From b762c76dd7ecbc10b6ffef32b897f3800d0313cc Mon Sep 17 00:00:00 2001 From: Oneric Date: Fri, 13 Dec 2024 01:09:35 +0100 Subject: [PATCH] add_remove_validator: limit refetch rate to 1 per 5s This matches the maximum_age used when processing Move activities --- .../activity_pub/object_validators/add_remove_validator.ex | 6 ++++-- .../transmogrifier/add_remove_handling_test.exs | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/activity_pub/object_validators/add_remove_validator.ex b/lib/pleroma/web/activity_pub/object_validators/add_remove_validator.ex index b2fa35831..c13f7d442 100644 --- a/lib/pleroma/web/activity_pub/object_validators/add_remove_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/add_remove_validator.ex @@ -73,7 +73,9 @@ defp maybe_refetch_user(%User{featured_address: address} = user) when is_binary( end defp maybe_refetch_user(%User{ap_id: ap_id}) do - # Maybe it could use User.get_or_fetch_by_ap_id to avoid refreshing too often - User.fetch_by_ap_id(ap_id) + # If the user didn't expose a featured collection before, + # recheck now so we can verify perms for add/remove. + # But wait at least 5s to avoid rapid refetches in edge cases + User.get_or_fetch_by_ap_id(ap_id, maximum_age: 5) end end diff --git a/test/pleroma/web/activity_pub/transmogrifier/add_remove_handling_test.exs b/test/pleroma/web/activity_pub/transmogrifier/add_remove_handling_test.exs index c2b5f2cc8..f95d298e0 100644 --- a/test/pleroma/web/activity_pub/transmogrifier/add_remove_handling_test.exs +++ b/test/pleroma/web/activity_pub/transmogrifier/add_remove_handling_test.exs @@ -102,6 +102,7 @@ test "Add/Remove activities for remote users without featured address" do user = user |> Ecto.Changeset.change(featured_address: nil) + |> Ecto.Changeset.change(last_refreshed_at: ~N[2013-03-14 11:50:00.000000]) |> Repo.update!() %{host: host} = URI.parse(user.ap_id) -- 2.39.5