Don't sign fetch when fetching actor for a given signature

Otherwise it's doing a loop Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-11-16 15:46:23 +01:00 · 2021-11-16 15:46:23 +01:00 · 84bd1ccfad
parent 88067bd217
commit 84bd1ccfad
3 changed files with 9 additions and 7 deletions
--- a/lib/federation/activity_pub/fetcher.ex
+++ b/lib/federation/activity_pub/fetcher.ex
@ -13,7 +13,7 @@ defmodule Mobilizon.Federation.ActivityPub.Fetcher do
  alias Mobilizon.Service.HTTP.ActivityPub, as: ActivityPubClient

  import Mobilizon.Federation.ActivityPub.Utils,
-    only: [maybe_date_fetch: 2, sign_fetch: 4, origin_check?: 2]
+    only: [maybe_date_fetch: 2, sign_fetch: 5, origin_check?: 2]

  import Mobilizon.Service.Guards, only: [is_valid_string: 1]

@ -28,7 +28,7 @@ defmodule Mobilizon.Federation.ActivityPub.Fetcher do
    headers =
      [{:Accept, "application/activity+json"}]
      |> maybe_date_fetch(date)
-      |> sign_fetch(on_behalf_of, url, date)
+      |> sign_fetch(on_behalf_of, url, date, options)

    client = ActivityPubClient.client(headers: headers)

--- a/lib/federation/activity_pub/utils.ex
+++ b/lib/federation/activity_pub/utils.ex
@ -650,9 +650,10 @@ defmodule Mobilizon.Federation.ActivityPub.Utils do
  @doc """
  Sign a request with an actor.
  """
-  @spec sign_fetch(Enum.t(), Actor.t(), String.t(), String.t()) :: Enum.t()
-  def sign_fetch(headers, actor, id, date) do
-    if Mobilizon.Config.get([:activitypub, :sign_object_fetches]) do
+  @spec sign_fetch(Enum.t(), Actor.t(), String.t(), String.t(), Keyword.t()) :: Enum.t()
+  def sign_fetch(headers, actor, id, date, options \\ []) do
+    if Mobilizon.Config.get([:activitypub, :sign_object_fetches]) and
+         Keyword.get(options, :ignore_sign_object_fetches, false) == false do
      headers ++ make_signature(actor, id, date)
    else
      headers
--- a/lib/federation/http_signatures/signature.ex
+++ b/lib/federation/http_signatures/signature.ex
@ -103,8 +103,9 @@ defmodule Mobilizon.Federation.HTTPSignatures.Signature do
    actor_id = key_id_to_actor_url(kid)
    Logger.debug("Refetching public key for #{actor_id}")

-    with {:ok, _actor} <- ActivityPubActor.make_actor_from_url(actor_id) do
-      get_public_key_for_url(actor_id)
+    with {:ok, %Actor{} = actor} <-
+           ActivityPubActor.make_actor_from_url(actor_url, ignore_sign_object_fetches: true) do
+      get_actor_public_key(actor)
    end
  end