mirror of https://github.com/mastodon/mastodon
28b482874a
* Refactor signature verification a bit * Rescue signature verification if recorded public key is invalid Fixes #8822 * Always re-fetch AP signing key when HTTP Signature verification fails But when the account is not marked as stale, avoid fetching collections and media, and avoid webfinger round-trip. * Apply stoplight to key/account update as well as initial key retrieval |
||
---|---|---|
.. | ||
account_controller_concern.rb | ||
accountable_concern.rb | ||
authorization.rb | ||
export_controller_concern.rb | ||
localized.rb | ||
obfuscate_filename.rb | ||
rate_limit_headers.rb | ||
session_tracking_concern.rb | ||
signature_authentication.rb | ||
signature_verification.rb | ||
user_tracking_concern.rb |