wordpress-activitypub
wordpress-activitypub copied to clipboard
Automattic
Add/User Delete activities
Adds a Server class for processing server activities, such as Federating a delete_user action
Fixes #566 https://gdpr.eu/right-to-be-forgotten/
Proposed changes:
- Adds a Server class for processing server related activities
- Adds an activitypub_send_server_activity method for Server initiated activities
- Adds a
delete_useraction to Federate an actor Delete activity
Other information:
I've started this from @mattwiebe's Profile Update PR, so it makes sense for that to be merged 1st. I can rebase this later if needed
Followup PRs:
The Server class, and activitypub_send_server_activity will also be useful for Inbox forwarding activities (mainly Updates, Deletes)
- [ ] Have you written new tests for your changes, if applicable?
Testing instructions:
- Go to '..'
looks interesting
I think sooner or later we need an outbox when the number of outgoing activities steadily grows...
Looks like this plugin’s really improving markedly since the last time I used it.
From: Matthias Pfefferle @.> Sent: Thursday, November 9, 2023 12:48 To: Automattic/wordpress-activitypub @.> Cc: Subscribed @.***> Subject: Re: [Automattic/wordpress-activitypub] Add/Server activities (PR #552)
looks interesting
I think sooner or later we need an outbox when the number of outgoing activities steadily grows...
— Reply to this email directly, view it on GitHubhttps://github.com/Automattic/wordpress-activitypub/pull/552#issuecomment-1804285099, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADS4MAASOO3HUIN6VOTLNJLYDUJL5AVCNFSM6AAAAAA7DN6I5SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBUGI4DKMBZHE. You are receiving this because you are subscribed to this thread.Message ID: @.@.>>
For now we're just deriving known Servers based on current users followers, I'll add the blog followers here as well.
But (in a subsequent PR) we'll have to think about tracking known users:
Receiving an actor Delete means we should delete any Comments they've sent. And possibly Inbox Forward the Delete Activity.
@pfefferle after testing, the activity must be signed by the actor (mastodon ignores the actor Delete signed by the application actor).
Since the activity is scheduled, it creates a race condition where even if we pass the user_id to safe_remote_post the user is likely to be deleted by the time the signature is generated.
So a workaround would be to store key pair in an option during delete_user action and delete the option during deleted_user.
Code update forthcoming