From 22d71e6b30cf1efd540e29276fd53d5e73f03890 Mon Sep 17 00:00:00 2001 From: erik Date: Thu, 7 Dec 2023 13:53:37 +0100 Subject: [PATCH] Update ToDo --- routers/api/v1/activitypub/repository.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/routers/api/v1/activitypub/repository.go b/routers/api/v1/activitypub/repository.go index 82e9cf6647..6bc8762ffb 100644 --- a/routers/api/v1/activitypub/repository.go +++ b/routers/api/v1/activitypub/repository.go @@ -262,6 +262,8 @@ func RepositoryInbox(ctx *context.APIContext) { // Check if user already exists // TODO: If the usesrs-id points to our current host, we've to use an alterantive search ... + // > We might need to discuss this further with the community, because when we execute this bit of code here, the federated api has been called. + // > Thus the searching for non-federated users could facilitate spoofing of already existing user-ids for some (malicious) purposes. users, err := searchUsersByPerson(remoteStargazer) if err != nil { panic(fmt.Errorf("searching for user failed: %v", err))