From 76f360c625d6f7e1200a35430cced872fc6098ff Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 28 Sep 2017 17:50:14 +0200 Subject: [PATCH] If HTTP signature is wrong and webfinger cache is stale, retry with resolve (#5129) If the signature could not be verified and the webfinger of the account was last retrieved longer than the cache period, try re-resolving the account and then attempting to verify the signature again --- app/controllers/concerns/signature_verification.rb | 9 +++++++++ app/models/account.rb | 9 +++++++++ app/services/resolve_remote_account_service.rb | 2 +- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb index 4211283ed7..52a9cf2905 100644 --- a/app/controllers/concerns/signature_verification.rb +++ b/app/controllers/concerns/signature_verification.rb @@ -44,6 +44,15 @@ module SignatureVerification if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string) @signed_request_account = account @signed_request_account + elsif account.possibly_stale? + account = account.refresh! + + if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string) + @signed_request_account = account + @signed_request_account + else + @signed_request_account = nil + end else @signed_request_account = nil end diff --git a/app/models/account.rb b/app/models/account.rb index 0b025d1be8..ce7773b4b7 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -137,6 +137,15 @@ class Account < ApplicationRecord subscription_expires_at.present? end + def possibly_stale? + last_webfingered_at.nil? || last_webfingered_at <= 1.day.ago + end + + def refresh! + return if local? + ResolveRemoteAccountService.new.call(acct) + end + def keypair @keypair ||= OpenSSL::PKey::RSA.new(private_key || public_key) end diff --git a/app/services/resolve_remote_account_service.rb b/app/services/resolve_remote_account_service.rb index 57c80fc82d..93ba07702a 100644 --- a/app/services/resolve_remote_account_service.rb +++ b/app/services/resolve_remote_account_service.rb @@ -74,7 +74,7 @@ class ResolveRemoteAccountService < BaseService end def webfinger_update_due? - @account.nil? || @account.last_webfingered_at.nil? || @account.last_webfingered_at <= 1.day.ago + @account.nil? || @account.possibly_stale? end def activitypub_ready?