From 8c14b18d5bca91cb33b6097297a913ecdc90fb64 Mon Sep 17 00:00:00 2001
From: silverpill <silverpill@firemail.cc>
Date: Mon, 12 Dec 2022 22:49:52 +0000
Subject: [PATCH] Extract integrity proof before fetching actor

---
 src/activitypub/authentication.rs | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/activitypub/authentication.rs b/src/activitypub/authentication.rs
index 6dc139a..444ec87 100644
--- a/src/activitypub/authentication.rs
+++ b/src/activitypub/authentication.rs
@@ -133,13 +133,6 @@ pub async fn verify_signed_activity(
     activity: &Value,
     no_fetch: bool,
 ) -> Result<DbActorProfile, AuthenticationError> {
-    // Signed activities must have `actor` property, to avoid situations
-    // where signer is identified by DID but there is no matching
-    // identity proof in the local database.
-    let actor_id = activity["actor"].as_str()
-        .ok_or(AuthenticationError::ActorError("unknown actor"))?;
-    let actor_profile = get_signer(config, db_client, actor_id, no_fetch).await?;
-
     let signature_data = match get_json_signature(activity) {
         Ok(signature_data) => signature_data,
         Err(JsonSignatureError::NoProof) => {
@@ -147,6 +140,12 @@ pub async fn verify_signed_activity(
         },
         Err(other_error) => return Err(other_error.into()),
     };
+    // Signed activities must have `actor` property, to avoid situations
+    // where signer is identified by DID but there is no matching
+    // identity proof in the local database.
+    let actor_id = activity["actor"].as_str()
+        .ok_or(AuthenticationError::ActorError("unknown actor"))?;
+    let actor_profile = get_signer(config, db_client, actor_id, no_fetch).await?;
 
     match signature_data.signer {
         JsonSigner::ActorKeyId(ref key_id) => {