about summary refs log tree commit diff
path: root/app/services/activitypub/fetch_remote_account_service.rb
AgeCommit message (Collapse)Author
2020-05-10Refactor monkey-patching of Goldfinger (#12561)Eugen Rochko
2019-07-09Refactor domain block checks (#11268)Eugen Rochko
2019-01-07Improvements to signature verification (#9667)ThibG
* Refactor signature verification a bit * Rescue signature verification if recorded public key is invalid Fixes #8822 * Always re-fetch AP signing key when HTTP Signature verification fails But when the account is not marked as stale, avoid fetching collections and media, and avoid webfinger round-trip. * Apply stoplight to key/account update as well as initial key retrieval
2018-10-26Add locality check to ActivityPub::FetchRemoteAccountService (#9109)Eugen Rochko
* Add locality check to ActivityPub::FetchRemoteAccountService Fix #8643 Because there are a few places where it is called, it is difficult to confirm if they all previously checked it for locality. It's better to make sure within the service. * Remove faux-remote duplicates of local accounts
2018-08-22Improve federated ID validation (#8372)Eugen Rochko
* Fix URI not being sufficiently validated with prefetched JSON * Add additional id validation to OStatus documents, when possible
2018-07-28Prevent ActivityPub movedTo recursion (#8092)Eugen Rochko
Fix #8051
2018-05-02Support Actors/Statuses with multiple types (#7305)Surinna Curtis
* Add equals_or_includes_any? helper in JsonLdHelper * Support arrays in JSON-LD type fields for actors/tags/objects. * Spec for resolving accounts with extension types * Style tweaks for codeclimate
2018-04-02Support all ActivityPub actor types (#6997)Eugen Rochko
Fix #6973
2017-10-04Check Webfinger-returned author URI even when not redirected (#5213)ThibG
The whole point of verified_webfinger? is to check the WebFinger-discoverable URI maps back to the known author URI. This was not actually verified if the first Webfinger request was not a redirection.
2017-10-04Validate id of ActivityPub representations (#5114)Akihiko Odaki
Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are.
2017-10-04Fix possible acct: uri usurpation in ActivityPub account discovery (#5208)Eugen Rochko
Signed-off-by: Eugen Rochko <eugen@zeonfederated.com>
2017-08-14Hook up URL-based resource look-up to ActivityPub (#4589)Eugen Rochko
2017-08-08Add ActivityPub inbox (#4216)Eugen Rochko
* Add ActivityPub inbox * Handle ActivityPub deletes * Handle ActivityPub creates * Handle ActivityPub announces * Stubs for handling all activities that need to be handled * Add ActivityPub actor resolving * Handle conversation URI passing in ActivityPub * Handle content language in ActivityPub * Send accept header when fetching actor, handle JSON parse errors * Test for ActivityPub::FetchRemoteAccountService * Handle public key and icon/image when embedded/as array/as resolvable URI * Implement ActivityPub::FetchRemoteStatusService * Add stubs for more interactions * Undo activities implemented * Handle out of order activities * Hook up ActivityPub to ResolveRemoteAccountService, handle Update Account activities * Add fragment IDs to all transient activity serializers * Add tests and fixes * Add stubs for missing tests * Add more tests * Add more tests
generated by cgit-pink (git 2.37.1) at 2024-06-28 20:10:28 +0000