Harden account processing code

2026-05-14 00:00:04 -05:00 · 2026-04-14 15:37:41 +02:00 · 2026-04-14 15:37:41 +02:00 · 91c8bd00d6
commit 91c8bd00d6
parent 52952873a0
1 changed files with 9 additions and 2 deletions
--- a/app/services/activitypub/process_account_service.rb
+++ b/app/services/activitypub/process_account_service.rb
@ -28,8 +28,15 @@ class ActivityPub::ProcessAccountService < BaseService
    @options[:request_id] ||= "#{Time.now.utc.to_i}-#{username}@#{domain}"

    with_redis_lock("process_account:#{@uri}") do
-      @account            = Account.remote.find_by(uri: @uri) if @options[:only_key]
-      @account          ||= Account.find_remote(@username, @domain)
+      if @options[:only_key]
+        # `only_key` is used to update an existing account known by its `uri`.
+        # Lookup by handle and new account creation do not make sense in this case.
+        @account = Account.remote.find_by(uri: @uri)
+        return if @account.nil?
+      else
+        @account = Account.find_remote(@username, @domain)
+      end
+
      @old_public_key     = @account&.public_key
      @old_protocol       = @account&.protocol
      @suspension_changed = false