Following: Check remote URLs/Objects for Actor type (#2041)

Author: pfefferle

.github/changelog/2041-from-description

@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+More reliable Actor checks during the follow process.

includes/collection/class-actors.php

@@ -14,11 +14,12 @@
 use Activitypub\Activity\Actor;
 
 use function Activitypub\get_remote_metadata_by_actor;
-use function Activitypub\object_to_uri;
-use function Activitypub\normalize_url;
+use function Activitypub\is_actor;
+use function Activitypub\is_user_type_disabled;
 use function Activitypub\normalize_host;
+use function Activitypub\normalize_url;
+use function Activitypub\object_to_uri;
 use function Activitypub\url_to_authorid;
-use function Activitypub\is_user_type_disabled;
 use function Activitypub\user_can_activitypub;
 
 /**
@@ -561,6 +562,14 @@ public static function fetch_remote_by_uri( $actor_uri ) {
 			return $object;
 		}
 
+		if ( ! is_actor( $object ) ) {
+			return new \WP_Error(
+				'activitypub_no_actor',
+				\__( 'Object is not an Actor', 'activitypub' ),
+				array( 'status' => 400 )
+			);
+		}
+
 		$post_id = self::upsert( $object );
 
 		if ( \is_wp_error( $post_id ) ) {

tests/includes/class-test-scheduler.php

@@ -459,6 +459,7 @@ public function test_cleanup_remote_actors() {
 			'activitypub_pre_http_get_remote_object',
 			function () {
 				return array(
+					'type'              => 'Person',
 					'name'              => 'Test User',
 					'preferredUsername' => 'test',
 					'id'                => 'https://example.com/users/test',