From 42c7b629cf68957dab815fe5da4accf484e2cb90 Mon Sep 17 00:00:00 2001
From: Michael Manfre
Date: Tue, 6 Dec 2022 00:23:35 -0500
Subject: Ignore actor delete messages for unknown actors (#124)

---
 users/views/activitypub.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'users')

diff --git a/users/views/activitypub.py b/users/views/activitypub.py
index b155b08..93a6eae 100644
--- a/users/views/activitypub.py
+++ b/users/views/activitypub.py
@@ -145,9 +145,21 @@ class Inbox(View):
         # This ensures that the signature used for the headers matches the actor
         # described in the payload.
         identity = Identity.by_actor_uri(document["actor"], create=True, transient=True)
+        if (
+            document["type"] == "Delete"
+            and document["actor"] == document["object"]
+            and not identity.pk
+        ):
+            # We don't have an Identity record for the user. No-op
+            exceptions.capture_message(
+                f"Inbox: Discarded delete message for unknown actor {document['actor']}"
+            )
+            return HttpResponse(status=202)
+
         if not identity.public_key:
             # See if we can fetch it right now
             async_to_sync(identity.fetch_actor)()
+
         if not identity.public_key:
             exceptions.capture_message(
                 f"Inbox error: cannot fetch actor {document['actor']}"
@@ -160,6 +172,7 @@ class Inbox(View):
                 f"Inbox: Discarded message from {identity.domain}"
             )
             return HttpResponse(status=202)
+
         # If there's a "signature" payload, verify against that
         if "signature" in document:
             try:
-- 
cgit v1.2.3