activitypub: normalize the actor to ensure we have its URI
This commit is contained in:
parent
1d4bbec6b3
commit
4d2c6707c2
@ -1,5 +1,6 @@
|
|||||||
defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
|
defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
|
||||||
alias Pleroma.Web.HTTPSignatures
|
alias Pleroma.Web.HTTPSignatures
|
||||||
|
alias Pleroma.Web.ActivityPub.Utils
|
||||||
import Plug.Conn
|
import Plug.Conn
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
@ -12,7 +13,7 @@ def call(%{assigns: %{valid_signature: true}} = conn, _opts) do
|
|||||||
end
|
end
|
||||||
|
|
||||||
def call(conn, _opts) do
|
def call(conn, _opts) do
|
||||||
user = conn.params["actor"]
|
user = Utils.normalize_actor(conn.params["actor"])
|
||||||
Logger.debug("Checking sig for #{user}")
|
Logger.debug("Checking sig for #{user}")
|
||||||
[signature | _] = get_req_header(conn, "signature")
|
[signature | _] = get_req_header(conn, "signature")
|
||||||
|
|
||||||
|
@ -5,6 +5,22 @@ defmodule Pleroma.Web.ActivityPub.Utils do
|
|||||||
alias Ecto.{Changeset, UUID}
|
alias Ecto.{Changeset, UUID}
|
||||||
import Ecto.Query
|
import Ecto.Query
|
||||||
|
|
||||||
|
# Some implementations send the actor URI as the actor field, others send the entire actor object,
|
||||||
|
# so figure out what the actor's URI is based on what we have.
|
||||||
|
def normalize_actor(actor) do
|
||||||
|
cond do
|
||||||
|
is_binary(actor) ->
|
||||||
|
actor
|
||||||
|
|
||||||
|
is_map(actor) ->
|
||||||
|
actor["id"]
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def normalize_params(params) do
|
||||||
|
Map.put(params, "actor", normalize_actor(params["actor"]))
|
||||||
|
end
|
||||||
|
|
||||||
def make_json_ld_header do
|
def make_json_ld_header do
|
||||||
%{
|
%{
|
||||||
"@context" => [
|
"@context" => [
|
||||||
|
@ -5,6 +5,7 @@ defmodule Pleroma.Web.Federator do
|
|||||||
alias Pleroma.Web.{WebFinger, Websub}
|
alias Pleroma.Web.{WebFinger, Websub}
|
||||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
alias Pleroma.Web.ActivityPub.ActivityPub
|
||||||
alias Pleroma.Web.ActivityPub.Transmogrifier
|
alias Pleroma.Web.ActivityPub.Transmogrifier
|
||||||
|
alias Pleroma.Web.ActivityPub.Utils
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
@websub Application.get_env(:pleroma, :websub)
|
@websub Application.get_env(:pleroma, :websub)
|
||||||
@ -91,6 +92,8 @@ def handle(:incoming_doc, doc) do
|
|||||||
def handle(:incoming_ap_doc, params) do
|
def handle(:incoming_ap_doc, params) do
|
||||||
Logger.info("Handling incoming AP activity")
|
Logger.info("Handling incoming AP activity")
|
||||||
|
|
||||||
|
params = Utils.normalize_params(params)
|
||||||
|
|
||||||
with {:ok, _user} <- ap_enabled_actor(params["actor"]),
|
with {:ok, _user} <- ap_enabled_actor(params["actor"]),
|
||||||
nil <- Activity.get_by_ap_id(params["id"]),
|
nil <- Activity.get_by_ap_id(params["id"]),
|
||||||
{:ok, _activity} <- Transmogrifier.handle_incoming(params) do
|
{:ok, _activity} <- Transmogrifier.handle_incoming(params) do
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
# https://tools.ietf.org/html/draft-cavage-http-signatures-08
|
# https://tools.ietf.org/html/draft-cavage-http-signatures-08
|
||||||
defmodule Pleroma.Web.HTTPSignatures do
|
defmodule Pleroma.Web.HTTPSignatures do
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
alias Pleroma.Web.ActivityPub.Utils
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
def split_signature(sig) do
|
def split_signature(sig) do
|
||||||
@ -31,14 +31,14 @@ def validate(headers, signature, public_key) do
|
|||||||
def validate_conn(conn) do
|
def validate_conn(conn) do
|
||||||
# TODO: How to get the right key and see if it is actually valid for that request.
|
# TODO: How to get the right key and see if it is actually valid for that request.
|
||||||
# For now, fetch the key for the actor.
|
# For now, fetch the key for the actor.
|
||||||
with actor_id <- conn.params["actor"],
|
with actor_id <- Utils.normalize_actor(conn.params["actor"]),
|
||||||
{:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
|
{:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
|
||||||
if validate_conn(conn, public_key) do
|
if validate_conn(conn, public_key) do
|
||||||
true
|
true
|
||||||
else
|
else
|
||||||
Logger.debug("Could not validate, re-fetching user and trying one more time")
|
Logger.debug("Could not validate, re-fetching user and trying one more time")
|
||||||
# Fetch user anew and try one more time
|
# Fetch user anew and try one more time
|
||||||
with actor_id <- conn.params["actor"],
|
with actor_id <- Utils.normalize_actor(conn.params["actor"]),
|
||||||
{:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id),
|
{:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id),
|
||||||
{:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
|
{:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
|
||||||
validate_conn(conn, public_key)
|
validate_conn(conn, public_key)
|
||||||
|
Loading…
Reference in New Issue
Block a user