rafaelcaricio/moviewyrm
1
0
Fork 0
forked from mirrors/bookwyrm
Code Issues 4 Pull requests Projects Releases Wiki Activity

Updates remote user when refreshing key

Browse source
This commit is contained in:
Mouse Reeve 2020-12-04 16:26:07 -08:00
parent 9c9da35d9a
commit 142a39cf55
3 changed files with 13 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
bookwyrm/activitypub/base_activity.py
View file

@ -106,7 +106,7 @@ class ActivityObject:
if isinstance(formatted_value, dict) and \ if isinstance(formatted_value, dict) and \
formatted_value.get('id'): formatted_value.get('id'):
# if the AP field is a serialized object (as in Add) # if the AP field is a serialized object (as in Add)
# or PublicKey # or KeyPair (even though it's OneToOne)
related_model = field.related_model related_model = field.related_model
related_activity = related_model.activity_serializer related_activity = related_model.activity_serializer
mapped_fields[field.name] = related_activity( mapped_fields[field.name] = related_activity(
@ -131,6 +131,7 @@ class ActivityObject:
formatted_value = None formatted_value = None
mapped_fields[field.name] = formatted_value mapped_fields[field.name] = formatted_value
if instance: if instance:
# updating an existing model instance # updating an existing model instance
for k, v in mapped_fields.items(): for k, v in mapped_fields.items():
@ -178,13 +179,13 @@ class ActivityObject:
if values == MISSING: if values == MISSING:
continue continue
model_field = getattr(instance, model_key) model_field = getattr(instance, model_key)
model = model_field.model related_model = model_field.model
for item in values: for item in values:
if isinstance(item, str): if isinstance(item, str):
item = resolve_remote_id(model, item) item = resolve_remote_id(related_model, item)
else: else:
item = model.activity_serializer(**item) item = related_model.activity_serializer(**item)
item = item.to_model(model) item = item.to_model(related_model)
field_name = instance.__class__.__name__.lower() field_name = instance.__class__.__name__.lower()
setattr(item, field_name, instance) setattr(item, field_name, instance)
item.save() item.save()

2
bookwyrm/incoming.py
View file

@ -103,7 +103,7 @@ def has_valid_signature(request, activity):
signature.verify(remote_user.key_pair.public_key, request) signature.verify(remote_user.key_pair.public_key, request)
except ValueError: except ValueError:
old_key = remote_user.key_pair.public_key old_key = remote_user.key_pair.public_key
activitypub.resolve_remote_id( remote_user = activitypub.resolve_remote_id(
models.User, remote_user.remote_id, refresh=True models.User, remote_user.remote_id, refresh=True
) )
if remote_user.key_pair.public_key == old_key: if remote_user.key_pair.public_key == old_key:

19
bookwyrm/tests/test_signing.py
View file

@ -111,7 +111,7 @@ class Signature(TestCase):
status=200 status=200
) )
with patch('bookwyrm.models.user.get_remote_reviews.delay') as _: with patch('bookwyrm.models.user.get_remote_reviews.delay'):
response = self.send_test_request(sender=self.fake_remote) response = self.send_test_request(sender=self.fake_remote)
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
@ -131,17 +131,10 @@ class Signature(TestCase):
responses.GET, responses.GET,
'https://localhost/.well-known/nodeinfo', 'https://localhost/.well-known/nodeinfo',
status=404) status=404)
responses.add(
responses.GET,
'https://example.com/user/mouse/outbox?page=true',
json={'orderedItems': []},
status=200
)
# Second and subsequent fetches get a different key: # Second and subsequent fetches get a different key:
key_pair = KeyPair(*create_key_pair()) key_pair = KeyPair(*create_key_pair())
new_sender = Sender( new_sender = Sender(self.fake_remote.remote_id, key_pair)
self.fake_remote.remote_id, key_pair)
data['publicKey']['publicKeyPem'] = key_pair.public_key data['publicKey']['publicKeyPem'] = key_pair.public_key
responses.add( responses.add(
responses.GET, responses.GET,
@ -149,7 +142,7 @@ class Signature(TestCase):
json=data, json=data,
status=200) status=200)
with patch('bookwyrm.models.user.get_remote_reviews.delay') as _: with patch('bookwyrm.models.user.get_remote_reviews.delay'):
# Key correct: # Key correct:
response = self.send_test_request(sender=self.fake_remote) response = self.send_test_request(sender=self.fake_remote)
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
@ -181,7 +174,7 @@ class Signature(TestCase):
@pytest.mark.integration @pytest.mark.integration
def test_changed_data(self): def test_changed_data(self):
'''Message data must match the digest header.''' '''Message data must match the digest header.'''
with patch('bookwyrm.activitypub.resolve_remote_id') as _: with patch('bookwyrm.activitypub.resolve_remote_id'):
response = self.send_test_request( response = self.send_test_request(
self.mouse, self.mouse,
send_data=get_follow_data(self.mouse, self.cat)) send_data=get_follow_data(self.mouse, self.cat))
@ -189,7 +182,7 @@ class Signature(TestCase):
@pytest.mark.integration @pytest.mark.integration
def test_invalid_digest(self): def test_invalid_digest(self):
with patch('bookwyrm.activitypub.resolve_remote_id') as _: with patch('bookwyrm.activitypub.resolve_remote_id'):
response = self.send_test_request( response = self.send_test_request(
self.mouse, self.mouse,
digest='SHA-256=AAAAAAAAAAAAAAAAAA') digest='SHA-256=AAAAAAAAAAAAAAAAAA')
@ -198,7 +191,7 @@ class Signature(TestCase):
@pytest.mark.integration @pytest.mark.integration
def test_old_message(self): def test_old_message(self):
'''Old messages should be rejected to prevent replay attacks.''' '''Old messages should be rejected to prevent replay attacks.'''
with patch('bookwyrm.activitypub.resolve_remote_id') as _: with patch('bookwyrm.activitypub.resolve_remote_id'):
response = self.send_test_request( response = self.send_test_request(
self.mouse, self.mouse,
date=http_date(time.time() - 301) date=http_date(time.time() - 301)