]> cat aescling's git repositories - mastodon.git/commitdiff
cat aescling's git repositories / mastodon.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a3202f6)
If HTTP signature is wrong and webfinger cache is stale, retry with resolve (#5129)
authorEugen Rochko <eugen@zeonfederated.com>
Thu, 28 Sep 2017 15:50:14 +0000 (17:50 +0200)
committerGitHub <noreply@github.com>
Thu, 28 Sep 2017 15:50:14 +0000 (17:50 +0200)
If the signature could not be verified and the webfinger of the account
was last retrieved longer than the cache period, try re-resolving the
account and then attempting to verify the signature again

app/controllers/concerns/signature_verification.rb patch | blob | history
app/models/account.rb patch | blob | history
app/services/resolve_remote_account_service.rb patch | blob | history

diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb
index 4211283ed737a42e668abb24c40b3fdc94f80211..52a9cf2905ce8caf49cb3fa26036e6a939551196 100644 (file)
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@@ -44,6 +44,15 @@ module SignatureVerification
     if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
       @signed_request_account = account
       @signed_request_account
+    elsif account.possibly_stale?
+      account = account.refresh!
+
+      if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
+        @signed_request_account = account
+        @signed_request_account
+      else
+        @signed_request_account = nil
+      end
     else
       @signed_request_account = nil
     end
diff --git a/app/models/account.rb b/app/models/account.rb
index 0b025d1be8efe6e31e1c2eb988b53f1ae0b78b79..ce7773b4b76f1c5454f44e0708c7150d47966389 100644 (file)
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -137,6 +137,15 @@ class Account < ApplicationRecord
     subscription_expires_at.present?
   end
 
+  def possibly_stale?
+    last_webfingered_at.nil? || last_webfingered_at <= 1.day.ago
+  end
+
+  def refresh!
+    return if local?
+    ResolveRemoteAccountService.new.call(acct)
+  end
+
   def keypair
     @keypair ||= OpenSSL::PKey::RSA.new(private_key || public_key)
   end
diff --git a/app/services/resolve_remote_account_service.rb b/app/services/resolve_remote_account_service.rb
index 57c80fc82d748ba4b69f3c98afcc4f2bdadb8d59..93ba07702a1bba69b2ac2067b0806c235fce766d 100644 (file)
--- a/app/services/resolve_remote_account_service.rb
+++ b/app/services/resolve_remote_account_service.rb
@@ -74,7 +74,7 @@ class ResolveRemoteAccountService < BaseService
   end
 
   def webfinger_update_due?
-    @account.nil? || @account.last_webfingered_at.nil? || @account.last_webfingered_at <= 1.day.ago
+    @account.nil? || @account.possibly_stale?
   end
 
   def activitypub_ready?
source code fur Kibicat Mastodon