Do not try fetching keys of unknown accounts on a Delete from them (#10326)

author ThibG <thib@sitedethib.com>

Wed, 20 Mar 2019 16:20:16 +0000 (17:20 +0100)

committer Eugen Rochko <eugen@zeonfederated.com>

Wed, 20 Mar 2019 16:20:16 +0000 (17:20 +0100)
author ThibG <thib@sitedethib.com>
Wed, 20 Mar 2019 16:20:16 +0000 (17:20 +0100)
committer Eugen Rochko <eugen@zeonfederated.com>
Wed, 20 Mar 2019 16:20:16 +0000 (17:20 +0100)
diff --git a/app/controllers/activitypub/inboxes_controller.rb b/app/controllers/activitypub/inboxes_controller.rb

index 8f5e1887ea427525bb72bca04d1405d756978d57..1501b914ec30fdd814f73151a3b0ace578588af9 100644 (file)
--- a/app/controllers/activitypub/inboxes_controller.rb
+++ b/app/controllers/activitypub/inboxes_controller.rb
@@ -2,11 +2,14 @@
  
  class ActivityPub::InboxesController < Api::BaseController
    include SignatureVerification
+  include JsonLdHelper
  
    before_action :set_account
  
    def create
-    if signed_request_account
+    if unknown_deleted_account?
+      head 202
+    elsif signed_request_account
        upgrade_account
        process_payload
        head 202
@@ -17,12 +20,19 @@ class ActivityPub::InboxesController < Api::BaseController
  
    private
  
+  def unknown_deleted_account?
+    json = Oj.load(body, mode: :strict)
+    json['type'] == 'Delete' && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists?
+  rescue Oj::ParseError
+    false
+  end
+
    def set_account
      @account = Account.find_local!(params[:account_username]) if params[:account_username]
    end
  
    def body
-    @body ||= request.body.read
+    @body ||= request.body.read.force_encoding('UTF-8')
    end
  
    def upgrade_account
@@ -36,6 +46,6 @@ class ActivityPub::InboxesController < Api::BaseController
    end
  
    def process_payload
-    ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body.force_encoding('UTF-8'), @account&.id)
+    ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body, @account&.id)
    end
  end
diff --git a/spec/controllers/activitypub/inboxes_controller_spec.rb b/spec/controllers/activitypub/inboxes_controller_spec.rb

index 4055d93424c2682b983632c31e895ab99152ff8d..eab4b8c3e65c2d04ee4d1c89b8aef3e7e71410d6 100644 (file)
--- a/spec/controllers/activitypub/inboxes_controller_spec.rb
+++ b/spec/controllers/activitypub/inboxes_controller_spec.rb
@@ -10,7 +10,7 @@ RSpec.describe ActivityPub::InboxesController, type: :controller do
            Fabricate(:account)
          end
  
-        post :create
+        post :create, body: '{}'
          expect(response).to have_http_status(202)
        end
      end
@@ -21,7 +21,7 @@ RSpec.describe ActivityPub::InboxesController, type: :controller do
            false
          end
  
-        post :create
+        post :create, body: '{}'
          expect(response).to have_http_status(401)
        end
      end
author	ThibG <thib@sitedethib.com>
	Wed, 20 Mar 2019 16:20:16 +0000 (17:20 +0100)
committer	Eugen Rochko <eugen@zeonfederated.com>
	Wed, 20 Mar 2019 16:20:16 +0000 (17:20 +0100)
app/controllers/activitypub/inboxes_controller.rb		patch \| blob \| history
spec/controllers/activitypub/inboxes_controller_spec.rb		patch \| blob \| history