kopia lustrzana https://github.com/snarfed/bridgy-fed
receive: drop activity if protocol doesn't own actor
it's probably from a bridged user, and we only want to handle original activities, not bridged ones. fixes https://console.cloud.google.com/errors/detail/CM6i4sH4176iaQ;time=P30D?project=bridgy-federatedpull/977/head
rodzic
3c62f7cfcc
commit
06bf3bf534
|
@ -707,6 +707,8 @@ class Protocol:
|
||||||
actor = as1.get_owner(obj.as1)
|
actor = as1.get_owner(obj.as1)
|
||||||
if not actor:
|
if not actor:
|
||||||
error('Activity missing actor or author', status=400)
|
error('Activity missing actor or author', status=400)
|
||||||
|
elif from_cls.owns_id(actor) is False:
|
||||||
|
error(f"{from_cls.LABEL} doesn't own actor {actor}, this is probably a bridged activity. Skipping.", status=204)
|
||||||
|
|
||||||
if authed_as:
|
if authed_as:
|
||||||
assert isinstance(authed_as, str)
|
assert isinstance(authed_as, str)
|
||||||
|
|
|
@ -962,11 +962,12 @@ class ActivityPubTest(TestCase):
|
||||||
self.assert_user(ActivityPub, 'https://mas.to/actor', obj_as2=LIKE_ACTOR)
|
self.assert_user(ActivityPub, 'https://mas.to/actor', obj_as2=LIKE_ACTOR)
|
||||||
|
|
||||||
def test_inbox_like_no_object_error(self, *_):
|
def test_inbox_like_no_object_error(self, *_):
|
||||||
Fake.fetchable = {'fake:user': {'id': 'fake:user'}}
|
swentel = self.make_user('https://inst/user', cls=ActivityPub)
|
||||||
|
|
||||||
got = self.post('/inbox', json={
|
got = self.post('/inbox', json={
|
||||||
'id': 'fake:like',
|
'id': 'https://inst/like',
|
||||||
'type': 'Like',
|
'type': 'Like',
|
||||||
'actor': 'fake:user',
|
'actor': 'https://inst/user',
|
||||||
'object': None,
|
'object': None,
|
||||||
})
|
})
|
||||||
self.assertEqual(400, got.status_code)
|
self.assertEqual(400, got.status_code)
|
||||||
|
|
|
@ -1649,6 +1649,27 @@ class ProtocolReceiveTest(TestCase):
|
||||||
self.assertEqual(1, len(followers))
|
self.assertEqual(1, len(followers))
|
||||||
self.assertEqual(self.alice.key, followers[0].to)
|
self.assertEqual(self.alice.key, followers[0].to)
|
||||||
|
|
||||||
|
def test_skip_bridged_user(self):
|
||||||
|
"""If the actor isn't from the source protocol, skip the activity.
|
||||||
|
|
||||||
|
(It's probably from a bridged user, and we only want to handle source
|
||||||
|
activities, not bridged activities.)
|
||||||
|
"""
|
||||||
|
self.user.copies = [Target(uri='other:user', protocol='other')]
|
||||||
|
self.user.put()
|
||||||
|
|
||||||
|
with self.assertRaises(NoContent):
|
||||||
|
OtherFake.receive_as1({
|
||||||
|
'id': 'other:follow',
|
||||||
|
'objectType': 'activity',
|
||||||
|
'verb': 'follow',
|
||||||
|
'actor': 'fake:user',
|
||||||
|
'object': 'fake:alice',
|
||||||
|
})
|
||||||
|
self.assertEqual(0, len(OtherFake.sent))
|
||||||
|
self.assertEqual(0, len(Fake.sent))
|
||||||
|
self.assertIsNone(Object.get_by_id('other:follow'))
|
||||||
|
|
||||||
@patch('requests.post')
|
@patch('requests.post')
|
||||||
@patch('requests.get')
|
@patch('requests.get')
|
||||||
def test_skip_web_same_domain(self, mock_get, mock_post):
|
def test_skip_web_same_domain(self, mock_get, mock_post):
|
||||||
|
|
Ładowanie…
Reference in New Issue