Use actor ID as a hint when identifying activity signer

src/activitypub/authentication.rs

@@ -148,7 +148,7 @@ pub async fn verify_signed_activity(
             actor_profile
         },
         JsonSigner::Did(did) => {
-            let mut profiles: Vec<_> = search_profiles_by_did_only(db_client, &did)
+            let profiles: Vec<_> = search_profiles_by_did_only(db_client, &did)
                 .await?.into_iter()
                 // Exclude local profiles
                 .filter(|profile| !profile.is_local())
@@ -159,7 +159,16 @@ pub async fn verify_signed_activity(
                     profiles.len(),
                 );
             };
-            if let Some(profile) = profiles.pop() {
+            let actor_id = activity["actor"].as_str()
+                .ok_or(AuthenticationError::ActorError("unknown actor"))?;
+            let actor_profile = profiles.iter()
+                .find(|profile| profile.actor_id(&config.instance_url()) == actor_id)
+                // Use first profile with a given DID
+                // if none of them matches actor
+                .or(profiles.first())
+                .ok_or(AuthenticationError::ActorError("unknown signer"))?
+                .clone();
+
             match signature_data.signature_type {
                 SignatureType::JcsEd25519Signature => {
                     let did_key = match did {
@@ -185,10 +194,8 @@ pub async fn verify_signed_activity(
                 },
                 _ => return Err(AuthenticationError::InvalidJsonSignatureType),
             };
-                profile
+
-            } else {
+            actor_profile
-                return Err(AuthenticationError::ActorError("unknown signer"));
-            }
         },
     };