Validate id of ActivityPub representations (#5114)
Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are.
This commit is contained in:
		
							parent
							
								
									ec13cfa4f9
								
							
						
					
					
						commit
						63f0979799
					
				
					 17 changed files with 118 additions and 113 deletions
				
			
		|  | @ -27,7 +27,7 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity | |||
|     if object_uri.start_with?('http') | ||||
|       return if ActivityPub::TagManager.instance.local_uri?(object_uri) | ||||
| 
 | ||||
|       ActivityPub::FetchRemoteStatusService.new.call(object_uri) | ||||
|       ActivityPub::FetchRemoteStatusService.new.call(object_uri, id: true) | ||||
|     elsif @object['url'].present? | ||||
|       ::FetchRemoteStatusService.new.call(@object['url']) | ||||
|     end | ||||
|  |  | |||
|  | @ -80,7 +80,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity | |||
|     return if tag['href'].blank? | ||||
| 
 | ||||
|     account = account_from_uri(tag['href']) | ||||
|     account = FetchRemoteAccountService.new.call(tag['href']) if account.nil? | ||||
|     account = FetchRemoteAccountService.new.call(tag['href'], id: false) if account.nil? | ||||
|     return if account.nil? | ||||
|     account.mentions.create(status: status) | ||||
|   end | ||||
|  |  | |||
|  | @ -19,7 +19,7 @@ class ActivityPub::LinkedDataSignature | |||
|     return unless type == 'RsaSignature2017' | ||||
| 
 | ||||
|     creator   = ActivityPub::TagManager.instance.uri_to_resource(creator_uri, Account) | ||||
|     creator ||= ActivityPub::FetchRemoteKeyService.new.call(creator_uri) | ||||
|     creator ||= ActivityPub::FetchRemoteKeyService.new.call(creator_uri, id: false) | ||||
| 
 | ||||
|     return if creator.nil? | ||||
| 
 | ||||
|  |  | |||
		Reference in a new issue