forked from AkkomaGang/akkoma
Merge branch 'bugfix/1727-fix-signature-decoding' into 'develop'
Bugfix/1727 fix signature decoding Closes #1727 See merge request pleroma/pleroma!2454
This commit is contained in:
rinpatch
commit
ed8282c091
3 changed files with 32 additions and 9 deletions
|
|
@ -13,8 +13,9 @@ defmodule Pleroma.Web.Plugs.MappedSignatureToIdentityPlug do
|
||||||
def init(options), do: options
|
def init(options), do: options
|
||||||
|
|
||||||
defp key_id_from_conn(conn) do
|
defp key_id_from_conn(conn) do
|
||||||
with %{"keyId" => key_id} <- HTTPSignatures.signature_for_conn(conn) do
|
with %{"keyId" => key_id} <- HTTPSignatures.signature_for_conn(conn),
|
||||||
Signature.key_id_to_actor_id(key_id)
|
{:ok, ap_id} <- Signature.key_id_to_actor_id(key_id) do
|
||||||
|
ap_id
|
||||||
else
|
else
|
||||||
_ ->
|
_ ->
|
||||||
nil
|
nil
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ defmodule Pleroma.Signature do
|
||||||
alias Pleroma.Keys
|
alias Pleroma.Keys
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
alias Pleroma.Web.ActivityPub.ActivityPub
|
||||||
|
alias Pleroma.Web.ActivityPub.ObjectValidators.Types
|
||||||
|
|
||||||
def key_id_to_actor_id(key_id) do
|
def key_id_to_actor_id(key_id) do
|
||||||
uri =
|
uri =
|
||||||
|
|
@ -21,12 +22,23 @@ def key_id_to_actor_id(key_id) do
|
||||||
uri
|
uri
|
||||||
end
|
end
|
||||||
|
|
||||||
URI.to_string(uri)
|
maybe_ap_id = URI.to_string(uri)
|
||||||
|
|
||||||
|
case Types.ObjectID.cast(maybe_ap_id) do
|
||||||
|
{:ok, ap_id} ->
|
||||||
|
{:ok, ap_id}
|
||||||
|
|
||||||
|
_ ->
|
||||||
|
case Pleroma.Web.WebFinger.finger(maybe_ap_id) do
|
||||||
|
%{"ap_id" => ap_id} -> {:ok, ap_id}
|
||||||
|
_ -> {:error, maybe_ap_id}
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def fetch_public_key(conn) do
|
def fetch_public_key(conn) do
|
||||||
with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
|
with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
|
||||||
actor_id <- key_id_to_actor_id(kid),
|
{:ok, actor_id} <- key_id_to_actor_id(kid),
|
||||||
{:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
|
{:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
|
||||||
{:ok, public_key}
|
{:ok, public_key}
|
||||||
else
|
else
|
||||||
|
|
@ -37,7 +49,7 @@ def fetch_public_key(conn) do
|
||||||
|
|
||||||
def refetch_public_key(conn) do
|
def refetch_public_key(conn) do
|
||||||
with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
|
with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
|
||||||
actor_id <- key_id_to_actor_id(kid),
|
{:ok, actor_id} <- key_id_to_actor_id(kid),
|
||||||
{:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id),
|
{:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id),
|
||||||
{:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
|
{:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
|
||||||
{:ok, public_key}
|
{:ok, public_key}
|
||||||
|
|
|
||||||
|
|
@ -44,7 +44,8 @@ test "it returns key" do
|
||||||
|
|
||||||
test "it returns error when not found user" do
|
test "it returns error when not found user" do
|
||||||
assert capture_log(fn ->
|
assert capture_log(fn ->
|
||||||
assert Signature.fetch_public_key(make_fake_conn("test-ap_id")) == {:error, :error}
|
assert Signature.fetch_public_key(make_fake_conn("https://test-ap-id")) ==
|
||||||
|
{:error, :error}
|
||||||
end) =~ "[error] Could not decode user"
|
end) =~ "[error] Could not decode user"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -64,7 +65,7 @@ test "it returns key" do
|
||||||
|
|
||||||
test "it returns error when not found user" do
|
test "it returns error when not found user" do
|
||||||
assert capture_log(fn ->
|
assert capture_log(fn ->
|
||||||
{:error, _} = Signature.refetch_public_key(make_fake_conn("test-ap_id"))
|
{:error, _} = Signature.refetch_public_key(make_fake_conn("https://test-ap_id"))
|
||||||
end) =~ "[error] Could not decode user"
|
end) =~ "[error] Could not decode user"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
@ -100,12 +101,21 @@ test "it returns error" do
|
||||||
describe "key_id_to_actor_id/1" do
|
describe "key_id_to_actor_id/1" do
|
||||||
test "it properly deduces the actor id for misskey" do
|
test "it properly deduces the actor id for misskey" do
|
||||||
assert Signature.key_id_to_actor_id("https://example.com/users/1234/publickey") ==
|
assert Signature.key_id_to_actor_id("https://example.com/users/1234/publickey") ==
|
||||||
"https://example.com/users/1234"
|
{:ok, "https://example.com/users/1234"}
|
||||||
end
|
end
|
||||||
|
|
||||||
test "it properly deduces the actor id for mastodon and pleroma" do
|
test "it properly deduces the actor id for mastodon and pleroma" do
|
||||||
assert Signature.key_id_to_actor_id("https://example.com/users/1234#main-key") ==
|
assert Signature.key_id_to_actor_id("https://example.com/users/1234#main-key") ==
|
||||||
"https://example.com/users/1234"
|
{:ok, "https://example.com/users/1234"}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "it calls webfinger for 'acct:' accounts" do
|
||||||
|
with_mock(Pleroma.Web.WebFinger,
|
||||||
|
finger: fn _ -> %{"ap_id" => "https://gensokyo.2hu/users/raymoo"} end
|
||||||
|
) do
|
||||||
|
assert Signature.key_id_to_actor_id("acct:raymoo@gensokyo.2hu") ==
|
||||||
|
{:ok, "https://gensokyo.2hu/users/raymoo"}
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue