From 42c7b629cf68957dab815fe5da4accf484e2cb90 Mon Sep 17 00:00:00 2001 From: Michael Manfre Date: Tue, 6 Dec 2022 00:23:35 -0500 Subject: Ignore actor delete messages for unknown actors (#124) --- users/views/activitypub.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'users') diff --git a/users/views/activitypub.py b/users/views/activitypub.py index b155b08..93a6eae 100644 --- a/users/views/activitypub.py +++ b/users/views/activitypub.py @@ -145,9 +145,21 @@ class Inbox(View): # This ensures that the signature used for the headers matches the actor # described in the payload. identity = Identity.by_actor_uri(document["actor"], create=True, transient=True) + if ( + document["type"] == "Delete" + and document["actor"] == document["object"] + and not identity.pk + ): + # We don't have an Identity record for the user. No-op + exceptions.capture_message( + f"Inbox: Discarded delete message for unknown actor {document['actor']}" + ) + return HttpResponse(status=202) + if not identity.public_key: # See if we can fetch it right now async_to_sync(identity.fetch_actor)() + if not identity.public_key: exceptions.capture_message( f"Inbox error: cannot fetch actor {document['actor']}" @@ -160,6 +172,7 @@ class Inbox(View): f"Inbox: Discarded message from {identity.domain}" ) return HttpResponse(status=202) + # If there's a "signature" payload, verify against that if "signature" in document: try: -- cgit v1.2.3