Improvements to signature verification (#9667)
* Refactor signature verification a bit * Rescue signature verification if recorded public key is invalid Fixes #8822 * Always re-fetch AP signing key when HTTP Signature verification fails But when the account is not marked as stale, avoid fetching collections and media, and avoid webfinger round-trip. * Apply stoplight to key/account update as well as initial key retrieval
This commit is contained in:
parent
cf3c0fc38c
commit
28b482874a
3 changed files with 41 additions and 22 deletions
|
@ -33,8 +33,10 @@ class ActivityPub::ProcessAccountService < BaseService
|
|||
|
||||
after_protocol_change! if protocol_changed?
|
||||
after_key_change! if key_changed? && !@options[:signed_with_known_key]
|
||||
check_featured_collection! if @account.featured_collection_url.present?
|
||||
check_links! unless @account.fields.empty?
|
||||
unless @options[:only_key]
|
||||
check_featured_collection! if @account.featured_collection_url.present?
|
||||
check_links! unless @account.fields.empty?
|
||||
end
|
||||
|
||||
@account
|
||||
rescue Oj::ParseError
|
||||
|
@ -54,11 +56,11 @@ class ActivityPub::ProcessAccountService < BaseService
|
|||
end
|
||||
|
||||
def update_account
|
||||
@account.last_webfingered_at = Time.now.utc
|
||||
@account.last_webfingered_at = Time.now.utc unless @options[:only_key]
|
||||
@account.protocol = :activitypub
|
||||
|
||||
set_immediate_attributes!
|
||||
set_fetchable_attributes!
|
||||
set_fetchable_attributes! unless @options[:only_keys]
|
||||
|
||||
@account.save_with_optional_media!
|
||||
end
|
||||
|
|
Reference in a new issue