From cf7fbf2c569473e9a984bd3042930f9c5a060a23 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Tue, 26 Sep 2017 01:06:13 +0200 Subject: Fix #5059 - Stop processing payload if it's from local account (#5100) --- app/lib/activitypub/activity/announce.rb | 2 ++ app/services/activitypub/process_collection_service.rb | 2 +- spec/services/activitypub/process_collection_service_spec.rb | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/app/lib/activitypub/activity/announce.rb b/app/lib/activitypub/activity/announce.rb index 556f91235..4516454e1 100644 --- a/app/lib/activitypub/activity/announce.rb +++ b/app/lib/activitypub/activity/announce.rb @@ -25,6 +25,8 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity def fetch_remote_original_status if object_uri.start_with?('http') + return if ActivityPub::TagManager.instance.local_uri?(object_uri) + ActivityPub::FetchRemoteStatusService.new.call(object_uri) elsif @object['url'].present? ::FetchRemoteStatusService.new.call(@object['url']) diff --git a/app/services/activitypub/process_collection_service.rb b/app/services/activitypub/process_collection_service.rb index 0c6736a3f..59cb65c65 100644 --- a/app/services/activitypub/process_collection_service.rb +++ b/app/services/activitypub/process_collection_service.rb @@ -9,7 +9,7 @@ class ActivityPub::ProcessCollectionService < BaseService return unless supported_context? return if different_actor? && verify_account!.nil? - return if @account.suspended? + return if @account.suspended? || @account.local? case @json['type'] when 'Collection', 'CollectionPage' diff --git a/spec/services/activitypub/process_collection_service_spec.rb b/spec/services/activitypub/process_collection_service_spec.rb index 249b12470..c1cc22523 100644 --- a/spec/services/activitypub/process_collection_service_spec.rb +++ b/spec/services/activitypub/process_collection_service_spec.rb @@ -1,7 +1,7 @@ require 'rails_helper' RSpec.describe ActivityPub::ProcessCollectionService do - let(:actor) { Fabricate(:account) } + let(:actor) { Fabricate(:account, domain: 'example.com', uri: 'http://example.com/account') } let(:payload) do { @@ -24,7 +24,7 @@ RSpec.describe ActivityPub::ProcessCollectionService do describe '#call' do context 'when actor is the sender' context 'when actor differs from sender' do - let(:forwarder) { Fabricate(:account) } + let(:forwarder) { Fabricate(:account, domain: 'example.com', uri: 'http://example.com/other_account') } it 'processes payload with sender if no signature exists' do expect_any_instance_of(ActivityPub::LinkedDataSignature).not_to receive(:verify_account!) -- cgit