From 1714ea597866556ef9dd21d5d382f1d9181e0924 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sat, 30 Mar 2019 02:12:06 +0100 Subject: Add ActivityPub representation for identity proofs (#10414) * Add ActivityPub representation for identity proofs * Add tests --- app/lib/activitypub/adapter.rb | 1 + app/lib/proof_provider/keybase.rb | 3 ++- app/serializers/activitypub/actor_serializer.rb | 24 +++++++++++++++++-- .../activitypub/process_account_service.rb | 28 +++++++++++++++++++++- 4 files changed, 52 insertions(+), 4 deletions(-) (limited to 'app') diff --git a/app/lib/activitypub/adapter.rb b/app/lib/activitypub/adapter.rb index 7e0b16c25..94eb2899c 100644 --- a/app/lib/activitypub/adapter.rb +++ b/app/lib/activitypub/adapter.rb @@ -18,6 +18,7 @@ class ActivityPub::Adapter < ActiveModelSerializers::Adapter::Base atom_uri: { 'ostatus' => 'http://ostatus.org#', 'atomUri' => 'ostatus:atomUri' }, conversation: { 'ostatus' => 'http://ostatus.org#', 'inReplyToAtomUri' => 'ostatus:inReplyToAtomUri', 'conversation' => 'ostatus:conversation' }, focal_point: { 'toot' => 'http://joinmastodon.org/ns#', 'focalPoint' => { '@container' => '@list', '@id' => 'toot:focalPoint' } }, + identity_proof: { 'toot' => 'http://joinmastodon.org/ns#', 'IdentityProof' => 'toot:IdentityProof' }, }.freeze def self.default_key_transform diff --git a/app/lib/proof_provider/keybase.rb b/app/lib/proof_provider/keybase.rb index 672e1cb4b..628972e9d 100644 --- a/app/lib/proof_provider/keybase.rb +++ b/app/lib/proof_provider/keybase.rb @@ -28,7 +28,8 @@ class ProofProvider::Keybase return end - return if @proof.provider_username.blank? + # Do not perform synchronous validation for remote accounts + return if @proof.provider_username.blank? || !@proof.account.local? if verifier.valid? @proof.verified = true diff --git a/app/serializers/activitypub/actor_serializer.rb b/app/serializers/activitypub/actor_serializer.rb index 4b982b955..0644219fb 100644 --- a/app/serializers/activitypub/actor_serializer.rb +++ b/app/serializers/activitypub/actor_serializer.rb @@ -6,7 +6,7 @@ class ActivityPub::ActorSerializer < ActivityPub::Serializer context :security context_extensions :manually_approves_followers, :featured, :also_known_as, - :moved_to, :property_value, :hashtag, :emoji + :moved_to, :property_value, :hashtag, :emoji, :identity_proof attributes :id, :type, :following, :followers, :inbox, :outbox, :featured, @@ -115,7 +115,7 @@ class ActivityPub::ActorSerializer < ActivityPub::Serializer end def virtual_attachments - object.fields + object.fields + object.identity_proofs.active end def moved_to @@ -158,4 +158,24 @@ class ActivityPub::ActorSerializer < ActivityPub::Serializer Formatter.instance.format_field(object.account, object.value) end end + + class AccountIdentityProofSerializer < ActivityPub::Serializer + attributes :type, :name, :signature_algorithm, :signature_value + + def type + 'IdentityProof' + end + + def name + object.provider_username + end + + def signature_algorithm + object.provider + end + + def signature_value + object.token + end + end end diff --git a/app/services/activitypub/process_account_service.rb b/app/services/activitypub/process_account_service.rb index 5e3308428..6d0609ca0 100644 --- a/app/services/activitypub/process_account_service.rb +++ b/app/services/activitypub/process_account_service.rb @@ -24,6 +24,7 @@ class ActivityPub::ProcessAccountService < BaseService create_account if @account.nil? update_account process_tags + process_attachments else raise Mastodon::RaceConditionError end @@ -151,7 +152,7 @@ class ActivityPub::ProcessAccountService < BaseService def property_values return unless @json['attachment'].is_a?(Array) - @json['attachment'].select { |attachment| attachment['type'] == 'PropertyValue' }.map { |attachment| attachment.slice('name', 'value') } + as_array(@json['attachment']).select { |attachment| attachment['type'] == 'PropertyValue' }.map { |attachment| attachment.slice('name', 'value') } end def mismatching_origin?(url) @@ -231,6 +232,23 @@ class ActivityPub::ProcessAccountService < BaseService end end + def process_attachments + return if @json['attachment'].blank? + + previous_proofs = @account.identity_proofs.to_a + current_proofs = [] + + as_array(@json['attachment']).each do |attachment| + next unless equals_or_includes?(attachment['type'], 'IdentityProof') + current_proofs << process_identity_proof(attachment) + end + + previous_proofs.each do |previous_proof| + next if current_proofs.any? { |current_proof| current_proof.id == previous_proof.id } + previous_proof.delete + end + end + def process_emoji(tag) return if skip_download? return if tag['name'].blank? || tag['icon'].blank? || tag['icon']['url'].blank? @@ -247,4 +265,12 @@ class ActivityPub::ProcessAccountService < BaseService emoji.image_remote_url = image_url emoji.save end + + def process_identity_proof(attachment) + provider = attachment['signatureAlgorithm'] + provider_username = attachment['name'] + token = attachment['signatureValue'] + + @account.identity_proofs.where(provider: provider, provider_username: provider_username).find_or_create_by(provider: provider, provider_username: provider_username, token: token) + end end -- cgit