If HTTP signature is wrong and webfinger cache is stale, retry with resolve (#5129)

If the signature could not be verified and the webfinger of the account was last retrieved longer than the cache period, try re-resolving the account and then attempting to verify the signature again
author: Eugen Rochko <eugen@zeonfederated.com> 2017-09-28 17:50:14 +0200
committer: GitHub <noreply@github.com> 2017-09-28 17:50:14 +0200
commit: 76f360c625d6f7e1200a35430cced872fc6098ff (patch)
tree: caa27ee739a112ff0b317a377e64903b39709619 /app/controllers/concerns
parent: a3202f61af7d4833808d429c79dfc21e74f06c99 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb
index 4211283ed..52a9cf290 100644
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@@ -44,6 +44,15 @@ module SignatureVerification
     if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
       @signed_request_account = account
       @signed_request_account
+    elsif account.possibly_stale?
+      account = account.refresh!
+
+      if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
+        @signed_request_account = account
+        @signed_request_account
+      else
+        @signed_request_account = nil
+      end
     else
       @signed_request_account = nil
     end
author	Eugen Rochko <eugen@zeonfederated.com>	2017-09-28 17:50:14 +0200
committer	GitHub <noreply@github.com>	2017-09-28 17:50:14 +0200
commit	76f360c625d6f7e1200a35430cced872fc6098ff (patch)
tree	caa27ee739a112ff0b317a377e64903b39709619 /app/controllers/concerns
parent	a3202f61af7d4833808d429c79dfc21e74f06c99 (diff)