about summary refs log tree commit diff
path: root/app/lib/activitypub/activity
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2018-08-26 20:21:03 +0200
committerGitHub <noreply@github.com>2018-08-26 20:21:03 +0200
commitcabdbb7f9c1df8007749d07a2e186bb3ad35f62b (patch)
tree68e2ea8b16dc6fbf3d63f09b3301a0c4ad8edc39 /app/lib/activitypub/activity
parent8adf485c0fc553fafc6af70144c3f3954dac2307 (diff)
Add CLI task for rotating keys (#8466)
* If an Update is signed with known key, skip re-following procedure

Because it means the remote actor did *not* lose their database

* Add CLI method for rotating keys

    bin/tootctl accounts rotate [USERNAME]

Generates a new RSA key per account and sends out an Update activity
signed with the old key.

* Key rotation: Space out Update fan-outs every 5 minutes per 1000 accounts

* Skip suspended accounts in key rotation
Diffstat (limited to 'app/lib/activitypub/activity')
-rw-r--r--app/lib/activitypub/activity/update.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/app/lib/activitypub/activity/update.rb b/app/lib/activitypub/activity/update.rb
index aa5907f03..6eebc3b5c 100644
--- a/app/lib/activitypub/activity/update.rb
+++ b/app/lib/activitypub/activity/update.rb
@@ -11,6 +11,6 @@ class ActivityPub::Activity::Update < ActivityPub::Activity
 
   def update_account
     return if @account.uri != object_uri
-    ActivityPub::ProcessAccountService.new.call(@account.username, @account.domain, @object)
+    ActivityPub::ProcessAccountService.new.call(@account.username, @account.domain, @object, signed_with_known_key: true)
   end
 end