updated plugin ActivityPub version 2.4.0

2024-06-27 12:10:38 +00:00
parent eeef5ad6e0
commit 4e493c268e
49 changed files with 1368 additions and 491 deletions
--- a/wp-content/plugins/activitypub/includes/rest/class-server.php
+++ b/wp-content/plugins/activitypub/includes/rest/class-server.php
@ -5,7 +5,7 @@ use stdClass;
 use WP_Error;
 use WP_REST_Response;
 use Activitypub\Signature;
-use Activitypub\Model\Application_User;
+use Activitypub\Model\Application;

 /**
 * ActivityPub Server REST-Class
@ -47,7 +47,7 @@ class Server {
 	 * @return WP_REST_Response The JSON profile of the Application Actor.
 	 */
 	public static function application_actor() {
-		$user = new Application_User();
+		$user = new Application();

 		$json = $user->to_array();

@ -62,6 +62,9 @@ class Server {
 	 *
 	 * @see WP_REST_Request
 	 *
+	 * @see https://www.w3.org/wiki/SocialCG/ActivityPub/Primer/Authentication_Authorization#Authorized_fetch
+	 * @see https://swicg.github.io/activitypub-http-signature/#authorized-fetch
+	 *
 	 * @param WP_REST_Response|WP_HTTP_Response|WP_Error|mixed $response Result to send to the client.
 	 *                                                                   Usually a WP_REST_Response or WP_Error.
 	 * @param array                                            $handler  Route handler used for the request.
@ -80,7 +83,8 @@ class Server {
 		if (
 			! \str_starts_with( $route, '/' . ACTIVITYPUB_REST_NAMESPACE ) ||
 			\str_starts_with( $route, '/' . \trailingslashit( ACTIVITYPUB_REST_NAMESPACE ) . 'webfinger' ) ||
-			\str_starts_with( $route, '/' . \trailingslashit( ACTIVITYPUB_REST_NAMESPACE ) . 'nodeinfo' )
+			\str_starts_with( $route, '/' . \trailingslashit( ACTIVITYPUB_REST_NAMESPACE ) . 'nodeinfo' ) ||
+			\str_starts_with( $route, '/' . \trailingslashit( ACTIVITYPUB_REST_NAMESPACE ) . 'application' )
 		) {
 			return $response;
 		}
@ -102,17 +106,12 @@ class Server {
 			return $response;
 		}

-		// POST-Requets are always signed
-		if ( 'GET' !== $request->get_method() ) {
-			$verified_request = Signature::verify_http_signature( $request );
-			if ( \is_wp_error( $verified_request ) ) {
-				return new WP_Error(
-					'activitypub_signature_verification',
-					$verified_request->get_error_message(),
-					array( 'status' => 401 )
-				);
-			}
-		} elseif ( 'GET' === $request->get_method() && ACTIVITYPUB_AUTHORIZED_FETCH ) { // GET-Requests are only signed in secure mode
+		if (
+			// POST-Requests are always signed
+			'GET' !== $request->get_method() ||
+			// GET-Requests only require a signature in secure mode
+			( 'GET' === $request->get_method() && ACTIVITYPUB_AUTHORIZED_FETCH )
+		) {
 			$verified_request = Signature::verify_http_signature( $request );
 			if ( \is_wp_error( $verified_request ) ) {
 				return new WP_Error(