Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing Follow.@id check when processing Undo.Follow #1631

Open
Tamschi opened this issue Dec 16, 2024 · 2 comments
Open

Missing Follow.@id check when processing Undo.Follow #1631

Tamschi opened this issue Dec 16, 2024 · 2 comments
Labels
bug User-facing breakage and reliability issues within Bridgy Fed.

Comments

@Tamschi
Copy link
Collaborator

Tamschi commented Dec 16, 2024

Technically this is a bit of a protocol violation in Bridgy Fed. It's supposed to persist the @id of the [most recent, at least] Follow and then check against that when Undoing it. However, Mastodon seemingly also doesn't do this properly when the object is inlined.

Originally posted by @Tamschi in #1626 (comment)

Mastodon correctly uses unique Follow-IDs and includes them with the Undo, so Bridgy Fed can and should check for those:

{
  "@context":"https://www.w3.org/ns/activitystreams",
  "id":"https://activitypub.academy/40c15d58-2d4b-4842-9342-7fb5e231831d",
  "type":"Follow",
  "actor":"https://activitypub.academy/users/aubotus_grahess",
  "object":"https://mastodon.gamedev.place/users/Tamschi"
}
{
  "@context":"https://www.w3.org/ns/activitystreams",
  "id":"https://activitypub.academy/users/aubotus_grahess#follows/4360/undo",
  "type":"Undo",
  "actor":"https://activitypub.academy/users/aubotus_grahess",
  "object":{
    "id":"https://activitypub.academy/40c15d58-2d4b-4842-9342-7fb5e231831d",
    "type":"Follow",
    "actor":"https://activitypub.academy/users/aubotus_grahess",
    "object":"https://mastodon.gamedev.place/users/Tamschi"
  }
}
{
  "@context":"https://www.w3.org/ns/activitystreams",
  "id":"https://activitypub.academy/16dd2fcf-2851-422b-92f4-5c209f01bde3",
  "type":"Follow",
  "actor":"https://activitypub.academy/users/aubotus_grahess",
  "object":"https://mastodon.gamedev.place/users/Tamschi"
}
{
  "@context":"https://www.w3.org/ns/activitystreams",
  "id":"https://activitypub.academy/users/aubotus_grahess#follows/4361/undo",
  "type":"Undo",
  "actor":"https://activitypub.academy/users/aubotus_grahess",
  "object":{
    "id":"https://activitypub.academy/16dd2fcf-2851-422b-92f4-5c209f01bde3",
    "type":"Follow",
    "actor":"https://activitypub.academy/users/aubotus_grahess",
    "object":"https://mastodon.gamedev.place/users/Tamschi"
  }
}

If it doesn't, this can cause follower set desyncs of local users as in #1626, since neither Mastodon's outbox nor Bridgy Fed's inbox processing are reliably ordered at least per remote instance. (Both would have to be reliably ordered to skip this check.)
@Tamschi
Copy link
Collaborator Author

Tamschi commented Dec 16, 2024

I think a good solution here would be to persist the most recent unwrapped Follow's id. (When another arrives, overwrite.)
Then, when an Undo.Follow arrives, only process it if the Undo.Follow.id matches the persisted one.

(I haven't checked if this applies to other activities, but I would assume anything that flips a binary state or relation may be affected to an extent.)

@Tamschi Tamschi added the bug User-facing breakage and reliability issues within Bridgy Fed. label Dec 16, 2024
@snarfed
Copy link
Owner

snarfed commented Dec 16, 2024

Great point! This only works for Undos of activities with ids, not transient activities without them, but most activities do have ids. And we already store the most recent Follow per follower, so this should be straightforward. Thanks for filing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug User-facing breakage and reliability issues within Bridgy Fed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Tamschi @snarfed