If HTTP signature is wrong and webfinger cache is stale, retry with resolve (#5129)
If the signature could not be verified and the webfinger of the account was last retrieved longer than the cache period, try re-resolving the account and then attempting to verify the signature again
This commit is contained in:
parent
a3202f61af
commit
76f360c625
@ -44,6 +44,15 @@ module SignatureVerification
|
|||||||
if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
|
if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
|
||||||
@signed_request_account = account
|
@signed_request_account = account
|
||||||
@signed_request_account
|
@signed_request_account
|
||||||
|
elsif account.possibly_stale?
|
||||||
|
account = account.refresh!
|
||||||
|
|
||||||
|
if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
|
||||||
|
@signed_request_account = account
|
||||||
|
@signed_request_account
|
||||||
|
else
|
||||||
|
@signed_request_account = nil
|
||||||
|
end
|
||||||
else
|
else
|
||||||
@signed_request_account = nil
|
@signed_request_account = nil
|
||||||
end
|
end
|
||||||
|
@ -137,6 +137,15 @@ class Account < ApplicationRecord
|
|||||||
subscription_expires_at.present?
|
subscription_expires_at.present?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def possibly_stale?
|
||||||
|
last_webfingered_at.nil? || last_webfingered_at <= 1.day.ago
|
||||||
|
end
|
||||||
|
|
||||||
|
def refresh!
|
||||||
|
return if local?
|
||||||
|
ResolveRemoteAccountService.new.call(acct)
|
||||||
|
end
|
||||||
|
|
||||||
def keypair
|
def keypair
|
||||||
@keypair ||= OpenSSL::PKey::RSA.new(private_key || public_key)
|
@keypair ||= OpenSSL::PKey::RSA.new(private_key || public_key)
|
||||||
end
|
end
|
||||||
|
@ -74,7 +74,7 @@ class ResolveRemoteAccountService < BaseService
|
|||||||
end
|
end
|
||||||
|
|
||||||
def webfinger_update_due?
|
def webfinger_update_due?
|
||||||
@account.nil? || @account.last_webfingered_at.nil? || @account.last_webfingered_at <= 1.day.ago
|
@account.nil? || @account.possibly_stale?
|
||||||
end
|
end
|
||||||
|
|
||||||
def activitypub_ready?
|
def activitypub_ready?
|
||||||
|
Loading…
Reference in New Issue
Block a user