diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2018-08-22 20:55:14 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-08-22 20:55:14 +0200 |
| commit | 802cf6a4c53175c7da17ded39cf75679fa352385 (patch) | |
| tree | ea3833a78c7282626f58475175d491254a64e0d8 /app/services/activitypub | |
| parent | ad41806e53e6b024aaca01d1d59fcc82d1c4b804 (diff) | |
Improve federated ID validation (#8372)
* Fix URI not being sufficiently validated with prefetched JSON * Add additional id validation to OStatus documents, when possible
Diffstat (limited to 'app/services/activitypub')
| -rw-r--r-- | app/services/activitypub/fetch_remote_account_service.rb | 2 | ||||
| -rw-r--r-- | app/services/activitypub/fetch_remote_key_service.rb | 2 | ||||
| -rw-r--r-- | app/services/activitypub/fetch_remote_status_service.rb | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/app/services/activitypub/fetch_remote_account_service.rb b/app/services/activitypub/fetch_remote_account_service.rb index 41fec9170..1ec9ee5dd 100644 --- a/app/services/activitypub/fetch_remote_account_service.rb +++ b/app/services/activitypub/fetch_remote_account_service.rb @@ -11,7 +11,7 @@ class ActivityPub::FetchRemoteAccountService < BaseService @json = if prefetched_body.nil? fetch_resource(uri, id) else - body_to_json(prefetched_body) + body_to_json(prefetched_body, compare_id: id ? uri : nil) end return if !supported_context? || !expected_type? || (break_on_redirect && @json['movedTo'].present?) diff --git a/app/services/activitypub/fetch_remote_key_service.rb b/app/services/activitypub/fetch_remote_key_service.rb index 505baccd4..df17d9079 100644 --- a/app/services/activitypub/fetch_remote_key_service.rb +++ b/app/services/activitypub/fetch_remote_key_service.rb @@ -17,7 +17,7 @@ class ActivityPub::FetchRemoteKeyService < BaseService @json = fetch_resource(uri, id) end else - @json = body_to_json(prefetched_body) + @json = body_to_json(prefetched_body, compare_id: id ? uri : nil) end return unless supported_context?(@json) && expected_type? diff --git a/app/services/activitypub/fetch_remote_status_service.rb b/app/services/activitypub/fetch_remote_status_service.rb index 2b447abb3..469821032 100644 --- a/app/services/activitypub/fetch_remote_status_service.rb +++ b/app/services/activitypub/fetch_remote_status_service.rb @@ -8,7 +8,7 @@ class ActivityPub::FetchRemoteStatusService < BaseService @json = if prefetched_body.nil? fetch_resource(uri, id, on_behalf_of) else - body_to_json(prefetched_body) + body_to_json(prefetched_body, compare_id: id ? uri : nil) end return unless supported_context? && expected_type? |