If HTTP signature is wrong and webfinger cache is stale, retry with resolve ()

If the signature could not be verified and the webfinger of the account
was last retrieved longer than the cache period, try re-resolving the
account and then attempting to verify the signature again
This commit is contained in:
Eugen Rochko 2017-09-28 17:50:14 +02:00 committed by GitHub
parent a3202f61af
commit 76f360c625
3 changed files with 19 additions and 1 deletions

View file

@ -44,6 +44,15 @@ module SignatureVerification
if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
@signed_request_account = account
@signed_request_account
elsif account.possibly_stale?
account = account.refresh!
if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
@signed_request_account = account
@signed_request_account
else
@signed_request_account = nil
end
else
@signed_request_account = nil
end

View file

@ -137,6 +137,15 @@ class Account < ApplicationRecord
subscription_expires_at.present?
end
def possibly_stale?
last_webfingered_at.nil? || last_webfingered_at <= 1.day.ago
end
def refresh!
return if local?
ResolveRemoteAccountService.new.call(acct)
end
def keypair
@keypair ||= OpenSSL::PKey::RSA.new(private_key || public_key)
end

View file

@ -74,7 +74,7 @@ class ResolveRemoteAccountService < BaseService
end
def webfinger_update_due?
@account.nil? || @account.last_webfingered_at.nil? || @account.last_webfingered_at <= 1.day.ago
@account.nil? || @account.possibly_stale?
end
def activitypub_ready?