about summary refs log tree commit diff
path: root/app/services/activitypub/fetch_remote_key_service.rb
diff options
context:
space:
mode:
authorClaire <claire.github-309c@sitedethib.com>2022-09-20 23:30:26 +0200
committerGitHub <noreply@github.com>2022-09-20 23:30:26 +0200
commit1145dbd327ae9b56357cc488801d723051f58e0b (patch)
treeb35c66b69988ec67b4af8c733486efca9529b3d4 /app/services/activitypub/fetch_remote_key_service.rb
parent14c7c9e40e72ac7ba2ba098b2c11d35ba463b56a (diff)
Improve error reporting and logging when processing remote accounts (#15605)
* Add a more descriptive PrivateNetworkAddressError exception class

* Remove unnecessary exception class to rescue clause

* Remove unnecessary include to JsonLdHelper

* Give more neutral error message when too many webfinger redirects

* Remove unnecessary guard condition

* Rework how “ActivityPub::FetchRemoteAccountService” handles errors

Add “suppress_errors” keyword argument to avoid raising errors in
ActivityPub::FetchRemoteAccountService#call (default/previous behavior).

* Rework how “ActivityPub::FetchRemoteKeyService” handles errors

Add “suppress_errors” keyword argument to avoid raising errors in
ActivityPub::FetchRemoteKeyService#call (default/previous behavior).

* Fix Webfinger::RedirectError not being a subclass of Webfinger::Error

* Add suppress_errors option to ResolveAccountService

Defaults to true (to preserve previous behavior). If set to false,
errors will be raised instead of caught, allowing the caller to be
informed of what went wrong.

* Return more precise error when failing to fetch account signing AP payloads

* Add tests

* Fixes

* Refactor error handling a bit

* Fix various issues

* Add specific error when provided Digest is not 256 bits of base64-encoded data

* Please CodeClimate

* Improve webfinger error reporting
Diffstat (limited to 'app/services/activitypub/fetch_remote_key_service.rb')
-rw-r--r--app/services/activitypub/fetch_remote_key_service.rb34
1 files changed, 24 insertions, 10 deletions
diff --git a/app/services/activitypub/fetch_remote_key_service.rb b/app/services/activitypub/fetch_remote_key_service.rb
index c48288b3b..01008d883 100644
--- a/app/services/activitypub/fetch_remote_key_service.rb
+++ b/app/services/activitypub/fetch_remote_key_service.rb
@@ -3,9 +3,11 @@
 class ActivityPub::FetchRemoteKeyService < BaseService
   include JsonLdHelper
 
+  class Error < StandardError; end
+
   # Returns account that owns the key
-  def call(uri, id: true, prefetched_body: nil)
-    return if uri.blank?
+  def call(uri, id: true, prefetched_body: nil, suppress_errors: true)
+    raise Error, 'No key URI given' if uri.blank?
 
     if prefetched_body.nil?
       if id
@@ -13,7 +15,7 @@ class ActivityPub::FetchRemoteKeyService < BaseService
         if person?
           @json = fetch_resource(@json['id'], true)
         elsif uri != @json['id']
-          return
+          raise Error, "Fetched URI #{uri} has wrong id #{@json['id']}"
         end
       else
         @json = fetch_resource(uri, id)
@@ -22,21 +24,29 @@ class ActivityPub::FetchRemoteKeyService < BaseService
       @json = body_to_json(prefetched_body, compare_id: id ? uri : nil)
     end
 
-    return unless supported_context?(@json) && expected_type?
-    return find_account(@json['id'], @json) if person?
+    raise Error, "Unable to fetch key JSON at #{uri}" if @json.nil?
+    raise Error, "Unsupported JSON-LD context for document #{uri}" unless supported_context?(@json)
+    raise Error, "Unexpected object type for key #{uri}" unless expected_type?
+    return find_account(@json['id'], @json, suppress_errors) if person?
 
     @owner = fetch_resource(owner_uri, true)
 
-    return unless supported_context?(@owner) && confirmed_owner?
+    raise Error, "Unable to fetch actor JSON #{owner_uri}" if @owner.nil?
+    raise Error, "Unsupported JSON-LD context for document #{owner_uri}" unless supported_context?(@owner)
+    raise Error, "Unexpected object type for actor #{owner_uri} (expected any of: #{SUPPORTED_TYPES})" unless expected_owner_type?
+    raise Error, "publicKey id for #{owner_uri} does not correspond to #{@json['id']}" unless confirmed_owner?
 
-    find_account(owner_uri, @owner)
+    find_account(owner_uri, @owner, suppress_errors)
+  rescue Error => e
+    Rails.logger.debug "Fetching key #{uri} failed: #{e.message}"
+    raise unless suppress_errors
   end
 
   private
 
-  def find_account(uri, prefetched_body)
+  def find_account(uri, prefetched_body, suppress_errors)
     account   = ActivityPub::TagManager.instance.uri_to_resource(uri, Account)
-    account ||= ActivityPub::FetchRemoteAccountService.new.call(uri, prefetched_body: prefetched_body)
+    account ||= ActivityPub::FetchRemoteAccountService.new.call(uri, prefetched_body: prefetched_body, suppress_errors: suppress_errors)
     account
   end
 
@@ -56,7 +66,11 @@ class ActivityPub::FetchRemoteKeyService < BaseService
     @owner_uri ||= value_or_id(@json['owner'])
   end
 
+  def expected_owner_type?
+    equals_or_includes_any?(@owner['type'], ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES)
+  end
+
   def confirmed_owner?
-    equals_or_includes_any?(@owner['type'], ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES) && value_or_id(@owner['publicKey']) == @json['id']
+    value_or_id(@owner['publicKey']) == @json['id']
   end
 end