djsundog
/
tootlab-mastodon
mirror of https://github.com/glitch-soc/mastodon.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
tootlab-mastodon/app/services/resolve_account_service.rb

153 lines
4.4 KiB
Ruby
Raw Normal View History

Fix rubocop issues, introduce usage of frozen literal to improve performance
2016-11-15 10:56:29 -05:00
# frozen_string_literal: true
Rename ResolveRemoteAccountService to ResolveAccountService (#6327) The service used to be named ResolveRemoteAccountService resolves local accounts as well.
2018-01-22 08:25:09 -05:00
class ResolveAccountService < BaseService
Add ActivityPub inbox (#4216) * Add ActivityPub inbox * Handle ActivityPub deletes * Handle ActivityPub creates * Handle ActivityPub announces * Stubs for handling all activities that need to be handled * Add ActivityPub actor resolving * Handle conversation URI passing in ActivityPub * Handle content language in ActivityPub * Send accept header when fetching actor, handle JSON parse errors * Test for ActivityPub::FetchRemoteAccountService * Handle public key and icon/image when embedded/as array/as resolvable URI * Implement ActivityPub::FetchRemoteStatusService * Add stubs for more interactions * Undo activities implemented * Handle out of order activities * Hook up ActivityPub to ResolveRemoteAccountService, handle Update Account activities * Add fragment IDs to all transient activity serializers * Add tests and fixes * Add stubs for missing tests * Add more tests * Add more tests
2017-08-08 15:52:15 -04:00
include JsonLdHelper
Refactor domain block checks (#11268)
2019-07-08 21:27:35 -04:00
include DomainControlHelper
Refactor monkey-patching of Goldfinger (#12561)
2020-05-10 05:41:43 -04:00
include WebfingerHelper
Refactor domain block checks (#11268)
2019-07-08 21:27:35 -04:00
# Find or create an account record for a remote user. When creating,
# look up the user's webfinger and fetch ActivityPub data
# @param [String, Account] uri URI in the username@domain format or account record
Optimize the process of following someone (#9220) * Eliminate extra accounts select query from FollowService * Optimistically update follow state in web UI and hide loading bar Fix #6205 * Asynchronize NotifyService in FollowService And fix failing test * Skip Webfinger resolve routine when called from FollowService if possible If an account is ActivityPub, then webfinger re-resolving is not necessary when called from FollowService. Improve options of ResolveAccountService
2018-11-08 15:05:42 -05:00
# @param [Hash] options
Refactor domain block checks (#11268)
2019-07-08 21:27:35 -04:00
# @option options [Boolean] :redirected Do not follow further Webfinger redirects
Change ResolveAccountService's handling of skip_webfinger (#15750) * Change ResolveAccountService's handling of skip_webfinger Change it so it never makes any webfinger query, as the name would imply. * Add tests * Change FollowService to not take an URI for target_account * Restore domain-block check in FollowService * Fix tests
2021-02-24 00:32:13 -05:00
# @option options [Boolean] :skip_webfinger Do not attempt any webfinger query or refreshing account data
Send Salmon interactions
2016-02-24 06:57:29 -05:00
# @return [Account]
Optimize the process of following someone (#9220) * Eliminate extra accounts select query from FollowService * Optimistically update follow state in web UI and hide loading bar Fix #6205 * Asynchronize NotifyService in FollowService And fix failing test * Skip Webfinger resolve routine when called from FollowService if possible If an account is ActivityPub, then webfinger re-resolving is not necessary when called from FollowService. Improve options of ResolveAccountService
2018-11-08 15:05:42 -05:00
def call(uri, options = {})
Refactor domain block checks (#11268)
2019-07-08 21:27:35 -04:00
return if uri.blank?
process_options!(uri, options)
# First of all we want to check if we've got the account
# record with the URI already, and if so, we can exit early
return if domain_not_allowed?(@domain)
@account ||= Account.find_remote(@username, @domain)
Remove dependency on goldfinger gem (#14919) There are edge cases where requests to certain hosts timeout when using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now that we no longer need to support OStatus servers, webfinger logic is so simple that there is no point encapsulating it in a gem, so we can just use our own Request class. With that, we benefit from more robust timeout code and IPv4/IPv6 resolution. Fix #14091
2020-10-07 18:34:57 -04:00
return @account if @account&.local? || @domain.nil? || !webfinger_update_due?
Refactor domain block checks (#11268)
2019-07-08 21:27:35 -04:00
# At this point we are in need of a Webfinger query, which may
# yield us a different username/domain through a redirect
Fix handling of webfinger redirects in ResolveAccountService (#11279)
2019-07-10 11:10:12 -04:00
process_webfinger!(@uri)
Fix webfinger redirect handling in ResolveAccountService (#15187) * Fix webfinger redirect handling in ResolveAccountService ResolveAccountService#process_webfinger! handled a one-step webfinger redirection, but only accepting the result if it matched the exact URI passed as input, defeating the point of a redirection check. Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`, updating the resulting `acct:` URI with the result of the first webfinger query. * Add tests
2020-11-19 13:52:06 -05:00
@domain = nil if TagManager.instance.local_domain?(@domain)
Refactor domain block checks (#11268)
2019-07-08 21:27:35 -04:00
# Because the username/domain pair may be different than what
# we already checked, we need to check if we've already got
# the record with that URI, again
return if domain_not_allowed?(@domain)
@account ||= Account.find_remote(@username, @domain)
Add support for reversible suspensions through ActivityPub (#14989)
2020-11-07 18:28:39 -05:00
if gone_from_origin? && not_yet_deleted?
queue_deletion!
return
end
return @account if @account&.local? || gone_from_origin? || !webfinger_update_due?
Refactor domain block checks (#11268)
2019-07-08 21:27:35 -04:00
# Now it is certain, it is definitely a remote account, and it
# either needs to be created, or updated from fresh data
Fix resolving accounts sometimes creating duplicate records for a given AP id (#15364) * Fix ResolveAccountService accepting mismatching acct: URI * Set attributes that should be updated regardless of suspension * Fix key fetching * Automatically merge remote accounts with duplicate `uri` * Add tests * Add "tootctl accounts fix-duplicates" Finds duplicate accounts sharing a same ActivityPub `id`, re-fetch them and merge them under the canonical `acct:` URI. Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-18 17:26:26 -05:00
fetch_account!
Add support for reversible suspensions through ActivityPub (#14989)
2020-11-07 18:28:39 -05:00
rescue Webfinger::Error, Oj::ParseError => e
Refactor domain block checks (#11268)
2019-07-08 21:27:35 -04:00
Rails.logger.debug "Webfinger query for #{@uri} failed: #{e}"
nil
end
private
def process_options!(uri, options)
Optimize the process of following someone (#9220) * Eliminate extra accounts select query from FollowService * Optimistically update follow state in web UI and hide loading bar Fix #6205 * Asynchronize NotifyService in FollowService And fix failing test * Skip Webfinger resolve routine when called from FollowService if possible If an account is ActivityPub, then webfinger re-resolving is not necessary when called from FollowService. Improve options of ResolveAccountService
2018-11-08 15:05:42 -05:00
@options = options
Adding Turbolinks, adding status posting form on homepage
2016-03-21 13:26:47 -04:00
Optimize the process of following someone (#9220) * Eliminate extra accounts select query from FollowService * Optimistically update follow state in web UI and hide loading bar Fix #6205 * Asynchronize NotifyService in FollowService And fix failing test * Skip Webfinger resolve routine when called from FollowService if possible If an account is ActivityPub, then webfinger re-resolving is not necessary when called from FollowService. Improve options of ResolveAccountService
2018-11-08 15:05:42 -05:00
if uri.is_a?(Account)
@account = uri
@username = @account.username
@domain = @account.domain
else
@username, @domain = uri.split('@')
end
Separate PuSH subscriptions from following, add mastodon:push:refresh task, respect hub.lease_seconds (fix #46)
2016-09-19 18:39:03 -04:00
Fix acct URIs with IDN domains not being resolved (#11520) Fix #11494
2019-08-07 15:14:08 -04:00
@domain = begin
if TagManager.instance.local_domain?(@domain)
nil
else
TagManager.instance.normalize_domain(@domain)
end
end
@uri = [@username, @domain].compact.join('@')
Refactor domain block checks (#11268)
2019-07-08 21:27:35 -04:00
end
Initial commit
2016-02-20 16:53:20 -05:00
Fix webfinger redirect handling in ResolveAccountService (#15187) * Fix webfinger redirect handling in ResolveAccountService ResolveAccountService#process_webfinger! handled a one-step webfinger redirection, but only accepting the result if it matched the exact URI passed as input, defeating the point of a redirection check. Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`, updating the resulting `acct:` URI with the result of the first webfinger query. * Add tests
2020-11-19 13:52:06 -05:00
def process_webfinger!(uri)
Refactor monkey-patching of Goldfinger (#12561)
2020-05-10 05:41:43 -04:00
@webfinger = webfinger!("acct:#{uri}")
Fix webfinger redirect handling in ResolveAccountService (#15187) * Fix webfinger redirect handling in ResolveAccountService ResolveAccountService#process_webfinger! handled a one-step webfinger redirection, but only accepting the result if it matched the exact URI passed as input, defeating the point of a redirection check. Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`, updating the resulting `acct:` URI with the result of the first webfinger query. * Add tests
2020-11-19 13:52:06 -05:00
confirmed_username, confirmed_domain = split_acct(@webfinger.subject)
Allow @username@domain/@username in follow form, prevent duplicate accounts created via remote look-up when domains differ but point to the same resource
2016-11-03 11:57:44 -04:00
Refactor ResolveRemoteAccountService (#4258) * Refactor ResolveRemoteAccountService * Remove trailing whitespace * Use redis locks around critical ResolveRemoteAccountService code * Add test for race condition of lock
2017-07-19 08:44:04 -04:00
if confirmed_username.casecmp(@username).zero? && confirmed_domain.casecmp(@domain).zero?
@username = confirmed_username
@domain = confirmed_domain
Fix webfinger redirect handling in ResolveAccountService (#15187) * Fix webfinger redirect handling in ResolveAccountService ResolveAccountService#process_webfinger! handled a one-step webfinger redirection, but only accepting the result if it matched the exact URI passed as input, defeating the point of a redirection check. Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`, updating the resulting `acct:` URI with the result of the first webfinger query. * Add tests
2020-11-19 13:52:06 -05:00
return
Fix possibility of unrightful webfinger redirect (#2147) * Fix possibility of unrightful webfinger redirect * Add more tests for FollowRemoteAccountService
2017-04-19 11:28:35 -04:00
end
Fix webfinger redirect handling in ResolveAccountService (#15187) * Fix webfinger redirect handling in ResolveAccountService ResolveAccountService#process_webfinger! handled a one-step webfinger redirection, but only accepting the result if it matched the exact URI passed as input, defeating the point of a redirection check. Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`, updating the resulting `acct:` URI with the result of the first webfinger query. * Add tests
2020-11-19 13:52:06 -05:00
# Account doesn't match, so it may have been redirected
@webfinger = webfinger!("acct:#{confirmed_username}@#{confirmed_domain}")
@username, @domain = split_acct(@webfinger.subject)
unless confirmed_username.casecmp(@username).zero? && confirmed_domain.casecmp(@domain).zero?
raise Webfinger::RedirectError, "The URI #{uri} tries to hijack #{@username}@#{@domain}"
end
Add support for reversible suspensions through ActivityPub (#14989)
2020-11-07 18:28:39 -05:00
rescue Webfinger::GoneError
@gone = true
Refactor domain block checks (#11268)
2019-07-08 21:27:35 -04:00
end
Fix webfinger redirect handling in ResolveAccountService (#15187) * Fix webfinger redirect handling in ResolveAccountService ResolveAccountService#process_webfinger! handled a one-step webfinger redirection, but only accepting the result if it matched the exact URI passed as input, defeating the point of a redirection check. Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`, updating the resulting `acct:` URI with the result of the first webfinger query. * Add tests
2020-11-19 13:52:06 -05:00
def split_acct(acct)
acct.gsub(/\Aacct:/, '').split('@')
end
Fix resolving accounts sometimes creating duplicate records for a given AP id (#15364) * Fix ResolveAccountService accepting mismatching acct: URI * Set attributes that should be updated regardless of suspension * Fix key fetching * Automatically merge remote accounts with duplicate `uri` * Add tests * Add "tootctl accounts fix-duplicates" Finds duplicate accounts sharing a same ActivityPub `id`, re-fetch them and merge them under the canonical `acct:` URI. Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-18 17:26:26 -05:00
def fetch_account!
Remove Salmon and PubSubHubbub (#11205) * Remove Salmon and PubSubHubbub endpoints * Add error when trying to follow OStatus accounts * Fix new accounts not being created in ResolveAccountService
2019-07-06 17:26:16 -04:00
return unless activitypub_ready?
Allow @username@domain/@username in follow form, prevent duplicate accounts created via remote look-up when domains differ but point to the same resource
2016-11-03 11:57:44 -04:00
Refactor ResolveRemoteAccountService (#4258) * Refactor ResolveRemoteAccountService * Remove trailing whitespace * Use redis locks around critical ResolveRemoteAccountService code * Add test for race condition of lock
2017-07-19 08:44:04 -04:00
RedisLock.acquire(lock_options) do |lock|
if lock.acquired?
Fix resolving accounts sometimes creating duplicate records for a given AP id (#15364) * Fix ResolveAccountService accepting mismatching acct: URI * Set attributes that should be updated regardless of suspension * Fix key fetching * Automatically merge remote accounts with duplicate `uri` * Add tests * Add "tootctl accounts fix-duplicates" Finds duplicate accounts sharing a same ActivityPub `id`, re-fetch them and merge them under the canonical `acct:` URI. Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-18 17:26:26 -05:00
@account = ActivityPub::FetchRemoteAccountService.new.call(actor_url)
Raise Mastodon::RaceConditionError if Redis lock failed (#7511) An explicit error allows user agents to know the error and Sidekiq to retry.
2018-05-16 06:29:45 -04:00
else
raise Mastodon::RaceConditionError
Refactor ResolveRemoteAccountService (#4258) * Refactor ResolveRemoteAccountService * Remove trailing whitespace * Use redis locks around critical ResolveRemoteAccountService code * Add test for race condition of lock
2017-07-19 08:44:04 -04:00
end
Refresh webfinger (#1323) * Refresh local info for remote accounts when webfinger returns new values It only refreshes account info if one of the URLs or the public-key changes, in which cases it refreshes the full info, re-downloading the feeds from that user. Some special handling should probably be done when the public key changes, but I have been unable to find any use for it in Mastodon yet. * Re-fetch remote users we aren't subscribed to. This might induce performance issues, we might want to only do that for users we explicitly attempted to subscribe but failed to. * Refactor changes * Do not refresh existing remote account details more than once a day * Avoid re-fetching webfinger info in tests unless otherwise specified
2017-04-14 21:16:05 -04:00
end
Allow @username@domain/@username in follow form, prevent duplicate accounts created via remote look-up when domains differ but point to the same resource
2016-11-03 11:57:44 -04:00
Refactor ResolveRemoteAccountService (#4258) * Refactor ResolveRemoteAccountService * Remove trailing whitespace * Use redis locks around critical ResolveRemoteAccountService code * Add test for race condition of lock
2017-07-19 08:44:04 -04:00
@account
end
Domain blocks now have varying severity - auto-suspend vs auto-silence
2017-01-23 11:38:38 -05:00
Refactor ResolveRemoteAccountService (#4258) * Refactor ResolveRemoteAccountService * Remove trailing whitespace * Use redis locks around critical ResolveRemoteAccountService code * Add test for race condition of lock
2017-07-19 08:44:04 -04:00
def webfinger_update_due?
Fix performance of follow import (#13836)
2020-06-09 04:26:58 -04:00
return false if @options[:check_delivery_availability] && !DeliveryFailureTracker.available?(@domain)
Change ResolveAccountService's handling of skip_webfinger (#15750) * Change ResolveAccountService's handling of skip_webfinger Change it so it never makes any webfinger query, as the name would imply. * Add tests * Change FollowService to not take an URI for target_account * Restore domain-block check in FollowService * Fix tests
2021-02-24 00:32:13 -05:00
return false if @options[:skip_webfinger]
Fix performance of follow import (#13836)
2020-06-09 04:26:58 -04:00
Fix webfinger_update_due to run WebFinger on stale activitypub-account (#16182)
2021-05-08 10:22:18 -04:00
@account.nil? || @account.possibly_stale?
Refactor ResolveRemoteAccountService (#4258) * Refactor ResolveRemoteAccountService * Remove trailing whitespace * Use redis locks around critical ResolveRemoteAccountService code * Add test for race condition of lock
2017-07-19 08:44:04 -04:00
end
Fixes and general progress
2016-02-22 12:10:30 -05:00
Add ActivityPub inbox (#4216) * Add ActivityPub inbox * Handle ActivityPub deletes * Handle ActivityPub creates * Handle ActivityPub announces * Stubs for handling all activities that need to be handled * Add ActivityPub actor resolving * Handle conversation URI passing in ActivityPub * Handle content language in ActivityPub * Send accept header when fetching actor, handle JSON parse errors * Test for ActivityPub::FetchRemoteAccountService * Handle public key and icon/image when embedded/as array/as resolvable URI * Implement ActivityPub::FetchRemoteStatusService * Add stubs for more interactions * Undo activities implemented * Handle out of order activities * Hook up ActivityPub to ResolveRemoteAccountService, handle Update Account activities * Add fragment IDs to all transient activity serializers * Add tests and fixes * Add stubs for missing tests * Add more tests * Add more tests
2017-08-08 15:52:15 -04:00
def activitypub_ready?
Remove dependency on goldfinger gem (#14919) There are edge cases where requests to certain hosts timeout when using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now that we no longer need to support OStatus servers, webfinger logic is so simple that there is no point encapsulating it in a gem, so we can just use our own Request class. With that, we benefit from more robust timeout code and IPv4/IPv6 resolution. Fix #14091
2020-10-07 18:34:57 -04:00
['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].include?(@webfinger.link('self', 'type'))
Add ActivityPub inbox (#4216) * Add ActivityPub inbox * Handle ActivityPub deletes * Handle ActivityPub creates * Handle ActivityPub announces * Stubs for handling all activities that need to be handled * Add ActivityPub actor resolving * Handle conversation URI passing in ActivityPub * Handle content language in ActivityPub * Send accept header when fetching actor, handle JSON parse errors * Test for ActivityPub::FetchRemoteAccountService * Handle public key and icon/image when embedded/as array/as resolvable URI * Implement ActivityPub::FetchRemoteStatusService * Add stubs for more interactions * Undo activities implemented * Handle out of order activities * Hook up ActivityPub to ResolveRemoteAccountService, handle Update Account activities * Add fragment IDs to all transient activity serializers * Add tests and fixes * Add stubs for missing tests * Add more tests * Add more tests
2017-08-08 15:52:15 -04:00
end
def actor_url
Remove dependency on goldfinger gem (#14919) There are edge cases where requests to certain hosts timeout when using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now that we no longer need to support OStatus servers, webfinger logic is so simple that there is no point encapsulating it in a gem, so we can just use our own Request class. With that, we benefit from more robust timeout code and IPv4/IPv6 resolution. Fix #14091
2020-10-07 18:34:57 -04:00
@actor_url ||= @webfinger.link('self', 'href')
Add ActivityPub inbox (#4216) * Add ActivityPub inbox * Handle ActivityPub deletes * Handle ActivityPub creates * Handle ActivityPub announces * Stubs for handling all activities that need to be handled * Add ActivityPub actor resolving * Handle conversation URI passing in ActivityPub * Handle content language in ActivityPub * Send accept header when fetching actor, handle JSON parse errors * Test for ActivityPub::FetchRemoteAccountService * Handle public key and icon/image when embedded/as array/as resolvable URI * Implement ActivityPub::FetchRemoteStatusService * Add stubs for more interactions * Undo activities implemented * Handle out of order activities * Hook up ActivityPub to ResolveRemoteAccountService, handle Update Account activities * Add fragment IDs to all transient activity serializers * Add tests and fixes * Add stubs for missing tests * Add more tests * Add more tests
2017-08-08 15:52:15 -04:00
end
Add support for reversible suspensions through ActivityPub (#14989)
2020-11-07 18:28:39 -05:00
def gone_from_origin?
@gone
end
def not_yet_deleted?
@account.present? && !@account.local?
end
def queue_deletion!
Fix remotely-suspended accounts' toots being merged back into timelines (#16628) * Fix remotely-suspended accounts' toots being merged back into timelines * Mark remotely-deleted accounts as remotely suspended
2021-08-20 02:40:33 -04:00
@account.suspend!(origin: :remote)
Fix sending spurious Rejects when processing remote account deletion (#15104) * Fix sending spurious Rejects when processing remote account deletion * Make skip_side_effects imply skip_activitypub
2020-11-19 11:39:47 -05:00
AccountDeletionWorker.perform_async(@account.id, reserve_username: false, skip_activitypub: true)
Add support for reversible suspensions through ActivityPub (#14989)
2020-11-07 18:28:39 -05:00
end
Refactor ResolveRemoteAccountService (#4258) * Refactor ResolveRemoteAccountService * Remove trailing whitespace * Use redis locks around critical ResolveRemoteAccountService code * Add test for race condition of lock
2017-07-19 08:44:04 -04:00
def lock_options
Fix some RedisLocks auto-releasing too fast (#16276) * Fix Delete and Create-related locks expiring too fast Fixes #16238 By default, RedisLock expires after 10 seconds, which may not be enough to process statuses, especially when those have attached media files. This commit extends those 10 seconds to 15 minutes, which should be plenty enough to handle any status, while being short enough to not waste many sidekiq job retries in the exceedingly rare case in which a sidekiq process would crash when processing a `Create` or `Delete`. * Fix other RedisLock autorelease durations Fixes #15645 - things that only perform a few simple database queries (e.g. finding and saving a record) have been left unchanged, so they'll still use the default 10s duration - things that perform significantly more complex database queries have been changed to a 5 minutes timeout - things that perform multiple HTTP queries have been changed to a 15 minutes timeout
2021-05-19 17:52:08 -04:00
{ redis: Redis.current, key: "resolve:#{@username}@#{@domain}", autorelease: 15.minutes.seconds }
Update profile information and download avatar of remote accounts
2016-02-28 08:26:26 -05:00
end
Initial commit
2016-02-20 16:53:20 -05:00
end