moviewyrm/bookwyrm/views/inbox.py

""" incoming activities """
import json
import re
from urllib.parse import urldefrag

from django.http import HttpResponse, HttpResponseNotFound
from django.http import HttpResponseBadRequest, HttpResponseForbidden
from django.utils.decorators import method_decorator
from django.views import View
from django.views.decorators.csrf import csrf_exempt
import requests

from bookwyrm import activitypub, models
from bookwyrm.tasks import app
from bookwyrm.signatures import Signature
from bookwyrm.utils import regex


@method_decorator(csrf_exempt, name="dispatch")
# pylint: disable=no-self-use
class Inbox(View):
    """requests sent by outside servers"""

    # pylint: disable=too-many-return-statements
    def post(self, request, username=None):
        """only works as POST request"""
        # first check if this server is on our shitlist
        if is_blocked_user_agent(request):
            return HttpResponseForbidden()

        # make sure the user's inbox even exists
        if username:
            try:
                models.User.objects.get(localname=username)
            except models.User.DoesNotExist:
                return HttpResponseNotFound()

        # is it valid json? does it at least vaguely resemble an activity?
        try:
            activity_json = json.loads(request.body)
        except json.decoder.JSONDecodeError:
            return HttpResponseBadRequest()

        # let's be extra sure we didn't block this domain
        if is_blocked_activity(activity_json):
            return HttpResponseForbidden()

        if (
            not "object" in activity_json
            or not "type" in activity_json
            or not activity_json["type"] in activitypub.activity_objects
        ):
            return HttpResponseNotFound()

        # verify the signature
        if not has_valid_signature(request, activity_json):
            if activity_json["type"] == "Delete":
                # Pretend that unauth'd deletes succeed. Auth may be failing
                # because the resource or owner of the resource might have
                # been deleted.
                return HttpResponse()
            return HttpResponse(status=401)

        activity_task.delay(activity_json)
        return HttpResponse()


def is_blocked_user_agent(request):
    """check if a request is from a blocked server based on user agent"""
    # check user agent
    user_agent = request.headers.get("User-Agent")
    if not user_agent:
        return False
    url = re.search(r"https?://{:s}/?".format(regex.DOMAIN), user_agent)
    if not url:
        return False
    url = url.group()
    return models.FederatedServer.is_blocked(url)


def is_blocked_activity(activity_json):
    """get the sender out of activity json and check if it's blocked"""
    actor = activity_json.get("actor")

    # check if the user is banned/deleted
    existing = models.User.find_existing_by_remote_id(actor)
    if existing and existing.deleted:
        return True

    if not actor:
        # well I guess it's not even a valid activity so who knows
        return False
    return models.FederatedServer.is_blocked(actor)


@app.task
def activity_task(activity_json):
    """do something with this json we think is legit"""
    # lets see if the activitypub module can make sense of this json
    activity = activitypub.parse(activity_json)

    # cool that worked, now we should do the action described by the type
    # (create, update, delete, etc)
    activity.action()


def has_valid_signature(request, activity):
    """verify incoming signature"""
    try:
        signature = Signature.parse(request)

        key_actor = urldefrag(signature.key_id).url
        if key_actor != activity.get("actor"):
            raise ValueError("Wrong actor created signature.")

        remote_user = activitypub.resolve_remote_id(key_actor, model=models.User)
        if not remote_user:
            return False

        try:
            signature.verify(remote_user.key_pair.public_key, request)
        except ValueError:
            old_key = remote_user.key_pair.public_key
            remote_user = activitypub.resolve_remote_id(
                remote_user.remote_id, model=models.User, refresh=True
            )
            if remote_user.key_pair.public_key == old_key:
                raise  # Key unchanged.
            signature.verify(remote_user.key_pair.public_key, request)
    except (ValueError, requests.exceptions.HTTPError):
        return False
    return True
Runs black 2021-03-08 16:49:10 +00:00			`""" incoming activities """`
Basic checks for inbox 2021-02-16 00:26:48 +00:00			`import json`
Check if incoming domains are blocked 2021-04-05 22:16:21 +00:00			`import re`
Class method for checking if urls are blocked 2021-04-10 18:38:57 +00:00			`from urllib.parse import urldefrag`
Basic checks for inbox 2021-02-16 00:26:48 +00:00
Check if incoming domains are blocked 2021-04-05 22:16:21 +00:00			`from django.http import HttpResponse, HttpResponseNotFound`
			`from django.http import HttpResponseBadRequest, HttpResponseForbidden`
makes inbox csrf exempt 2021-02-17 02:07:57 +00:00			`from django.utils.decorators import method_decorator`
Basic checks for inbox 2021-02-16 00:26:48 +00:00			`from django.views import View`
makes inbox csrf exempt 2021-02-17 02:07:57 +00:00			`from django.views.decorators.csrf import csrf_exempt`
Basic checks for inbox 2021-02-16 00:26:48 +00:00			`import requests`

			`from bookwyrm import activitypub, models`
Move handlers to activitypub classes 2021-02-16 02:47:08 +00:00			`from bookwyrm.tasks import app`
Basic checks for inbox 2021-02-16 00:26:48 +00:00			`from bookwyrm.signatures import Signature`
Check if incoming domains are blocked 2021-04-05 22:16:21 +00:00			`from bookwyrm.utils import regex`
Basic checks for inbox 2021-02-16 00:26:48 +00:00

Runs black 2021-03-08 16:49:10 +00:00			`@method_decorator(csrf_exempt, name="dispatch")`
Basic checks for inbox 2021-02-16 00:26:48 +00:00			`# pylint: disable=no-self-use`
			`class Inbox(View):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""requests sent by outside servers"""`
Runs black 2021-03-08 16:49:10 +00:00
Updates code for linter 2021-06-18 21:12:56 +00:00			`# pylint: disable=too-many-return-statements`
Basic checks for inbox 2021-02-16 00:26:48 +00:00			`def post(self, request, username=None):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""only works as POST request"""`
Check if incoming domains are blocked 2021-04-05 22:16:21 +00:00			`# first check if this server is on our shitlist`
			`if is_blocked_user_agent(request):`
			`return HttpResponseForbidden()`

Check for invalid json before verifying signature 2021-03-07 17:44:42 +00:00			`# make sure the user's inbox even exists`
Basic checks for inbox 2021-02-16 00:26:48 +00:00			`if username:`
			`try:`
			`models.User.objects.get(localname=username)`
			`except models.User.DoesNotExist:`
			`return HttpResponseNotFound()`

			`# is it valid json? does it at least vaguely resemble an activity?`
			`try:`
Recursively parse activities 2021-02-16 01:23:17 +00:00			`activity_json = json.loads(request.body)`
			`except json.decoder.JSONDecodeError:`
Basic checks for inbox 2021-02-16 00:26:48 +00:00			`return HttpResponseBadRequest()`

Check if incoming domains are blocked 2021-04-05 22:16:21 +00:00			`# let's be extra sure we didn't block this domain`
			`if is_blocked_activity(activity_json):`
			`return HttpResponseForbidden()`

Runs black 2021-03-08 16:49:10 +00:00			`if (`
			`not "object" in activity_json`
			`or not "type" in activity_json`
			`or not activity_json["type"] in activitypub.activity_objects`
			`):`
Check for invalid json before verifying signature 2021-03-07 17:44:42 +00:00			`return HttpResponseNotFound()`

Basic checks for inbox 2021-02-16 00:26:48 +00:00			`# verify the signature`
			`if not has_valid_signature(request, activity_json):`
Runs black 2021-03-08 16:49:10 +00:00			`if activity_json["type"] == "Delete":`
Basic checks for inbox 2021-02-16 00:26:48 +00:00			`# Pretend that unauth'd deletes succeed. Auth may be failing`
			`# because the resource or owner of the resource might have`
			`# been deleted.`
			`return HttpResponse()`
			`return HttpResponse(status=401)`

incoming Create flow with tests 2021-02-16 03:41:22 +00:00			`activity_task.delay(activity_json)`
Basic checks for inbox 2021-02-16 00:26:48 +00:00			`return HttpResponse()`


Check if incoming domains are blocked 2021-04-05 22:16:21 +00:00			`def is_blocked_user_agent(request):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""check if a request is from a blocked server based on user agent"""`
Check if incoming domains are blocked 2021-04-05 22:16:21 +00:00			`# check user agent`
			`user_agent = request.headers.get("User-Agent")`
Adds tests for blocked server checks 2021-04-05 22:54:33 +00:00			`if not user_agent:`
			`return False`
Updates code for linter 2021-06-18 21:12:56 +00:00			`url = re.search(r"https?://{:s}/?".format(regex.DOMAIN), user_agent)`
Fixes logic error in checking sender 2021-04-14 01:04:54 +00:00			`if not url:`
			`return False`
Fixes regex group 2021-04-14 01:26:54 +00:00			`url = url.group()`
Class method for checking if urls are blocked 2021-04-10 18:38:57 +00:00			`return models.FederatedServer.is_blocked(url)`
Check if incoming domains are blocked 2021-04-05 22:16:21 +00:00

			`def is_blocked_activity(activity_json):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""get the sender out of activity json and check if it's blocked"""`
Check if incoming domains are blocked 2021-04-05 22:16:21 +00:00			`actor = activity_json.get("actor")`
Reject statuses from deactivated remote users 2021-04-18 00:55:22 +00:00
			`# check if the user is banned/deleted`
			`existing = models.User.find_existing_by_remote_id(actor)`
			`if existing and existing.deleted:`
			`return True`

Check if incoming domains are blocked 2021-04-05 22:16:21 +00:00			`if not actor:`
			`# well I guess it's not even a valid activity so who knows`
			`return False`
Class method for checking if urls are blocked 2021-04-10 18:38:57 +00:00			`return models.FederatedServer.is_blocked(actor)`
Check if incoming domains are blocked 2021-04-05 22:16:21 +00:00

Move handlers to activitypub classes 2021-02-16 02:47:08 +00:00			`@app.task`
			`def activity_task(activity_json):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""do something with this json we think is legit"""`
Move handlers to activitypub classes 2021-02-16 02:47:08 +00:00			`# lets see if the activitypub module can make sense of this json`
Loudly throw errors in inbox task 2021-04-08 21:15:58 +00:00			`activity = activitypub.parse(activity_json)`
Move handlers to activitypub classes 2021-02-16 02:47:08 +00:00
			`# cool that worked, now we should do the action described by the type`
			`# (create, update, delete, etc)`
Loudly throw errors in inbox task 2021-04-08 21:15:58 +00:00			`activity.action()`
Move handlers to activitypub classes 2021-02-16 02:47:08 +00:00

Basic checks for inbox 2021-02-16 00:26:48 +00:00			`def has_valid_signature(request, activity):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""verify incoming signature"""`
Basic checks for inbox 2021-02-16 00:26:48 +00:00			`try:`
			`signature = Signature.parse(request)`

			`key_actor = urldefrag(signature.key_id).url`
Runs black 2021-03-08 16:49:10 +00:00			`if key_actor != activity.get("actor"):`
Basic checks for inbox 2021-02-16 00:26:48 +00:00			`raise ValueError("Wrong actor created signature.")`

Runs black 2021-03-08 16:49:10 +00:00			`remote_user = activitypub.resolve_remote_id(key_actor, model=models.User)`
Basic checks for inbox 2021-02-16 00:26:48 +00:00			`if not remote_user:`
			`return False`

			`try:`
			`signature.verify(remote_user.key_pair.public_key, request)`
			`except ValueError:`
			`old_key = remote_user.key_pair.public_key`
			`remote_user = activitypub.resolve_remote_id(`
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`remote_user.remote_id, model=models.User, refresh=True`
Basic checks for inbox 2021-02-16 00:26:48 +00:00			`)`
			`if remote_user.key_pair.public_key == old_key:`
Runs black 2021-03-08 16:49:10 +00:00			`raise # Key unchanged.`
Basic checks for inbox 2021-02-16 00:26:48 +00:00			`signature.verify(remote_user.key_pair.public_key, request)`
			`except (ValueError, requests.exceptions.HTTPError):`
			`return False`
			`return True`