mirrors/bookwyrm
1
0
Fork 1
mirror of https://github.com/bookwyrm-social/bookwyrm.git synced 2025-01-16 20:26:26 +00:00
Code Issues Projects Releases Wiki Activity

Move signature checking logic out of shared_inbox.

Browse source
This commit is contained in:
Adam Kelly 2020-05-22 13:53:56 +01:00
parent 5cfc9aa8de
commit ae7339928c
1 changed files with 24 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
fedireads/incoming.py
View file

@ -44,24 +44,7 @@ def shared_inbox(request):
if not activity.get('object'):
return HttpResponseBadRequest()
try:
signature = Signature.parse(request)
key_actor = urldefrag(signature.key_id).url
if key_actor != activity.get('actor'):
raise ValueError("Wrong actor created signature.")
remote_user = get_or_create_remote_user(key_actor)
try:
signature.verify(remote_user.public_key, request)
except ValueError:
old_key = remote_user.public_key
refresh_remote_user(remote_user)
if remote_user.public_key == old_key:
raise # Key unchanged.
signature.verify(remote_user.public_key, request)
except (ValueError, requests.exceptions.HTTPError):
if not has_valid_signature(request, activity):
return HttpResponse(status=401)
handlers = {
@ -96,6 +79,29 @@ def shared_inbox(request):
return HttpResponse()
def has_valid_signature(request, activity):
try:
signature = Signature.parse(request)
key_actor = urldefrag(signature.key_id).url
if key_actor != activity.get('actor'):
raise ValueError("Wrong actor created signature.")
remote_user = get_or_create_remote_user(key_actor)
try:
signature.verify(remote_user.public_key, request)
except ValueError:
old_key = remote_user.public_key
refresh_remote_user(remote_user)
if remote_user.public_key == old_key:
raise # Key unchanged.
signature.verify(remote_user.public_key, request)
except (ValueError, requests.exceptions.HTTPError):
return False
return True
@app.task
def handle_follow(activity):
''' someone wants to follow a local user '''