Merge upstream 2.0ish #165

author: kibigo! <marrus-sh@users.noreply.github.com> 2017-10-11 10:43:10 -0700
committer: kibigo! <marrus-sh@users.noreply.github.com> 2017-10-11 10:43:10 -0700
commit: 8d6b9ba4946b5b159af0fbd130637a226a286796 (patch)
tree: 9def26711682d29338cfa1b081822029a01669eb /app/controllers/concerns
parent: f0a2a6c875e9294f0ea1d4c6bc90529e41a2dc37 (diff)
parent: 476e79b8e340c9103352a0799e102e4aca1a5593 (diff)
1 files changed, 19 insertions, 1 deletions
diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb
index 4211283ed..2baafb5bf 100644
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@@ -9,10 +9,15 @@ module SignatureVerification
     request.headers['Signature'].present?
   end
 
+  def signature_verification_failure_reason
+    return @signature_verification_failure_reason if defined?(@signature_verification_failure_reason)
+  end
+
   def signed_request_account
     return @signed_request_account if defined?(@signed_request_account)
 
     unless signed_request?
+      @signature_verification_failure_reason = 'Request not signed'
       @signed_request_account = nil
       return
     end
@@ -27,6 +32,7 @@ module SignatureVerification
     end
 
     if incompatible_signature?(signature_params)
+      @signature_verification_failure_reason = 'Incompatible request signature'
       @signed_request_account = nil
       return
     end
@@ -34,6 +40,7 @@ module SignatureVerification
     account = account_from_key_id(signature_params['keyId'])
 
     if account.nil?
+      @signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"
       @signed_request_account = nil
       return
     end
@@ -44,7 +51,18 @@ module SignatureVerification
     if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
       @signed_request_account = account
       @signed_request_account
+    elsif account.possibly_stale?
+      account = account.refresh!
+
+      if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
+        @signed_request_account = account
+        @signed_request_account
+      else
+        @signed_verification_failure_reason = "Verification failed for #{account.username}@#{account.domain} #{account.uri}"
+        @signed_request_account = nil
+      end
     else
+      @signed_verification_failure_reason = "Verification failed for #{account.username}@#{account.domain} #{account.uri}"
       @signed_request_account = nil
     end
   end
@@ -99,7 +117,7 @@ module SignatureVerification
       ResolveRemoteAccountService.new.call(key_id.gsub(/\Aacct:/, ''))
     elsif !ActivityPub::TagManager.instance.local_uri?(key_id)
       account   = ActivityPub::TagManager.instance.uri_to_resource(key_id, Account)
-      account ||= ActivityPub::FetchRemoteKeyService.new.call(key_id)
+      account ||= ActivityPub::FetchRemoteKeyService.new.call(key_id, id: false)
       account
     end
   end
author	kibigo! <marrus-sh@users.noreply.github.com>	2017-10-11 10:43:10 -0700
committer	kibigo! <marrus-sh@users.noreply.github.com>	2017-10-11 10:43:10 -0700
commit	8d6b9ba4946b5b159af0fbd130637a226a286796 (patch)
tree	9def26711682d29338cfa1b081822029a01669eb /app/controllers/concerns
parent	f0a2a6c875e9294f0ea1d4c6bc90529e41a2dc37 (diff)
parent	476e79b8e340c9103352a0799e102e4aca1a5593 (diff)