Browse Source

Fix #5059 - Stop processing payload if it's from local account (#5100)

Eugen Rochko 6 years ago
parent
commit
cf7fbf2c56

+ 2 - 0
app/lib/activitypub/activity/announce.rb

@@ -25,6 +25,8 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity
 
   def fetch_remote_original_status
     if object_uri.start_with?('http')
+      return if ActivityPub::TagManager.instance.local_uri?(object_uri)
+
       ActivityPub::FetchRemoteStatusService.new.call(object_uri)
     elsif @object['url'].present?
       ::FetchRemoteStatusService.new.call(@object['url'])

+ 1 - 1
app/services/activitypub/process_collection_service.rb

@@ -9,7 +9,7 @@ class ActivityPub::ProcessCollectionService < BaseService
 
     return unless supported_context?
     return if different_actor? && verify_account!.nil?
-    return if @account.suspended?
+    return if @account.suspended? || @account.local?
 
     case @json['type']
     when 'Collection', 'CollectionPage'

+ 2 - 2
spec/services/activitypub/process_collection_service_spec.rb

@@ -1,7 +1,7 @@
 require 'rails_helper'
 
 RSpec.describe ActivityPub::ProcessCollectionService do
-  let(:actor) { Fabricate(:account) }
+  let(:actor) { Fabricate(:account, domain: 'example.com', uri: 'http://example.com/account') }
 
   let(:payload) do
     {
@@ -24,7 +24,7 @@ RSpec.describe ActivityPub::ProcessCollectionService do
   describe '#call' do
     context 'when actor is the sender'
     context 'when actor differs from sender' do
-      let(:forwarder) { Fabricate(:account) }
+      let(:forwarder) { Fabricate(:account, domain: 'example.com', uri: 'http://example.com/other_account') }
 
       it 'processes payload with sender if no signature exists' do
         expect_any_instance_of(ActivityPub::LinkedDataSignature).not_to receive(:verify_account!)