closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10369 Commits
4 Branches
567 MiB
Tree: c5c46dd6ee
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c5c46dd6ee'
${ noResults }
mastodon/app/services/activitypub/fetch_remote_key_service.rb

62 lines
1.6 KiB
Raw Normal View History

Support more variations of ActivityPub keyId in signature (#4630) - Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key
6 years ago
Validate id of ActivityPub representations (#5114) Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are.
6 years ago
Fix trying to fetch key from empty URI when verifying HTTP signature (#16100)
3 years ago
Validate id of ActivityPub representations (#5114) Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are.
6 years ago
Improve federated ID validation (#8372) * Fix URI not being sufficiently validated with prefetched JSON * Add additional id validation to OStatus documents, when possible
5 years ago
Validate id of ActivityPub representations (#5114) Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are.
6 years ago
Support more variations of ActivityPub keyId in signature (#4630) - Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key
6 years ago
Validate id of ActivityPub representations (#5114) Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are.
6 years ago
Support more variations of ActivityPub keyId in signature (#4630) - Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key
6 years ago
Validate id of ActivityPub representations (#5114) Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are.
6 years ago
Support more variations of ActivityPub keyId in signature (#4630) - Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key
6 years ago
Validate id of ActivityPub representations (#5114) Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are.
6 years ago
Support more variations of ActivityPub keyId in signature (#4630) - Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key
6 years ago
Validate id of ActivityPub representations (#5114) Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are.
6 years ago
Support more variations of ActivityPub keyId in signature (#4630) - Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key
6 years ago
Support Actors/Statuses with multiple types (#7305) * Add equals_or_includes_any? helper in JsonLdHelper * Support arrays in JSON-LD type fields for actors/tags/objects. * Spec for resolving accounts with extension types * Style tweaks for codeclimate
6 years ago
Support more variations of ActivityPub keyId in signature (#4630) - Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key
6 years ago
Support Actors/Statuses with multiple types (#7305) * Add equals_or_includes_any? helper in JsonLdHelper * Support arrays in JSON-LD type fields for actors/tags/objects. * Spec for resolving accounts with extension types * Style tweaks for codeclimate
6 years ago
Support more variations of ActivityPub keyId in signature (#4630) - Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key
6 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. class ActivityPub::FetchRemoteKeyService < BaseService
  4.   include JsonLdHelper
  5. 

  6.   # Returns account that owns the key
  7.   def call(uri, id: true, prefetched_body: nil)
  8.     return if uri.blank?
  9. 

  10.     if prefetched_body.nil?
  11.       if id
  12.         @json = fetch_resource_without_id_validation(uri)
  13.         if person?
  14.           @json = fetch_resource(@json['id'], true)
  15.         elsif uri != @json['id']
  16.           return
  17.         end
  18.       else
  19.         @json = fetch_resource(uri, id)
  20.       end
  21.     else
  22.       @json = body_to_json(prefetched_body, compare_id: id ? uri : nil)
  23.     end
  24. 

  25.     return unless supported_context?(@json) && expected_type?
  26.     return find_account(@json['id'], @json) if person?
  27. 

  28.     @owner = fetch_resource(owner_uri, true)
  29. 

  30.     return unless supported_context?(@owner) && confirmed_owner?
  31. 

  32.     find_account(owner_uri, @owner)
  33.   end
  34. 

  35.   private
  36. 

  37.   def find_account(uri, prefetched_body)
  38.     account   = ActivityPub::TagManager.instance.uri_to_resource(uri, Account)
  39.     account ||= ActivityPub::FetchRemoteAccountService.new.call(uri, prefetched_body: prefetched_body)
  40.     account
  41.   end
  42. 

  43.   def expected_type?
  44.     person? || public_key?
  45.   end
  46. 

  47.   def person?
  48.     equals_or_includes_any?(@json['type'], ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES)
  49.   end
  50. 

  51.   def public_key?
  52.     @json['publicKeyPem'].present? && @json['owner'].present?
  53.   end
  54. 

  55.   def owner_uri
  56.     @owner_uri ||= value_or_id(@json['owner'])
  57.   end
  58. 

  59.   def confirmed_owner?
  60.     equals_or_includes_any?(@owner['type'], ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES) && value_or_id(@owner['publicKey']) == @json['id']
  61.   end
  62. end