commit: 76f360c625d6f7e1200a35430cced872fc6098ff
parent: a3202f61af7d4833808d429c79dfc21e74f06c99
Author: Eugen Rochko <eugen@zeonfederated.com>
Date: Thu, 28 Sep 2017 17:50:14 +0200
If HTTP signature is wrong and webfinger cache is stale, retry with resolve (#5129)
If the signature could not be verified and the webfinger of the account
was last retrieved longer than the cache period, try re-resolving the
account and then attempting to verify the signature again
Diffstat:
3 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb
@@ -44,6 +44,15 @@ module SignatureVerification
if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
@signed_request_account = account
@signed_request_account
+ elsif account.possibly_stale?
+ account = account.refresh!
+
+ if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
+ @signed_request_account = account
+ @signed_request_account
+ else
+ @signed_request_account = nil
+ end
else
@signed_request_account = nil
end
diff --git a/app/models/account.rb b/app/models/account.rb
@@ -137,6 +137,15 @@ class Account < ApplicationRecord
subscription_expires_at.present?
end
+ def possibly_stale?
+ last_webfingered_at.nil? || last_webfingered_at <= 1.day.ago
+ end
+
+ def refresh!
+ return if local?
+ ResolveRemoteAccountService.new.call(acct)
+ end
+
def keypair
@keypair ||= OpenSSL::PKey::RSA.new(private_key || public_key)
end
diff --git a/app/services/resolve_remote_account_service.rb b/app/services/resolve_remote_account_service.rb
@@ -74,7 +74,7 @@ class ResolveRemoteAccountService < BaseService
end
def webfinger_update_due?
- @account.nil? || @account.last_webfingered_at.nil? || @account.last_webfingered_at <= 1.day.ago
+ @account.nil? || @account.possibly_stale?
end
def activitypub_ready?
