From 95089c0c6179c9eed6cc05379514cfb7047477fa Mon Sep 17 00:00:00 2001 From: Andrew Godwin Date: Sun, 12 Nov 2023 12:09:09 -0700 Subject: [PATCH] Ignore some messages at inbox view time --- tests/users/views/test_activitypub.py | 53 ++++++++++++++++++++++++++- users/views/activitypub.py | 14 ++++++- 2 files changed, 64 insertions(+), 3 deletions(-) diff --git a/tests/users/views/test_activitypub.py b/tests/users/views/test_activitypub.py index c811e52..beb8642 100644 --- a/tests/users/views/test_activitypub.py +++ b/tests/users/views/test_activitypub.py @@ -1,5 +1,7 @@ import pytest +from users.models import InboxMessage + @pytest.mark.django_db def test_webfinger_actor(client, identity): @@ -59,5 +61,54 @@ def test_delete_unknown_actor(client, identity): resp = client.post( identity.inbox_uri, data=data, content_type="application/activity+json" ) - print(resp.content) + assert resp.status_code == 202 + + +@pytest.mark.django_db +def test_ignore_lemmy(client, identity): + """ + Tests that message types we know we cannot handle are ignored immediately + """ + data = { + "cc": "https://lemmy.ml/c/asklemmy/followers", + "id": "https://lemmy.ml/activities/announce/12345", + "to": "as:Public", + "type": "Announce", + "actor": "https://lemmy.ml/c/asklemmy", + "object": { + "id": "https://lemmy.world/activities/like/12345", + "type": "Like", + "actor": "https://lemmy.world/u/Nobody", + "object": "https://sopuli.xyz/comment/12345", + "audience": "https://lemmy.ml/c/asklemmy", + }, + "@context": [ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1", + { + "pt": "https://joinpeertube.org/ns#", + "sc": "http://schema.org/", + "lemmy": "https://join-lemmy.org/ns#", + "expires": "as:endTime", + "litepub": "http://litepub.social/ns#", + "language": "sc:inLanguage", + "stickied": "lemmy:stickied", + "sensitive": "as:sensitive", + "identifier": "sc:identifier", + "moderators": {"@id": "lemmy:moderators", "@type": "@id"}, + "removeData": "lemmy:removeData", + "ChatMessage": "litepub:ChatMessage", + "matrixUserId": "lemmy:matrixUserId", + "distinguished": "lemmy:distinguished", + "commentsEnabled": "pt:commentsEnabled", + "postingRestrictedToMods": "lemmy:postingRestrictedToMods", + }, + "https://w3id.org/security/v1", + ], + } + num_inbox_messages = InboxMessage.objects.count() + resp = client.post( + identity.inbox_uri, data=data, content_type="application/activity+json" + ) + assert num_inbox_messages == InboxMessage.objects.count() assert resp.status_code == 202 diff --git a/users/views/activitypub.py b/users/views/activitypub.py index 2408bb8..effbf5b 100644 --- a/users/views/activitypub.py +++ b/users/views/activitypub.py @@ -138,6 +138,11 @@ class Inbox(View): return HttpResponseBadRequest("Payload size too large") # Load the LD document = canonicalise(json.loads(request.body), include_security=True) + document_type = document["type"] + document_subtype = None + if isinstance(document.get("object"), dict): + document_subtype = document["object"].get("type") + # Find the Identity by the actor on the incoming item # This ensures that the signature used for the headers matches the actor # described in the payload. @@ -147,7 +152,7 @@ class Inbox(View): identity = Identity.by_actor_uri(document["actor"], create=True, transient=True) if ( - document["type"] == "Delete" + document_type == "Delete" and document["actor"] == document["object"] and identity._state.adding ): @@ -169,6 +174,11 @@ class Inbox(View): ) return HttpResponse(status=202) + # See if it's a type of message we know we want to ignore right now + # (e.g. Lemmy likes/dislikes, which we can't process anyway) + if document_type == "Announce" and document_subtype in ["Like", "Dislike"]: + return HttpResponse(status=202) + # authenticate HTTP signature first, if one is present and the actor # is already known to us. An invalid signature is an error and message # should be discarded. NOTE: for previously unknown actors, we @@ -182,7 +192,7 @@ class Inbox(View): ) logging.debug( "Inbox: %s from %s has good HTTP signature", - document["type"], + document_type, identity, ) else: