New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure blocked user unfollows blocker if Block/Undo Block are processed out of order #9687

Merged
merged 2 commits into from Jan 2, 2019

Conversation

Projects
None yet
2 participants
@ThibG
Copy link
Collaborator

ThibG commented Jan 1, 2019

Block + Undo Block have been used for a while to remove followers (even though Mastodon now also handles the cleaner Undo Accept + Reject Follow, but that flow is not explicitly defined in the AP spec).

However, such activities are processed in (and even sent from) sidekiq queues and could therefore be processed out-of-order, in which case the current code skips the Block entirely, which could cause the Block + Undo Block routine to fail from removing the follow relationship on the receiving end, meaning the temporarily blocked user would still receive private toots if there is another follower on the same instance.

This commit fixes that.

@ThibG ThibG force-pushed the ThibG:fixes/block-unblock-race-unfollow branch 2 times, most recently from b6e6153 to 7c0ad87 Jan 1, 2019

@ThibG ThibG force-pushed the ThibG:fixes/block-unblock-race-unfollow branch from 7c0ad87 to af6ad4d Jan 1, 2019

@ThibG ThibG added the security label Jan 1, 2019

@ThibG ThibG requested a review from Gargron Jan 1, 2019

@Gargron

Gargron approved these changes Jan 2, 2019

@Gargron Gargron merged commit 70be301 into tootsuite:master Jan 2, 2019

11 checks passed

ci/circleci: build Your tests passed on CircleCI!
Details
ci/circleci: check-i18n Your tests passed on CircleCI!
Details
ci/circleci: install Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.4 Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.5 Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.6 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.4 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.5 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.6 Your tests passed on CircleCI!
Details
ci/circleci: test-webui Your tests passed on CircleCI!
Details
codeclimate All good!
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment