diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2017-09-28 17:50:14 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-09-28 17:50:14 +0200 |
| commit | 76f360c625d6f7e1200a35430cced872fc6098ff (patch) | |
| tree | caa27ee739a112ff0b317a377e64903b39709619 | |
| parent | a3202f61af7d4833808d429c79dfc21e74f06c99 (diff) | |
If HTTP signature is wrong and webfinger cache is stale, retry with resolve (#5129)
If the signature could not be verified and the webfinger of the account was last retrieved longer than the cache period, try re-resolving the account and then attempting to verify the signature again
| -rw-r--r-- | app/controllers/concerns/signature_verification.rb | 9 | ||||
| -rw-r--r-- | app/models/account.rb | 9 | ||||
| -rw-r--r-- | app/services/resolve_remote_account_service.rb | 2 |
3 files changed, 19 insertions, 1 deletions
diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb index 4211283ed..52a9cf290 100644 --- a/app/controllers/concerns/signature_verification.rb +++ b/app/controllers/concerns/signature_verification.rb @@ -44,6 +44,15 @@ module SignatureVerification if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string) @signed_request_account = account @signed_request_account + elsif account.possibly_stale? + account = account.refresh! + + if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string) + @signed_request_account = account + @signed_request_account + else + @signed_request_account = nil + end else @signed_request_account = nil end diff --git a/app/models/account.rb b/app/models/account.rb index 0b025d1be..ce7773b4b 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -137,6 +137,15 @@ class Account < ApplicationRecord subscription_expires_at.present? end + def possibly_stale? + last_webfingered_at.nil? || last_webfingered_at <= 1.day.ago + end + + def refresh! + return if local? + ResolveRemoteAccountService.new.call(acct) + end + def keypair @keypair ||= OpenSSL::PKey::RSA.new(private_key || public_key) end diff --git a/app/services/resolve_remote_account_service.rb b/app/services/resolve_remote_account_service.rb index 57c80fc82..93ba07702 100644 --- a/app/services/resolve_remote_account_service.rb +++ b/app/services/resolve_remote_account_service.rb @@ -74,7 +74,7 @@ class ResolveRemoteAccountService < BaseService end def webfinger_update_due? - @account.nil? || @account.last_webfingered_at.nil? || @account.last_webfingered_at <= 1.day.ago + @account.nil? || @account.possibly_stale? end def activitypub_ready? |