From 6ba7d9d0d963c5a0589a33c277a14e1fb19b5bfb Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Fri, 8 Jun 2018 00:14:06 +0200 Subject: [PATCH] Do not accept ActivityPub follow requests from blocked user (#7756) * Do not accept ActivityPub follow requests from blocked user Fix #7745 * Deliver auto-rejection immediately when follow-requested by blocked account * Fix trailing whitespace --- app/lib/activitypub/activity/follow.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/app/lib/activitypub/activity/follow.rb b/app/lib/activitypub/activity/follow.rb index fbbf358a87..826dcf18ef 100644 --- a/app/lib/activitypub/activity/follow.rb +++ b/app/lib/activitypub/activity/follow.rb @@ -6,6 +6,11 @@ class ActivityPub::Activity::Follow < ActivityPub::Activity return if target_account.nil? || !target_account.local? || delete_arrived_first?(@json['id']) || @account.requested?(target_account) + if target_account.blocking?(@account) || target_account.domain_blocking?(@account.domain) + reject_follow_request!(target_account) + return + end + # Fast-forward repeat follow requests if @account.following?(target_account) AuthorizeFollowService.new.call(@account, target_account, skip_follow_request: true) @@ -21,4 +26,9 @@ class ActivityPub::Activity::Follow < ActivityPub::Activity NotifyService.new.call(target_account, ::Follow.find_by(account: @account, target_account: target_account)) end end + + def reject_follow_request!(target_account) + json = Oj.dump(ActivityPub::LinkedDataSignature.new(ActiveModelSerializers::SerializableResource.new(FollowRequest.new(account: @account, target_account: target_account, uri: @json['id']), serializer: ActivityPub::RejectFollowSerializer, adapter: ActivityPub::Adapter).as_json).sign!(target_account)) + ActivityPub::DeliveryWorker.perform_async(json, target_account.id, @account.inbox_url) + end end