Fix #5059 - Stop processing payload if it's from local account (#5100)

This commit is contained in:
Eugen Rochko 2017-09-26 01:06:13 +02:00 committed by GitHub
parent 91e5b0dfdb
commit cf7fbf2c56
3 changed files with 5 additions and 3 deletions

View File

@ -25,6 +25,8 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity
def fetch_remote_original_status def fetch_remote_original_status
if object_uri.start_with?('http') if object_uri.start_with?('http')
return if ActivityPub::TagManager.instance.local_uri?(object_uri)
ActivityPub::FetchRemoteStatusService.new.call(object_uri) ActivityPub::FetchRemoteStatusService.new.call(object_uri)
elsif @object['url'].present? elsif @object['url'].present?
::FetchRemoteStatusService.new.call(@object['url']) ::FetchRemoteStatusService.new.call(@object['url'])

View File

@ -9,7 +9,7 @@ class ActivityPub::ProcessCollectionService < BaseService
return unless supported_context? return unless supported_context?
return if different_actor? && verify_account!.nil? return if different_actor? && verify_account!.nil?
return if @account.suspended? return if @account.suspended? || @account.local?
case @json['type'] case @json['type']
when 'Collection', 'CollectionPage' when 'Collection', 'CollectionPage'

View File

@ -1,7 +1,7 @@
require 'rails_helper' require 'rails_helper'
RSpec.describe ActivityPub::ProcessCollectionService do RSpec.describe ActivityPub::ProcessCollectionService do
let(:actor) { Fabricate(:account) } let(:actor) { Fabricate(:account, domain: 'example.com', uri: 'http://example.com/account') }
let(:payload) do let(:payload) do
{ {
@ -24,7 +24,7 @@ RSpec.describe ActivityPub::ProcessCollectionService do
describe '#call' do describe '#call' do
context 'when actor is the sender' context 'when actor is the sender'
context 'when actor differs from sender' do context 'when actor differs from sender' do
let(:forwarder) { Fabricate(:account) } let(:forwarder) { Fabricate(:account, domain: 'example.com', uri: 'http://example.com/other_account') }
it 'processes payload with sender if no signature exists' do it 'processes payload with sender if no signature exists' do
expect_any_instance_of(ActivityPub::LinkedDataSignature).not_to receive(:verify_account!) expect_any_instance_of(ActivityPub::LinkedDataSignature).not_to receive(:verify_account!)