Use actor ID as a hint when identifying activity signer

2022-11-27 10:37:36 +00:00 · 2022-11-27 10:37:36 +00:00 · 12861a98b7
commit 12861a98b7
parent 8dfd8bf0d7
1 changed files with 38 additions and 31 deletions
--- a/src/activitypub/authentication.rs
+++ b/src/activitypub/authentication.rs
@ -148,7 +148,7 @@ pub async fn verify_signed_activity(
            actor_profile
        },
        JsonSigner::Did(did) => {
-            let mut profiles: Vec<_> = search_profiles_by_did_only(db_client, &did)
+            let profiles: Vec<_> = search_profiles_by_did_only(db_client, &did)
                .await?.into_iter()
                // Exclude local profiles
                .filter(|profile| !profile.is_local())
@ -159,36 +159,43 @@ pub async fn verify_signed_activity(
                    profiles.len(),
                );
            };
-            if let Some(profile) = profiles.pop() {
+            let actor_id = activity["actor"].as_str()
-                match signature_data.signature_type {
+                .ok_or(AuthenticationError::ActorError("unknown actor"))?;
-                    SignatureType::JcsEd25519Signature => {
+            let actor_profile = profiles.iter()
-                        let did_key = match did {
+                .find(|profile| profile.actor_id(&config.instance_url()) == actor_id)
-                            Did::Key(did_key) => did_key,
+                // Use first profile with a given DID
-                            _ => return Err(AuthenticationError::InvalidJsonSignatureType),
+                // if none of them matches actor
-                        };
+                .or(profiles.first())
-                        verify_ed25519_json_signature(
+                .ok_or(AuthenticationError::ActorError("unknown signer"))?
-                            &did_key,
+                .clone();
-                            &signature_data.message,
+
-                            &signature_data.signature,
+            match signature_data.signature_type {
-                        )?;
+                SignatureType::JcsEd25519Signature => {
-                    },
+                    let did_key = match did {
-                    SignatureType::JcsEip191Signature => {
+                        Did::Key(did_key) => did_key,
-                        let did_pkh = match did {
+                        _ => return Err(AuthenticationError::InvalidJsonSignatureType),
-                            Did::Pkh(did_pkh) => did_pkh,
+                    };
-                            _ => return Err(AuthenticationError::InvalidJsonSignatureType),
+                    verify_ed25519_json_signature(
-                        };
+                        &did_key,
-                        verify_eip191_json_signature(
+                        &signature_data.message,
-                            &did_pkh,
+                        &signature_data.signature,
-                            &signature_data.message,
+                    )?;
-                            &signature_data.signature,
+                },
-                        )?;
+                SignatureType::JcsEip191Signature => {
-                    },
+                    let did_pkh = match did {
-                    _ => return Err(AuthenticationError::InvalidJsonSignatureType),
+                        Did::Pkh(did_pkh) => did_pkh,
-                };
+                        _ => return Err(AuthenticationError::InvalidJsonSignatureType),
-                profile
+                    };
-            } else {
+                    verify_eip191_json_signature(
-                return Err(AuthenticationError::ActorError("unknown signer"));
+                        &did_pkh,
-            }
+                        &signature_data.message,
                        &signature_data.signature,
                    )?;
                },
                _ => return Err(AuthenticationError::InvalidJsonSignatureType),
            };
            actor_profile
        },
    };