From 63f097979990bf5ba9db848b8a253056bad781af Mon Sep 17 00:00:00 2001
From: Akihiko Odaki <akihiko.odaki.4i@stu.hosei.ac.jp>
Date: Wed, 4 Oct 2017 08:13:48 +0900
Subject: Validate id of ActivityPub representations (#5114)

Additionally, ActivityPub::FetchRemoteStatusService no longer parses
activities.
OStatus::Activity::Creation no longer delegates to ActivityPub because
the provided ActivityPub representations are not signed while OStatus
representations are.
---
 app/services/fetch_atom_service.rb | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

(limited to 'app/services/fetch_atom_service.rb')

diff --git a/app/services/fetch_atom_service.rb b/app/services/fetch_atom_service.rb
index 9c5777b5d..bcf516bc3 100644
--- a/app/services/fetch_atom_service.rb
+++ b/app/services/fetch_atom_service.rb
@@ -41,10 +41,11 @@ class FetchAtomService < BaseService
     return nil if @response.code != 200
 
     if @response.mime_type == 'application/atom+xml'
-      [@url, @response.to_s, :ostatus]
+      [@url, { prefetched_body: @response.to_s }, :ostatus]
     elsif ['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].include?(@response.mime_type)
-      if supported_activity?(@response.to_s)
-        [@url, @response.to_s, :activitypub]
+      json = body_to_json(body)
+      if supported_context?(json) && json['type'] == 'Person' && json['inbox'].present?
+        [json['id'], { id: true }, :activitypub]
       else
         @unsupported_activity = true
         nil
@@ -79,10 +80,4 @@ class FetchAtomService < BaseService
 
     result
   end
-
-  def supported_activity?(body)
-    json = body_to_json(body)
-    return false unless supported_context?(json)
-    json['type'] == 'Person' ? json['inbox'].present? : true
-  end
 end
-- 
cgit