If HTTP signature is wrong and webfinger cache is stale, retry with resolve (#5129)

If the signature could not be verified and the webfinger of the account
was last retrieved longer than the cache period, try re-resolving the
account and then attempting to verify the signature again
This commit is contained in:
Eugen Rochko 2017-09-28 17:50:14 +02:00 committed by GitHub
parent a3202f61af
commit 76f360c625
3 changed files with 19 additions and 1 deletions

View file

@ -44,6 +44,15 @@ module SignatureVerification
if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string) if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
@signed_request_account = account @signed_request_account = account
@signed_request_account @signed_request_account
elsif account.possibly_stale?
account = account.refresh!
if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
@signed_request_account = account
@signed_request_account
else
@signed_request_account = nil
end
else else
@signed_request_account = nil @signed_request_account = nil
end end

View file

@ -137,6 +137,15 @@ class Account < ApplicationRecord
subscription_expires_at.present? subscription_expires_at.present?
end end
def possibly_stale?
last_webfingered_at.nil? || last_webfingered_at <= 1.day.ago
end
def refresh!
return if local?
ResolveRemoteAccountService.new.call(acct)
end
def keypair def keypair
@keypair ||= OpenSSL::PKey::RSA.new(private_key || public_key) @keypair ||= OpenSSL::PKey::RSA.new(private_key || public_key)
end end

View file

@ -74,7 +74,7 @@ class ResolveRemoteAccountService < BaseService
end end
def webfinger_update_due? def webfinger_update_due?
@account.nil? || @account.last_webfingered_at.nil? || @account.last_webfingered_at <= 1.day.ago @account.nil? || @account.possibly_stale?
end end
def activitypub_ready? def activitypub_ready?