about summary refs log tree commit diff
path: root/app/services/activitypub/fetch_remote_account_service.rb
AgeCommit message (Collapse)Author
2020-10-08Remove dependency on goldfinger gem (#14919)Eugen Rochko
There are edge cases where requests to certain hosts timeout when using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now that we no longer need to support OStatus servers, webfinger logic is so simple that there is no point encapsulating it in a gem, so we can just use our own Request class. With that, we benefit from more robust timeout code and IPv4/IPv6 resolution. Fix #14091
2020-05-10Refactor monkey-patching of Goldfinger (#12561)Eugen Rochko
2019-07-09Refactor domain block checks (#11268)Eugen Rochko
2019-01-07Improvements to signature verification (#9667)ThibG
* Refactor signature verification a bit * Rescue signature verification if recorded public key is invalid Fixes #8822 * Always re-fetch AP signing key when HTTP Signature verification fails But when the account is not marked as stale, avoid fetching collections and media, and avoid webfinger round-trip. * Apply stoplight to key/account update as well as initial key retrieval
2018-10-26Add locality check to ActivityPub::FetchRemoteAccountService (#9109)Eugen Rochko
* Add locality check to ActivityPub::FetchRemoteAccountService Fix #8643 Because there are a few places where it is called, it is difficult to confirm if they all previously checked it for locality. It's better to make sure within the service. * Remove faux-remote duplicates of local accounts
2018-08-22Improve federated ID validation (#8372)Eugen Rochko
* Fix URI not being sufficiently validated with prefetched JSON * Add additional id validation to OStatus documents, when possible
2018-07-28Prevent ActivityPub movedTo recursion (#8092)Eugen Rochko
Fix #8051
2018-05-02Support Actors/Statuses with multiple types (#7305)Surinna Curtis
* Add equals_or_includes_any? helper in JsonLdHelper * Support arrays in JSON-LD type fields for actors/tags/objects. * Spec for resolving accounts with extension types * Style tweaks for codeclimate
2018-04-02Support all ActivityPub actor types (#6997)Eugen Rochko
Fix #6973
2017-10-04Check Webfinger-returned author URI even when not redirected (#5213)ThibG
The whole point of verified_webfinger? is to check the WebFinger-discoverable URI maps back to the known author URI. This was not actually verified if the first Webfinger request was not a redirection.
2017-10-04Validate id of ActivityPub representations (#5114)Akihiko Odaki
Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are.
2017-10-04Fix possible acct: uri usurpation in ActivityPub account discovery (#5208)Eugen Rochko
Signed-off-by: Eugen Rochko <eugen@zeonfederated.com>
2017-08-14Hook up URL-based resource look-up to ActivityPub (#4589)Eugen Rochko
2017-08-08Add ActivityPub inbox (#4216)Eugen Rochko
* Add ActivityPub inbox * Handle ActivityPub deletes * Handle ActivityPub creates * Handle ActivityPub announces * Stubs for handling all activities that need to be handled * Add ActivityPub actor resolving * Handle conversation URI passing in ActivityPub * Handle content language in ActivityPub * Send accept header when fetching actor, handle JSON parse errors * Test for ActivityPub::FetchRemoteAccountService * Handle public key and icon/image when embedded/as array/as resolvable URI * Implement ActivityPub::FetchRemoteStatusService * Add stubs for more interactions * Undo activities implemented * Handle out of order activities * Hook up ActivityPub to ResolveRemoteAccountService, handle Update Account activities * Add fragment IDs to all transient activity serializers * Add tests and fixes * Add stubs for missing tests * Add more tests * Add more tests
generated by cgit-pink (git 2.37.1) at 2024-07-03 02:32:16 +0000