From 57b503d4ef0754e4651eae26b628cba60e1ab4e9 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Fri, 18 May 2018 11:33:56 +0200
Subject: [PATCH] Resolve unknown status from Add activity, skip Remove if
 unknown (#7526)

Fix #7518
---
 app/lib/activitypub/activity.rb           |  9 ++++++++
 app/lib/activitypub/activity/add.rb       |  5 +++--
 app/lib/activitypub/activity/announce.rb  | 10 ---------
 app/lib/activitypub/activity/remove.rb    |  2 +-
 spec/lib/activitypub/activity/add_spec.rb | 25 ++++++++++++++++++++---
 5 files changed, 35 insertions(+), 16 deletions(-)

diff --git a/app/lib/activitypub/activity.rb b/app/lib/activitypub/activity.rb
index 84d4b17520..03476920b2 100644
--- a/app/lib/activitypub/activity.rb
+++ b/app/lib/activitypub/activity.rb
@@ -118,4 +118,13 @@ class ActivityPub::Activity
   def delete_later!(uri)
     redis.setex("delete_upon_arrival:#{@account.id}:#{uri}", 6.hours.seconds, uri)
   end
+
+  def fetch_remote_original_status
+    if object_uri.start_with?('http')
+      return if ActivityPub::TagManager.instance.local_uri?(object_uri)
+      ActivityPub::FetchRemoteStatusService.new.call(object_uri, id: true, on_behalf_of: @account.followers.local.first)
+    elsif @object['url'].present?
+      ::FetchRemoteStatusService.new.call(@object['url'])
+    end
+  end
 end
diff --git a/app/lib/activitypub/activity/add.rb b/app/lib/activitypub/activity/add.rb
index ea94d2f983..688ab00b33 100644
--- a/app/lib/activitypub/activity/add.rb
+++ b/app/lib/activitypub/activity/add.rb
@@ -4,9 +4,10 @@ class ActivityPub::Activity::Add < ActivityPub::Activity
   def perform
     return unless @json['target'].present? && value_or_id(@json['target']) == @account.featured_collection_url
 
-    status = status_from_uri(object_uri)
+    status   = status_from_uri(object_uri)
+    status ||= fetch_remote_original_status
 
-    return unless status.account_id == @account.id && !@account.pinned?(status)
+    return unless !status.nil? && status.account_id == @account.id && !@account.pinned?(status)
 
     StatusPin.create!(account: @account, status: status)
   end
diff --git a/app/lib/activitypub/activity/announce.rb b/app/lib/activitypub/activity/announce.rb
index f810c88a27..1147a4481f 100644
--- a/app/lib/activitypub/activity/announce.rb
+++ b/app/lib/activitypub/activity/announce.rb
@@ -26,16 +26,6 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity
 
   private
 
-  def fetch_remote_original_status
-    if object_uri.start_with?('http')
-      return if ActivityPub::TagManager.instance.local_uri?(object_uri)
-
-      ActivityPub::FetchRemoteStatusService.new.call(object_uri, id: true, on_behalf_of: @account.followers.local.first)
-    elsif @object['url'].present?
-      ::FetchRemoteStatusService.new.call(@object['url'])
-    end
-  end
-
   def announceable?(status)
     status.account_id == @account.id || status.public_visibility? || status.unlisted_visibility?
   end
diff --git a/app/lib/activitypub/activity/remove.rb b/app/lib/activitypub/activity/remove.rb
index 62a1e3196e..f523ead9f6 100644
--- a/app/lib/activitypub/activity/remove.rb
+++ b/app/lib/activitypub/activity/remove.rb
@@ -6,7 +6,7 @@ class ActivityPub::Activity::Remove < ActivityPub::Activity
 
     status = status_from_uri(object_uri)
 
-    return unless status.account_id == @account.id
+    return unless !status.nil? && status.account_id == @account.id
 
     pin = StatusPin.find_by(account: @account, status: status)
     pin&.destroy!
diff --git a/spec/lib/activitypub/activity/add_spec.rb b/spec/lib/activitypub/activity/add_spec.rb
index 3ebab4e373..16db71c880 100644
--- a/spec/lib/activitypub/activity/add_spec.rb
+++ b/spec/lib/activitypub/activity/add_spec.rb
@@ -18,12 +18,31 @@ RSpec.describe ActivityPub::Activity::Add do
   describe '#perform' do
     subject { described_class.new(json, sender) }
 
-    before do
+    it 'creates a pin' do
       subject.perform
+      expect(sender.pinned?(status)).to be true
     end
 
-    it 'creates a pin' do
-      expect(sender.pinned?(status)).to be true
+    context 'when status was not known before' do
+      let(:json) do
+        {
+          '@context': 'https://www.w3.org/ns/activitystreams',
+          id: 'foo',
+          type: 'Add',
+          actor: ActivityPub::TagManager.instance.uri_for(sender),
+          object: 'https://example.com/unknown',
+          target: sender.featured_collection_url,
+        }.with_indifferent_access
+      end
+
+      before do
+        stub_request(:get, 'https://example.com/unknown').to_return(status: 410)
+      end
+
+      it 'fetches the status' do
+        subject.perform
+        expect(a_request(:get, 'https://example.com/unknown')).to have_been_made.at_least_once
+      end
     end
   end
 end
-- 
GitLab