FediMovies/fedimovies
1
1
Fork 0
Code Issues 3 Pull requests Packages Projects Releases Activity

Treat activity signature as primary signature

Browse source 
Request signature is secondary.
This commit is contained in:
silverpill 2022-11-06 22:23:28 +00:00
parent 0840197cac
commit 109a519607
1 changed files with 20 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
src/activitypub/receiver.rs
View file

@ -164,9 +164,17 @@ pub async fn receive_activity(
let object_id = find_object_id(&activity.object)?; let object_id = find_object_id(&activity.object)?;
activity.actor == object_id activity.actor == object_id
} else { false }; } else { false };
// Don't fetch signer if this is Delete(Person) activity let mut signer = match verify_signed_request(
let signer = match verify_signed_request(config, db_client, request, is_self_delete).await { config,
Ok(signer) => signer, db_client,
request,
// Don't fetch signer if this is Delete(Person) activity
is_self_delete,
).await {
Ok(request_signer) => {
log::debug!("request signed by {}", request_signer.acct);
request_signer
},
Err(error) => { Err(error) => {
if is_self_delete { if is_self_delete {
// Ignore Delete(Person) activities without HTTP signatures // Ignore Delete(Person) activities without HTTP signatures
@ -176,22 +184,21 @@ pub async fn receive_activity(
return Err(error.into()); return Err(error.into());
}, },
}; };
let signer_id = signer.actor_id(&config.instance_url());
log::debug!("request signed by {}", signer_id);
// Verify embedded signature // Verify embedded signature
match verify_signed_activity(config, db_client, activity_raw).await { match verify_signed_activity(config, db_client, activity_raw).await {
Ok(signer) => { Ok(activity_signer) => {
let activity_signer_id = signer.actor_id(&config.instance_url()); if activity_signer.acct != signer.acct {
if activity_signer_id != signer_id {
log::warn!( log::warn!(
"request signer {} is different from activity signer {}", "request signer {} is different from activity signer {}",
signer_id, signer.acct,
activity_signer_id, activity_signer.acct,
); );
} else { } else {
log::debug!("activity signed by {}", activity_signer_id); log::debug!("activity signed by {}", activity_signer.acct);
}; };
// Activity signature has higher priority
signer = activity_signer;
}, },
Err(AuthenticationError::NoJsonSignature) => (), // ignore Err(AuthenticationError::NoJsonSignature) => (), // ignore
Err(other_error) => { Err(other_error) => {
@ -206,6 +213,8 @@ pub async fn receive_activity(
return Ok(()); return Ok(());
}; };
let signer_id = signer.actor_id(&config.instance_url());
let maybe_object_type = match (activity_type.as_str(), maybe_object_type) { let maybe_object_type = match (activity_type.as_str(), maybe_object_type) {
(ACCEPT, FOLLOW) => { (ACCEPT, FOLLOW) => {
require_actor_signature(&activity.actor, &signer_id)?; require_actor_signature(&activity.actor, &signer_id)?;