Extract keys to their own table, match keyID #816
5 changed files with 40 additions and 24 deletions
|
@ -6,7 +6,6 @@ defmodule Pleroma.Signature do
|
||||||
@behaviour HTTPSignatures.Adapter
|
@behaviour HTTPSignatures.Adapter
|
||||||
|
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
|
||||||
alias Pleroma.User.SigningKey
|
alias Pleroma.User.SigningKey
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,6 @@ defmodule Pleroma.User.SigningKey do
|
||||||
import Ecto.Changeset
|
import Ecto.Changeset
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
alias Pleroma.Repo
|
alias Pleroma.Repo
|
||||||
alias Pleroma.HTTP
|
|
||||||
|
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
|
@ -136,7 +135,7 @@ def public_key_pem(%User{} = user) do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def public_key_pem(e) do
|
def public_key_pem(_e) do
|
||||||
{:error, "key not found"}
|
{:error, "key not found"}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -190,7 +189,7 @@ def fetch_remote_key(key_id) do
|
||||||
resp = Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id(key_id)
|
resp = Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id(key_id)
|
||||||
|
|
||||||
case resp do
|
case resp do
|
||||||
{:ok, _original_url, body} ->
|
{:ok, _body} ->
|
||||||
case handle_signature_response(resp) do
|
case handle_signature_response(resp) do
|
||||||
{:ok, ap_id, public_key_pem} ->
|
{:ok, ap_id, public_key_pem} ->
|
||||||
Logger.debug("Fetched remote key: #{ap_id}")
|
Logger.debug("Fetched remote key: #{ap_id}")
|
||||||
|
@ -227,16 +226,13 @@ defp extract_key_details(%{"id" => ap_id, "publicKey" => public_key}) do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
defp handle_signature_response({:ok, _original_url, body}) do
|
defp handle_signature_response({:ok, body}) do
|
||||||
case Jason.decode(body) do
|
case body do
|
||||||
{:ok, %{"id" => _user_id, "publicKey" => _public_key} = body} ->
|
%{"id" => _user_id, "publicKey" => _public_key} ->
|
||||||
extract_key_details(body)
|
extract_key_details(body)
|
||||||
|
|
||||||
{:ok, %{"error" => error}} ->
|
%{"error" => error} ->
|
||||||
{:error, error}
|
{:error, error}
|
||||||
|
|
||||||
{:error, _} ->
|
|
||||||
{:error, "Could not parse key"}
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ def call(conn, _opts) do
|
||||||
key_id = key_id_from_conn(conn)
|
key_id = key_id_from_conn(conn)
|
||||||
|
|
||||||
unless is_nil(key_id) do
|
unless is_nil(key_id) do
|
||||||
User.SigningKey.fetch_remote_key(key_id)
|
User.SigningKey.get_or_fetch_by_key_id(key_id)
|
||||||
# now we SHOULD have the user that owns the key locally. maybe.
|
# now we SHOULD have the user that owns the key locally. maybe.
|
||||||
# if we don't, we'll error out when we try to validate.
|
# if we don't, we'll error out when we try to validate.
|
||||||
end
|
end
|
||||||
|
|
|
@ -1094,7 +1094,7 @@ test "it returns a note activity in a collection", %{conn: conn} do
|
||||||
|
|
||||||
test "it clears `unreachable` federation status of the sender", %{conn: conn, data: data} do
|
test "it clears `unreachable` federation status of the sender", %{conn: conn, data: data} do
|
||||||
user =
|
user =
|
||||||
insert(:user)
|
insert(:user, ap_id: data["actor"])
|
||||||
|> with_signing_key()
|
|> with_signing_key()
|
||||||
|
|
||||||
data = Map.put(data, "bcc", [user.ap_id])
|
data = Map.put(data, "bcc", [user.ap_id])
|
||||||
|
@ -1277,7 +1277,17 @@ test "forwarded report from mastodon", %{conn: conn} do
|
||||||
|> File.read!()
|
|> File.read!()
|
||||||
|> String.replace("{{DOMAIN}}", remote_domain)
|
|> String.replace("{{DOMAIN}}", remote_domain)
|
||||||
|
|
||||||
Tesla.Mock.mock(fn %{url: ^remote_actor} ->
|
key_url = "#{remote_actor}#main-key"
|
||||||
|
|
||||||
|
Tesla.Mock.mock(fn
|
||||||
|
%{url: ^remote_actor} ->
|
||||||
|
%Tesla.Env{
|
||||||
|
status: 200,
|
||||||
|
body: mock_json_body,
|
||||||
|
headers: [{"content-type", "application/activity+json"}]
|
||||||
|
}
|
||||||
|
|
||||||
|
%{url: ^key_url} ->
|
||||||
%Tesla.Env{
|
%Tesla.Env{
|
||||||
status: 200,
|
status: 200,
|
||||||
body: mock_json_body,
|
body: mock_json_body,
|
||||||
|
|
|
@ -11,7 +11,9 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do
|
||||||
alias Pleroma.Web.CommonAPI
|
alias Pleroma.Web.CommonAPI
|
||||||
|
|
||||||
test "Renders a user, including the public key" do
|
test "Renders a user, including the public key" do
|
||||||
user = insert(:user)
|
user =
|
||||||
|
insert(:user)
|
||||||
|
|> with_signing_key()
|
||||||
|
|
||||||
result = UserView.render("user.json", %{user: user})
|
result = UserView.render("user.json", %{user: user})
|
||||||
|
|
||||||
|
@ -37,7 +39,9 @@ test "Renders profile fields" do
|
||||||
end
|
end
|
||||||
|
|
||||||
test "Renders with emoji tags" do
|
test "Renders with emoji tags" do
|
||||||
user = insert(:user, emoji: %{"bib" => "/test"})
|
user =
|
||||||
|
insert(:user, emoji: %{"bib" => "/test"})
|
||||||
|
|> with_signing_key()
|
||||||
|
|
||||||
assert %{
|
assert %{
|
||||||
"tag" => [
|
"tag" => [
|
||||||
|
@ -74,13 +78,18 @@ test "Does not add an avatar image if the user hasn't set one" do
|
||||||
end
|
end
|
||||||
|
|
||||||
test "renders an invisible user with the invisible property set to true" do
|
test "renders an invisible user with the invisible property set to true" do
|
||||||
user = insert(:user, invisible: true)
|
user =
|
||||||
|
insert(:user, invisible: true)
|
||||||
|
|> with_signing_key()
|
||||||
|
|
||||||
assert %{"invisible" => true} = UserView.render("service.json", %{user: user})
|
assert %{"invisible" => true} = UserView.render("service.json", %{user: user})
|
||||||
end
|
end
|
||||||
|
|
||||||
test "service has a few essential fields" do
|
test "service has a few essential fields" do
|
||||||
user = insert(:user)
|
user =
|
||||||
|
insert(:user)
|
||||||
|
|> with_signing_key()
|
||||||
|
|
||||||
result = UserView.render("service.json", %{user: user})
|
result = UserView.render("service.json", %{user: user})
|
||||||
assert result["id"]
|
assert result["id"]
|
||||||
assert result["type"] == "Application"
|
assert result["type"] == "Application"
|
||||||
|
@ -120,7 +129,9 @@ test "remote users have an empty endpoints structure" do
|
||||||
end
|
end
|
||||||
|
|
||||||
test "instance users do not expose oAuth endpoints" do
|
test "instance users do not expose oAuth endpoints" do
|
||||||
user = insert(:user, nickname: nil, local: true)
|
user =
|
||||||
|
insert(:user, nickname: nil, local: true)
|
||||||
|
|> with_signing_key()
|
||||||
|
|
||||||
result = UserView.render("user.json", %{user: user})
|
result = UserView.render("user.json", %{user: user})
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue