Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use ID instead of username in ActivityPub API #23802

Closed
trwnh opened this issue Mar 29, 2023 · 3 comments · Fixed by #23823
Closed

Use ID instead of username in ActivityPub API #23802

trwnh opened this issue Mar 29, 2023 · 3 comments · Fixed by #23823
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.

Comments

@trwnh
Copy link

trwnh commented Mar 29, 2023

Feature Description

In #19133 a basic ActivityPub API was added to the router, allowing lookup of an actor document and POSTing to inbox. However, the API as present in Swagger currently depends on the username, which means that username changes are not possible without causing breakages in federation. This should be fixed before federation is ready. Further rationale is included in #19133 (comment) and quoted below for convenience:

You can avoid having to issue a Move if you just don't use the username in any ids. Move should be reserved for moving to different domains, not changing usernames. It's completely unnecessary and completely avoidable for local username changes. I heavily recommend using something like snowflake, hash, uuid, etc instead of plain usernames. You want the ActivityPub id to be as stable as possible and ideally never change.

Screenshots

Relevant code:

gitea/routers/api/v1/activitypub/person.go

Lines 20 to 36 in 3e8db31

func Person(ctx *context.APIContext) {
// swagger:operation GET /activitypub/user/{username} activitypub activitypubPerson
// ---
// summary: Returns the Person actor for a user
// produces:
// - application/json
// parameters:
// - name: username
// in: path
// description: username of the user
// type: string
// required: true
// responses:
// "200":
// "$ref": "#/responses/ActivityPub"
link := strings.TrimSuffix(setting.AppURL, "/") + "/api/v1/activitypub/user/" + ctx.ContextUser.Name

I believe this should be ctx.ContextUser.ID or something similar.
@trwnh trwnh added type/feature Completely new functionality. Can only be merged if feature freeze is not active. type/proposal The new feature has not been accepted yet but needs to be discussed first. labels Mar 29, 2023
@lunny
Copy link
Member

lunny commented Mar 30, 2023
edited
Loading

But wouldn't the id be changed in a different system?

@lunny lunny removed the type/feature Completely new functionality. Can only be merged if feature freeze is not active. label Mar 30, 2023
@trwnh
Copy link
Author

trwnh commented Mar 30, 2023
edited
Loading

No, the ActivityPub id is an HTTPS URI that should remain constant. For example, if we have something like https://example.com/userid then the username is free to change without breaking the id. But if we make the id something like https://example.com/username then a change from username to different_username will be seen as a completely different actor. All old comments, repos, etc. will no longer be linked, and all followers will have to be migrated to the "new" account.

@ghost
Copy link

ghost commented Mar 30, 2023

@trwnh Thanks for the reminder. I'll implement this soon in forgejo-federation.

@wxiaoguang wxiaoguang mentioned this issue Mar 30, 2023
Merged
lunny pushed a commit that referenced this issue Apr 4, 2023
@wxiaoguang
Use User.ID instead of User.Name in ActivityPub API for Person IRI (#…
17f2318 
…23823)

Thanks to @trwnh

Close #23802

The ActivityPub id is an HTTPS URI that should remain constant, even if
the user changes their name.
@GiteaBot GiteaBot mentioned this issue Apr 4, 2023
Merged
GiteaBot pushed a commit to GiteaBot/gitea that referenced this issue Apr 4, 2023
@wxiaoguang
Use User.ID instead of User.Name in ActivityPub API for Person IRI (g…
104b2ed 
…o-gitea#23823)

Thanks to @trwnh

Close go-gitea#23802

The ActivityPub id is an HTTPS URI that should remain constant, even if
the user changes their name.
jolheiser pushed a commit that referenced this issue Apr 4, 2023
@GiteaBot @wxiaoguang
Use User.ID instead of User.Name in ActivityPub API for Person IRI (#…
9836b7d 
…23823) (#23905)

Backport #23823 by @wxiaoguang

Thanks to @trwnh

Close #23802

The ActivityPub id is an HTTPS URI that should remain constant, even if
the user changes their name.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 20, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use User.ID instead of User.Name in ActivityPub API for Person IRI wxiaoguang/gitea
2 participants
@lunny @trwnh