Ignore actor delete messages for unknown actors (#124)
This commit is contained in:
parent
b8460b0acd
commit
42c7b629cf
@ -92,6 +92,7 @@ def identity(user, domain) -> Identity:
|
|||||||
"""
|
"""
|
||||||
identity = Identity.objects.create(
|
identity = Identity.objects.create(
|
||||||
actor_uri="https://example.com/@test@example.com/",
|
actor_uri="https://example.com/@test@example.com/",
|
||||||
|
inbox_uri="https://example.com/@test@example.com/inbox/",
|
||||||
username="test",
|
username="test",
|
||||||
domain=domain,
|
domain=domain,
|
||||||
name="Test User",
|
name="Test User",
|
||||||
@ -125,6 +126,7 @@ def other_identity(user, domain) -> Identity:
|
|||||||
"""
|
"""
|
||||||
identity = Identity.objects.create(
|
identity = Identity.objects.create(
|
||||||
actor_uri="https://example.com/@other@example.com/",
|
actor_uri="https://example.com/@other@example.com/",
|
||||||
|
inbox_uri="https://example.com/@other@example.com/inbox/",
|
||||||
username="other",
|
username="other",
|
||||||
domain=domain,
|
domain=domain,
|
||||||
name="Other User",
|
name="Other User",
|
||||||
@ -143,6 +145,7 @@ def remote_identity() -> Identity:
|
|||||||
domain = Domain.objects.create(domain="remote.test", local=False)
|
domain = Domain.objects.create(domain="remote.test", local=False)
|
||||||
return Identity.objects.create(
|
return Identity.objects.create(
|
||||||
actor_uri="https://remote.test/test-actor/",
|
actor_uri="https://remote.test/test-actor/",
|
||||||
|
inbox_uri="https://remote.test/@test/inbox/",
|
||||||
profile_uri="https://remote.test/@test/",
|
profile_uri="https://remote.test/@test/",
|
||||||
username="test",
|
username="test",
|
||||||
domain=domain,
|
domain=domain,
|
||||||
|
@ -31,3 +31,25 @@ def test_webfinger_system_actor(client):
|
|||||||
data = client.get("/actor/", HTTP_ACCEPT="application/ld+json").json()
|
data = client.get("/actor/", HTTP_ACCEPT="application/ld+json").json()
|
||||||
assert data["id"] == "https://example.com/actor/"
|
assert data["id"] == "https://example.com/actor/"
|
||||||
assert data["inbox"] == "https://example.com/actor/inbox/"
|
assert data["inbox"] == "https://example.com/actor/inbox/"
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.django_db
|
||||||
|
def test_delete_actor(client, identity):
|
||||||
|
data = {
|
||||||
|
"@context": "https://www.w3.org/ns/activitystreams",
|
||||||
|
"actor": "https://mastodon.social/users/fakec8b6984105c8f15070a2",
|
||||||
|
"id": "https://mastodon.social/users/fakec8b6984105c8f15070a2#delete",
|
||||||
|
"object": "https://mastodon.social/users/fakec8b6984105c8f15070a2",
|
||||||
|
"signature": {
|
||||||
|
"created": "2022-12-06T03:54:28Z",
|
||||||
|
"creator": "https://mastodon.social/users/fakec8b6984105c8f15070a2#main-key",
|
||||||
|
"signatureValue": "This value doesn't matter",
|
||||||
|
"type": "RsaSignature2017",
|
||||||
|
},
|
||||||
|
"to": ["https://www.w3.org/ns/activitystreams#Public"],
|
||||||
|
"type": "Delete",
|
||||||
|
}
|
||||||
|
resp = client.post(
|
||||||
|
identity.inbox_uri, data=data, content_type="application/activity+json"
|
||||||
|
)
|
||||||
|
assert resp.status_code == 202
|
||||||
|
@ -145,9 +145,21 @@ class Inbox(View):
|
|||||||
# This ensures that the signature used for the headers matches the actor
|
# This ensures that the signature used for the headers matches the actor
|
||||||
# described in the payload.
|
# described in the payload.
|
||||||
identity = Identity.by_actor_uri(document["actor"], create=True, transient=True)
|
identity = Identity.by_actor_uri(document["actor"], create=True, transient=True)
|
||||||
|
if (
|
||||||
|
document["type"] == "Delete"
|
||||||
|
and document["actor"] == document["object"]
|
||||||
|
and not identity.pk
|
||||||
|
):
|
||||||
|
# We don't have an Identity record for the user. No-op
|
||||||
|
exceptions.capture_message(
|
||||||
|
f"Inbox: Discarded delete message for unknown actor {document['actor']}"
|
||||||
|
)
|
||||||
|
return HttpResponse(status=202)
|
||||||
|
|
||||||
if not identity.public_key:
|
if not identity.public_key:
|
||||||
# See if we can fetch it right now
|
# See if we can fetch it right now
|
||||||
async_to_sync(identity.fetch_actor)()
|
async_to_sync(identity.fetch_actor)()
|
||||||
|
|
||||||
if not identity.public_key:
|
if not identity.public_key:
|
||||||
exceptions.capture_message(
|
exceptions.capture_message(
|
||||||
f"Inbox error: cannot fetch actor {document['actor']}"
|
f"Inbox error: cannot fetch actor {document['actor']}"
|
||||||
@ -160,6 +172,7 @@ class Inbox(View):
|
|||||||
f"Inbox: Discarded message from {identity.domain}"
|
f"Inbox: Discarded message from {identity.domain}"
|
||||||
)
|
)
|
||||||
return HttpResponse(status=202)
|
return HttpResponse(status=202)
|
||||||
|
|
||||||
# If there's a "signature" payload, verify against that
|
# If there's a "signature" payload, verify against that
|
||||||
if "signature" in document:
|
if "signature" in document:
|
||||||
try:
|
try:
|
||||||
|
Reference in New Issue
Block a user