Browse Source

Fix duplicate accounts being created when fetching an account for its key only (#13147)

Fixes #13136

When a user's canonical acct domain is different from its id's domain
(WEB_DOMAIN ≠ LOCAL_DOMAIN), two webfinger queries are required to find the
canonical domain from the URI. However, we skip webfinger queries when
updating only the key of a remote user, which led to the creation of a
duplicate account, using the URI's domain instead of the canonical acct: one.
master
ThibG 4 years ago
committed by GitHub
parent
commit
3704402dcc
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 3 deletions
  1. +4
    -3
      app/services/activitypub/process_account_service.rb

+ 4
- 3
app/services/activitypub/process_account_service.rb View File

@ -18,9 +18,10 @@ class ActivityPub::ProcessAccountService < BaseService
RedisLock.acquire(lock_options) do |lock|
if lock.acquired?
@account = Account.find_remote(@username, @domain)
@old_public_key = @account&.public_key
@old_protocol = @account&.protocol
@account = Account.remote.find_by(uri: @uri) if @options[:only_key]
@account ||= Account.find_remote(@username, @domain)
@old_public_key = @account&.public_key
@old_protocol = @account&.protocol
create_account if @account.nil?
update_account

Loading…
Cancel
Save