+    # When suspending a remote account, the account obviously doesn't
+    # actually become suspended on its origin server, i.e. unlike a
+    # locally suspended account it continues to have access to its home
+    # feed and other content. To prevent it from being able to continue
+    # to access toots it would receive because it follows local accounts,
+    # we have to force it to unfollow them. Unfortunately, there is no
+    # counterpart to this operation, i.e. you can't then force a remote
+    # account to re-follow you, so this part is not reversible.
+
+    follows = Follow.where(account: @account).to_a
+
+    ActivityPub::DeliveryWorker.push_bulk(follows) do |follow|
+      [Oj.dump(serialize_payload(follow, ActivityPub::RejectFollowSerializer)), follow.target_account_id, @account.inbox_url]
+    end
+
+    follows.in_batches.destroy_all
+  end
+
+  def distribute_update_actor!
+    ActivityPub::UpdateDistributionWorker.perform_async(@account.id) if @account.local?
+  end
+
   def unmerge_from_home_timelines!
     @account.followers_for_local_distribution.find_each do |follower|
       FeedManager.instance.unmerge_from_home(@account, follower)
diff --git a/app/services/unblock_domain_service.rb b/app/services/unblock_domain_service.rb
index d502d9e49..e765fb7a8 100644
--- a/app/services/unblock_domain_service.rb
+++ b/app/services/unblock_domain_service.rb
@@ -13,6 +13,6 @@ class UnblockDomainService < BaseService
     scope = Account.by_domain_and_subdomains(domain_block.domain)
 
     scope.where(silenced_at: domain_block.created_at).in_batches.update_all(silenced_at: nil) unless domain_block.noop?
-    scope.where(suspended_at: domain_block.created_at).in_batches.update_all(suspended_at: nil) if domain_block.suspend?
+    scope.where(suspended_at: domain_block.created_at).in_batches.update_all(suspended_at: nil, suspension_origin: nil) if domain_block.suspend?
   end
 end
diff --git a/app/services/unsuspend_account_service.rb b/app/services/unsuspend_account_service.rb
index 91dbc9c18..a81d1ac4f 100644
--- a/app/services/unsuspend_account_service.rb
+++ b/app/services/unsuspend_account_service.rb
@@ -5,6 +5,10 @@ class UnsuspendAccountService < BaseService
     @account = account
 
     unsuspend!
+    refresh_remote_account!
+
+    return if @account.nil?
+
     merge_into_home_timelines!
     merge_into_list_timelines!
     publish_media_attachments!
@@ -16,6 +20,22 @@ class UnsuspendAccountService < BaseService
     @account.unsuspend! if @account.suspended?
   end
 
+  def refresh_remote_account!
+    return if @account.local?
+
+    # While we had the remote account suspended, it could be that
+    # it got suspended on its origin, too. So, we need to refresh
+    # it straight away so it gets marked as remotely suspended in
+    # that case.
+
+    @account.update!(last_webfingered_at: nil)
+    @account = ResolveAccountService.new.call(@account)
+
+    # Worth noting that it is possible that the remote has not only
+    # been suspended, but deleted permanently, in which case
+    # @account would now be nil.
+  end
+
   def merge_into_home_timelines!
     @account.followers_for_local_distribution.find_each do |follower|
       FeedManager.instance.merge_into_home(@account, follower)
diff --git a/app/workers/account_deletion_worker.rb b/app/workers/account_deletion_worker.rb
index 0f6be71e1..b6016bf8c 100644
--- a/app/workers/account_deletion_worker.rb
+++ b/app/workers/account_deletion_worker.rb
@@ -5,8 +5,8 @@ class AccountDeletionWorker
 
   sidekiq_options queue: 'pull'
 
-  def perform(account_id)
-    DeleteAccountService.new.call(Account.find(account_id), reserve_username: true, reserve_email: false)
+  def perform(account_id, reserve_username: true)
+    DeleteAccountService.new.call(Account.find(account_id), reserve_username: reserve_username, reserve_email: false)
   rescue ActiveRecord::RecordNotFound
     true
   end
author	Eugen Rochko <eugen@zeonfederated.com>	2020-11-08 00:28:39 +0100
committer	GitHub <noreply@github.com>	2020-11-08 00:28:39 +0100
commit	3134691948aeacb16b7386ed77bbea4581beec40 (patch)
tree	45ecf62f19879f08bf4c35584c58a64ea09c0c27 /app
parent	ee8cf246cfe8e05914ad7dcf81596f8535b3e161 (diff)