closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10518 Commits
4 Branches
567 MiB
Tree: 2fba280353
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2fba280353'
${ noResults }
mastodon/app/services/resolve_account_service.rb

151 lines
4.4 KiB
Raw Normal View History

Fix rubocop issues, introduce usage of frozen literal to improve performance
7 years ago
Rename ResolveRemoteAccountService to ResolveAccountService (#6327) The service used to be named ResolveRemoteAccountService resolves local accounts as well.
6 years ago
Add ActivityPub inbox (#4216) * Add ActivityPub inbox * Handle ActivityPub deletes * Handle ActivityPub creates * Handle ActivityPub announces * Stubs for handling all activities that need to be handled * Add ActivityPub actor resolving * Handle conversation URI passing in ActivityPub * Handle content language in ActivityPub * Send accept header when fetching actor, handle JSON parse errors * Test for ActivityPub::FetchRemoteAccountService * Handle public key and icon/image when embedded/as array/as resolvable URI * Implement ActivityPub::FetchRemoteStatusService * Add stubs for more interactions * Undo activities implemented * Handle out of order activities * Hook up ActivityPub to ResolveRemoteAccountService, handle Update Account activities * Add fragment IDs to all transient activity serializers * Add tests and fixes * Add stubs for missing tests * Add more tests * Add more tests
6 years ago
Refactor domain block checks (#11268)
4 years ago
Refactor monkey-patching of Goldfinger (#12561)
4 years ago
Refactor domain block checks (#11268)
4 years ago
Optimize the process of following someone (#9220) * Eliminate extra accounts select query from FollowService * Optimistically update follow state in web UI and hide loading bar Fix #6205 * Asynchronize NotifyService in FollowService And fix failing test * Skip Webfinger resolve routine when called from FollowService if possible If an account is ActivityPub, then webfinger re-resolving is not necessary when called from FollowService. Improve options of ResolveAccountService
5 years ago
Refactor domain block checks (#11268)
4 years ago
Change ResolveAccountService's handling of skip_webfinger (#15750) * Change ResolveAccountService's handling of skip_webfinger Change it so it never makes any webfinger query, as the name would imply. * Add tests * Change FollowService to not take an URI for target_account * Restore domain-block check in FollowService * Fix tests
3 years ago
Send Salmon interactions
8 years ago
Optimize the process of following someone (#9220) * Eliminate extra accounts select query from FollowService * Optimistically update follow state in web UI and hide loading bar Fix #6205 * Asynchronize NotifyService in FollowService And fix failing test * Skip Webfinger resolve routine when called from FollowService if possible If an account is ActivityPub, then webfinger re-resolving is not necessary when called from FollowService. Improve options of ResolveAccountService
5 years ago
Refactor domain block checks (#11268)
4 years ago
Remove dependency on goldfinger gem (#14919) There are edge cases where requests to certain hosts timeout when using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now that we no longer need to support OStatus servers, webfinger logic is so simple that there is no point encapsulating it in a gem, so we can just use our own Request class. With that, we benefit from more robust timeout code and IPv4/IPv6 resolution. Fix #14091
3 years ago
Refactor domain block checks (#11268)
4 years ago
Fix handling of webfinger redirects in ResolveAccountService (#11279)
4 years ago
Fix webfinger redirect handling in ResolveAccountService (#15187) * Fix webfinger redirect handling in ResolveAccountService ResolveAccountService#process_webfinger! handled a one-step webfinger redirection, but only accepting the result if it matched the exact URI passed as input, defeating the point of a redirection check. Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`, updating the resulting `acct:` URI with the result of the first webfinger query. * Add tests
3 years ago
Refactor domain block checks (#11268)
4 years ago
Add support for reversible suspensions through ActivityPub (#14989)
3 years ago
Refactor domain block checks (#11268)
4 years ago
Fix resolving accounts sometimes creating duplicate records for a given AP id (#15364) * Fix ResolveAccountService accepting mismatching acct: URI * Set attributes that should be updated regardless of suspension * Fix key fetching * Automatically merge remote accounts with duplicate `uri` * Add tests * Add "tootctl accounts fix-duplicates" Finds duplicate accounts sharing a same ActivityPub `id`, re-fetch them and merge them under the canonical `acct:` URI. Co-authored-by: Claire <claire.github-309c@sitedethib.com>
3 years ago
Add support for reversible suspensions through ActivityPub (#14989)
3 years ago
Refactor domain block checks (#11268)
4 years ago
Optimize the process of following someone (#9220) * Eliminate extra accounts select query from FollowService * Optimistically update follow state in web UI and hide loading bar Fix #6205 * Asynchronize NotifyService in FollowService And fix failing test * Skip Webfinger resolve routine when called from FollowService if possible If an account is ActivityPub, then webfinger re-resolving is not necessary when called from FollowService. Improve options of ResolveAccountService
5 years ago
Adding Turbolinks, adding status posting form on homepage
8 years ago
Optimize the process of following someone (#9220) * Eliminate extra accounts select query from FollowService * Optimistically update follow state in web UI and hide loading bar Fix #6205 * Asynchronize NotifyService in FollowService And fix failing test * Skip Webfinger resolve routine when called from FollowService if possible If an account is ActivityPub, then webfinger re-resolving is not necessary when called from FollowService. Improve options of ResolveAccountService
5 years ago
Separate PuSH subscriptions from following, add mastodon:push:refresh task, respect hub.lease_seconds (fix #46)
7 years ago
Fix acct URIs with IDN domains not being resolved (#11520) Fix #11494
4 years ago
Refactor domain block checks (#11268)
4 years ago
Initial commit
8 years ago
Fix webfinger redirect handling in ResolveAccountService (#15187) * Fix webfinger redirect handling in ResolveAccountService ResolveAccountService#process_webfinger! handled a one-step webfinger redirection, but only accepting the result if it matched the exact URI passed as input, defeating the point of a redirection check. Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`, updating the resulting `acct:` URI with the result of the first webfinger query. * Add tests
3 years ago
Refactor monkey-patching of Goldfinger (#12561)
4 years ago
Fix webfinger redirect handling in ResolveAccountService (#15187) * Fix webfinger redirect handling in ResolveAccountService ResolveAccountService#process_webfinger! handled a one-step webfinger redirection, but only accepting the result if it matched the exact URI passed as input, defeating the point of a redirection check. Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`, updating the resulting `acct:` URI with the result of the first webfinger query. * Add tests
3 years ago
Allow @username@domain/@username in follow form, prevent duplicate accounts created via remote look-up when domains differ but point to the same resource
7 years ago
Refactor ResolveRemoteAccountService (#4258) * Refactor ResolveRemoteAccountService * Remove trailing whitespace * Use redis locks around critical ResolveRemoteAccountService code * Add test for race condition of lock
6 years ago
Fix webfinger redirect handling in ResolveAccountService (#15187) * Fix webfinger redirect handling in ResolveAccountService ResolveAccountService#process_webfinger! handled a one-step webfinger redirection, but only accepting the result if it matched the exact URI passed as input, defeating the point of a redirection check. Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`, updating the resulting `acct:` URI with the result of the first webfinger query. * Add tests
3 years ago
Fix possibility of unrightful webfinger redirect (#2147) * Fix possibility of unrightful webfinger redirect * Add more tests for FollowRemoteAccountService
7 years ago
Fix webfinger redirect handling in ResolveAccountService (#15187) * Fix webfinger redirect handling in ResolveAccountService ResolveAccountService#process_webfinger! handled a one-step webfinger redirection, but only accepting the result if it matched the exact URI passed as input, defeating the point of a redirection check. Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`, updating the resulting `acct:` URI with the result of the first webfinger query. * Add tests
3 years ago
Add support for reversible suspensions through ActivityPub (#14989)
3 years ago
Refactor domain block checks (#11268)
4 years ago
Fix webfinger redirect handling in ResolveAccountService (#15187) * Fix webfinger redirect handling in ResolveAccountService ResolveAccountService#process_webfinger! handled a one-step webfinger redirection, but only accepting the result if it matched the exact URI passed as input, defeating the point of a redirection check. Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`, updating the resulting `acct:` URI with the result of the first webfinger query. * Add tests
3 years ago
Fix resolving accounts sometimes creating duplicate records for a given AP id (#15364) * Fix ResolveAccountService accepting mismatching acct: URI * Set attributes that should be updated regardless of suspension * Fix key fetching * Automatically merge remote accounts with duplicate `uri` * Add tests * Add "tootctl accounts fix-duplicates" Finds duplicate accounts sharing a same ActivityPub `id`, re-fetch them and merge them under the canonical `acct:` URI. Co-authored-by: Claire <claire.github-309c@sitedethib.com>
3 years ago
Remove Salmon and PubSubHubbub (#11205) * Remove Salmon and PubSubHubbub endpoints * Add error when trying to follow OStatus accounts * Fix new accounts not being created in ResolveAccountService
4 years ago
Allow @username@domain/@username in follow form, prevent duplicate accounts created via remote look-up when domains differ but point to the same resource
7 years ago
Refactor ResolveRemoteAccountService (#4258) * Refactor ResolveRemoteAccountService * Remove trailing whitespace * Use redis locks around critical ResolveRemoteAccountService code * Add test for race condition of lock
6 years ago
Fix resolving accounts sometimes creating duplicate records for a given AP id (#15364) * Fix ResolveAccountService accepting mismatching acct: URI * Set attributes that should be updated regardless of suspension * Fix key fetching * Automatically merge remote accounts with duplicate `uri` * Add tests * Add "tootctl accounts fix-duplicates" Finds duplicate accounts sharing a same ActivityPub `id`, re-fetch them and merge them under the canonical `acct:` URI. Co-authored-by: Claire <claire.github-309c@sitedethib.com>
3 years ago
Raise Mastodon::RaceConditionError if Redis lock failed (#7511) An explicit error allows user agents to know the error and Sidekiq to retry.
6 years ago
Refactor ResolveRemoteAccountService (#4258) * Refactor ResolveRemoteAccountService * Remove trailing whitespace * Use redis locks around critical ResolveRemoteAccountService code * Add test for race condition of lock
6 years ago
Refresh webfinger (#1323) * Refresh local info for remote accounts when webfinger returns new values It only refreshes account info if one of the URLs or the public-key changes, in which cases it refreshes the full info, re-downloading the feeds from that user. Some special handling should probably be done when the public key changes, but I have been unable to find any use for it in Mastodon yet. * Re-fetch remote users we aren't subscribed to. This might induce performance issues, we might want to only do that for users we explicitly attempted to subscribe but failed to. * Refactor changes * Do not refresh existing remote account details more than once a day * Avoid re-fetching webfinger info in tests unless otherwise specified
7 years ago
Allow @username@domain/@username in follow form, prevent duplicate accounts created via remote look-up when domains differ but point to the same resource
7 years ago
Refactor ResolveRemoteAccountService (#4258) * Refactor ResolveRemoteAccountService * Remove trailing whitespace * Use redis locks around critical ResolveRemoteAccountService code * Add test for race condition of lock
6 years ago
Domain blocks now have varying severity - auto-suspend vs auto-silence
7 years ago
Refactor ResolveRemoteAccountService (#4258) * Refactor ResolveRemoteAccountService * Remove trailing whitespace * Use redis locks around critical ResolveRemoteAccountService code * Add test for race condition of lock
6 years ago
Fix performance of follow import (#13836)
3 years ago
Change ResolveAccountService's handling of skip_webfinger (#15750) * Change ResolveAccountService's handling of skip_webfinger Change it so it never makes any webfinger query, as the name would imply. * Add tests * Change FollowService to not take an URI for target_account * Restore domain-block check in FollowService * Fix tests
3 years ago
Fix performance of follow import (#13836)
3 years ago
Fix webfinger_update_due to run WebFinger on stale activitypub-account (#16182)
3 years ago
Refactor ResolveRemoteAccountService (#4258) * Refactor ResolveRemoteAccountService * Remove trailing whitespace * Use redis locks around critical ResolveRemoteAccountService code * Add test for race condition of lock
6 years ago
Fixes and general progress
8 years ago
Add ActivityPub inbox (#4216) * Add ActivityPub inbox * Handle ActivityPub deletes * Handle ActivityPub creates * Handle ActivityPub announces * Stubs for handling all activities that need to be handled * Add ActivityPub actor resolving * Handle conversation URI passing in ActivityPub * Handle content language in ActivityPub * Send accept header when fetching actor, handle JSON parse errors * Test for ActivityPub::FetchRemoteAccountService * Handle public key and icon/image when embedded/as array/as resolvable URI * Implement ActivityPub::FetchRemoteStatusService * Add stubs for more interactions * Undo activities implemented * Handle out of order activities * Hook up ActivityPub to ResolveRemoteAccountService, handle Update Account activities * Add fragment IDs to all transient activity serializers * Add tests and fixes * Add stubs for missing tests * Add more tests * Add more tests
6 years ago
Remove dependency on goldfinger gem (#14919) There are edge cases where requests to certain hosts timeout when using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now that we no longer need to support OStatus servers, webfinger logic is so simple that there is no point encapsulating it in a gem, so we can just use our own Request class. With that, we benefit from more robust timeout code and IPv4/IPv6 resolution. Fix #14091
3 years ago
Add ActivityPub inbox (#4216) * Add ActivityPub inbox * Handle ActivityPub deletes * Handle ActivityPub creates * Handle ActivityPub announces * Stubs for handling all activities that need to be handled * Add ActivityPub actor resolving * Handle conversation URI passing in ActivityPub * Handle content language in ActivityPub * Send accept header when fetching actor, handle JSON parse errors * Test for ActivityPub::FetchRemoteAccountService * Handle public key and icon/image when embedded/as array/as resolvable URI * Implement ActivityPub::FetchRemoteStatusService * Add stubs for more interactions * Undo activities implemented * Handle out of order activities * Hook up ActivityPub to ResolveRemoteAccountService, handle Update Account activities * Add fragment IDs to all transient activity serializers * Add tests and fixes * Add stubs for missing tests * Add more tests * Add more tests
6 years ago
Remove dependency on goldfinger gem (#14919) There are edge cases where requests to certain hosts timeout when using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now that we no longer need to support OStatus servers, webfinger logic is so simple that there is no point encapsulating it in a gem, so we can just use our own Request class. With that, we benefit from more robust timeout code and IPv4/IPv6 resolution. Fix #14091
3 years ago
Add ActivityPub inbox (#4216) * Add ActivityPub inbox * Handle ActivityPub deletes * Handle ActivityPub creates * Handle ActivityPub announces * Stubs for handling all activities that need to be handled * Add ActivityPub actor resolving * Handle conversation URI passing in ActivityPub * Handle content language in ActivityPub * Send accept header when fetching actor, handle JSON parse errors * Test for ActivityPub::FetchRemoteAccountService * Handle public key and icon/image when embedded/as array/as resolvable URI * Implement ActivityPub::FetchRemoteStatusService * Add stubs for more interactions * Undo activities implemented * Handle out of order activities * Hook up ActivityPub to ResolveRemoteAccountService, handle Update Account activities * Add fragment IDs to all transient activity serializers * Add tests and fixes * Add stubs for missing tests * Add more tests * Add more tests
6 years ago
Add support for reversible suspensions through ActivityPub (#14989)
3 years ago
Fix sending spurious Rejects when processing remote account deletion (#15104) * Fix sending spurious Rejects when processing remote account deletion * Make skip_side_effects imply skip_activitypub
3 years ago
Add support for reversible suspensions through ActivityPub (#14989)
3 years ago
Refactor ResolveRemoteAccountService (#4258) * Refactor ResolveRemoteAccountService * Remove trailing whitespace * Use redis locks around critical ResolveRemoteAccountService code * Add test for race condition of lock
6 years ago
Fix some RedisLocks auto-releasing too fast (#16276) * Fix Delete and Create-related locks expiring too fast Fixes #16238 By default, RedisLock expires after 10 seconds, which may not be enough to process statuses, especially when those have attached media files. This commit extends those 10 seconds to 15 minutes, which should be plenty enough to handle any status, while being short enough to not waste many sidekiq job retries in the exceedingly rare case in which a sidekiq process would crash when processing a `Create` or `Delete`. * Fix other RedisLock autorelease durations Fixes #15645 - things that only perform a few simple database queries (e.g. finding and saving a record) have been left unchanged, so they'll still use the default 10s duration - things that perform significantly more complex database queries have been changed to a 5 minutes timeout - things that perform multiple HTTP queries have been changed to a 15 minutes timeout
3 years ago
Update profile information and download avatar of remote accounts
8 years ago
Initial commit
8 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. class ResolveAccountService < BaseService
  4.   include JsonLdHelper
  5.   include DomainControlHelper
  6.   include WebfingerHelper
  7. 

  8.   # Find or create an account record for a remote user. When creating,
  9.   # look up the user's webfinger and fetch ActivityPub data
  10.   # @param [String, Account] uri URI in the username@domain format or account record
  11.   # @param [Hash] options
  12.   # @option options [Boolean] :redirected Do not follow further Webfinger redirects
  13.   # @option options [Boolean] :skip_webfinger Do not attempt any webfinger query or refreshing account data
  14.   # @return [Account]
  15.   def call(uri, options = {})
  16.     return if uri.blank?
  17. 

  18.     process_options!(uri, options)
  19. 

  20.     # First of all we want to check if we've got the account
  21.     # record with the URI already, and if so, we can exit early
  22. 

  23.     return if domain_not_allowed?(@domain)
  24. 

  25.     @account ||= Account.find_remote(@username, @domain)
  26. 

  27.     return @account if @account&.local? || @domain.nil? || !webfinger_update_due?
  28. 

  29.     # At this point we are in need of a Webfinger query, which may
  30.     # yield us a different username/domain through a redirect
  31.     process_webfinger!(@uri)
  32.     @domain = nil if TagManager.instance.local_domain?(@domain)
  33. 

  34.     # Because the username/domain pair may be different than what
  35.     # we already checked, we need to check if we've already got
  36.     # the record with that URI, again
  37. 

  38.     return if domain_not_allowed?(@domain)
  39. 

  40.     @account ||= Account.find_remote(@username, @domain)
  41. 

  42.     if gone_from_origin? && not_yet_deleted?
  43.       queue_deletion!
  44.       return
  45.     end
  46. 

  47.     return @account if @account&.local? || gone_from_origin? || !webfinger_update_due?
  48. 

  49.     # Now it is certain, it is definitely a remote account, and it
  50.     # either needs to be created, or updated from fresh data
  51. 

  52.     fetch_account!
  53.   rescue Webfinger::Error, Oj::ParseError => e
  54.     Rails.logger.debug "Webfinger query for #{@uri} failed: #{e}"
  55.     nil
  56.   end
  57. 

  58.   private
  59. 

  60.   def process_options!(uri, options)
  61.     @options = options
  62. 

  63.     if uri.is_a?(Account)
  64.       @account  = uri
  65.       @username = @account.username
  66.       @domain   = @account.domain
  67.     else
  68.       @username, @domain = uri.split('@')
  69.     end
  70. 

  71.     @domain = begin
  72.       if TagManager.instance.local_domain?(@domain)
  73.         nil
  74.       else
  75.         TagManager.instance.normalize_domain(@domain)
  76.       end
  77.     end
  78. 

  79.     @uri = [@username, @domain].compact.join('@')
  80.   end
  81. 

  82.   def process_webfinger!(uri)
  83.     @webfinger                           = webfinger!("acct:#{uri}")
  84.     confirmed_username, confirmed_domain = split_acct(@webfinger.subject)
  85. 

  86.     if confirmed_username.casecmp(@username).zero? && confirmed_domain.casecmp(@domain).zero?
  87.       @username = confirmed_username
  88.       @domain   = confirmed_domain
  89.       return
  90.     end
  91. 

  92.     # Account doesn't match, so it may have been redirected
  93.     @webfinger         = webfinger!("acct:#{confirmed_username}@#{confirmed_domain}")
  94.     @username, @domain = split_acct(@webfinger.subject)
  95. 

  96.     unless confirmed_username.casecmp(@username).zero? && confirmed_domain.casecmp(@domain).zero?
  97.       raise Webfinger::RedirectError, "The URI #{uri} tries to hijack #{@username}@#{@domain}"
  98.     end
  99.   rescue Webfinger::GoneError
  100.     @gone = true
  101.   end
  102. 

  103.   def split_acct(acct)
  104.     acct.gsub(/\Aacct:/, '').split('@')
  105.   end
  106. 

  107.   def fetch_account!
  108.     return unless activitypub_ready?
  109. 

  110.     RedisLock.acquire(lock_options) do |lock|
  111.       if lock.acquired?
  112.         @account = ActivityPub::FetchRemoteAccountService.new.call(actor_url)
  113.       else
  114.         raise Mastodon::RaceConditionError
  115.       end
  116.     end
  117. 

  118.     @account
  119.   end
  120. 

  121.   def webfinger_update_due?
  122.     return false if @options[:check_delivery_availability] && !DeliveryFailureTracker.available?(@domain)
  123.     return false if @options[:skip_webfinger]
  124. 

  125.     @account.nil? || @account.possibly_stale?
  126.   end
  127. 

  128.   def activitypub_ready?
  129.     ['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].include?(@webfinger.link('self', 'type'))
  130.   end
  131. 

  132.   def actor_url
  133.     @actor_url ||= @webfinger.link('self', 'href')
  134.   end
  135. 

  136.   def gone_from_origin?
  137.     @gone
  138.   end
  139. 

  140.   def not_yet_deleted?
  141.     @account.present? && !@account.local?
  142.   end
  143. 

  144.   def queue_deletion!
  145.     AccountDeletionWorker.perform_async(@account.id, reserve_username: false, skip_activitypub: true)
  146.   end
  147. 

  148.   def lock_options
  149.     { redis: Redis.current, key: "resolve:#{@username}@#{@domain}", autorelease: 15.minutes.seconds }
  150.   end
  151. end