From 5c312ad677ffd0b622aea61efa50eae68efbecf8 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 28 Sep 2018 00:01:54 +0000 Subject: [PATCH] activitypub inbox: only accept unsigned/invalid-signature relayed creates, nothing else although the previous handling assumed any unsigned/invalid signature message was a Create, lets make it more explicit --- .../activity_pub/activity_pub_controller.ex | 24 +++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index 52b2a467e..2750add8b 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -93,19 +93,29 @@ def inbox(%{assigns: %{valid_signature: true}} = conn, params) do json(conn, "ok") end + # only accept relayed Creates + def inbox(conn, %{"type" => "Create"} = params) do + Logger.info( + "Signature missing or not from author, relayed Create message, fetching object from source" + ) + + ActivityPub.fetch_object_from_id(params["object"]["id"]) + + json(conn, "ok") + end + def inbox(conn, params) do headers = Enum.into(conn.req_headers, %{}) - if !String.contains?(headers["signature"] || "", params["actor"]) do - Logger.info("Signature not from author, relayed message, fetching from source") - ActivityPub.fetch_object_from_id(params["object"]["id"]) - else - Logger.info("Signature error - make sure you are forwarding the HTTP Host header!") - Logger.info("Could not validate #{params["actor"]}") + if String.contains?(headers["signature"], params["actor"]) do + Logger.info( + "Signature validation error for: #{params["actor"]}, make sure you are forwarding the HTTP Host header!" + ) + Logger.info(inspect(conn.req_headers)) end - json(conn, "ok") + json(conn, "error") end def relay(conn, params) do