Skip to content

Multisite: ensure that user_ids only work for users of this site#158

Merged
akirk merged 1 commit into
akirk:mainfrom
mattwiebe:fix/multisite-users
Jul 30, 2024
Merged

Multisite: ensure that user_ids only work for users of this site#158
akirk merged 1 commit into
akirk:mainfrom
mattwiebe:fix/multisite-users

Conversation

@mattwiebe

@mattwiebe mattwiebe commented Jun 26, 2024
edited
Loading

Copy link
Copy Markdown
Contributor

When browsing Followers, they can have a user_id on their own instance that Mastodon clients then try to retrieve from their own instance. Eg say that a user is followed by my [email protected] account. When the client queries the mastodon.online instance, it gets this:

{
  "id": "110770996307846062",
  "username": "mattwiebe",
  "acct": "mattwiebe",
  "display_name": "mw.social"
  // snip
}

But when browsing profiles, some clients (Ivory in my case) tries to query that ID against the current instance, doing api/v1/accounts/110770996307846062 against EMA. For wpcom, that particular ID is above our highest user_id, but many will produce a false positive for a user in the network who isn't even a member of the blog.

This doesn't fix for user ID collisions where the user ID from a remote user is the same as one that is also a member of the blog, but it's a good start.

@mattwiebe mattwiebe mentioned this pull request Jun 26, 2024
Merged
@akirk akirk merged commit 8ec5893 into akirk:main Jul 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@akirk akirk akirk approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mattwiebe @akirk