Skip to content

Commit

Permalink
Do not try fetching keys of unknown accounts on a Delete from them (m…
Browse files Browse the repository at this point in the history
  • Loading branch information
ClearlyClaire authored and Gargron committed Mar 20, 2019
1 parent 8db5c49 commit ccd48d5
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 5 deletions.
16 changes: 13 additions & 3 deletions app/controllers/activitypub/inboxes_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,14 @@

class ActivityPub::InboxesController < Api::BaseController
include SignatureVerification
include JsonLdHelper

before_action :set_account

def create
if signed_request_account
if unknown_deleted_account?
head 202
elsif signed_request_account
upgrade_account
process_payload
head 202
Expand All @@ -17,12 +20,19 @@ def create

private

def unknown_deleted_account?
json = Oj.load(body, mode: :strict)
json['type'] == 'Delete' && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists?
rescue Oj::ParseError
false
end

def set_account
@account = Account.find_local!(params[:account_username]) if params[:account_username]
end

def body
@body ||= request.body.read
@body ||= request.body.read.force_encoding('UTF-8')
end

def upgrade_account
Expand All @@ -36,6 +46,6 @@ def upgrade_account
end

def process_payload
ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body.force_encoding('UTF-8'), @account&.id)
ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body, @account&.id)
end
end
4 changes: 2 additions & 2 deletions spec/controllers/activitypub/inboxes_controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
Fabricate(:account)
end

post :create
post :create, body: '{}'
expect(response).to have_http_status(202)
end
end
Expand All @@ -21,7 +21,7 @@
false
end

post :create
post :create, body: '{}'
expect(response).to have_http_status(401)
end
end
Expand Down

0 comments on commit ccd48d5

Please sign in to comment.