diff options
author | ThibG <thib@sitedethib.com> | 2019-01-07 21:45:13 +0100 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2019-01-07 21:45:13 +0100 |
commit | 28b482874ab4393639a77fdd895658096bcbfd57 (patch) | |
tree | 3f0dfa3d6abfdddf378e57bf0d2aba07b0e2c442 /app/services/activitypub/fetch_remote_account_service.rb | |
parent | cf3c0fc38cd2650a421f46a5f221d1d645ef6c7b (diff) |
Improvements to signature verification (#9667)
* Refactor signature verification a bit * Rescue signature verification if recorded public key is invalid Fixes #8822 * Always re-fetch AP signing key when HTTP Signature verification fails But when the account is not marked as stale, avoid fetching collections and media, and avoid webfinger round-trip. * Apply stoplight to key/account update as well as initial key retrieval
Diffstat (limited to 'app/services/activitypub/fetch_remote_account_service.rb')
-rw-r--r-- | app/services/activitypub/fetch_remote_account_service.rb | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/app/services/activitypub/fetch_remote_account_service.rb b/app/services/activitypub/fetch_remote_account_service.rb index 8430d12d5..3c2044941 100644 --- a/app/services/activitypub/fetch_remote_account_service.rb +++ b/app/services/activitypub/fetch_remote_account_service.rb @@ -5,8 +5,8 @@ class ActivityPub::FetchRemoteAccountService < BaseService SUPPORTED_TYPES = %w(Application Group Organization Person Service).freeze - # Does a WebFinger roundtrip on each call - def call(uri, id: true, prefetched_body: nil, break_on_redirect: false) + # Does a WebFinger roundtrip on each call, unless `only_key` is true + def call(uri, id: true, prefetched_body: nil, break_on_redirect: false, only_key: false) return ActivityPub::TagManager.instance.uri_to_resource(uri, Account) if ActivityPub::TagManager.instance.local_uri?(uri) @json = if prefetched_body.nil? @@ -21,9 +21,9 @@ class ActivityPub::FetchRemoteAccountService < BaseService @username = @json['preferredUsername'] @domain = Addressable::URI.parse(@uri).normalized_host - return unless verified_webfinger? + return unless only_key || verified_webfinger? - ActivityPub::ProcessAccountService.new.call(@username, @domain, @json) + ActivityPub::ProcessAccountService.new.call(@username, @domain, @json, only_key: only_key) rescue Oj::ParseError nil end |