zedfrigg/bookwyrm
1
0
Fork 0
Code Activity

Merge pull request #2812 from hughrun/gts

Browse source 
Fix federation with GoToSocial and inconsistent KeyId in headers
This commit is contained in:
Mouse Reeve 2023-05-29 19:54:00 -07:00 committed by GitHub
commit a4ccd45537
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 57 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

16
bookwyrm/views/inbox.py
View file

@ -3,7 +3,6 @@ import json
import re
import logging
from urllib.parse import urldefrag
import requests
from django.http import HttpResponse, Http404
@ -130,15 +129,18 @@ def has_valid_signature(request, activity):
"""verify incoming signature"""
try:
signature = Signature.parse(request)
key_actor = urldefrag(signature.key_id).url
if key_actor != activity.get("actor"):
raise ValueError("Wrong actor created signature.")
remote_user = activitypub.resolve_remote_id(key_actor, model=models.User)
remote_user = activitypub.resolve_remote_id(
activity.get("actor"), model=models.User
)
if not remote_user:
return False
if signature.key_id != remote_user.key_pair.remote_id:
if (
signature.key_id != f"{remote_user.remote_id}#main-key"
): # legacy Bookwyrm
raise ValueError("Wrong actor created signature.")
try:
signature.verify(remote_user.key_pair.public_key, request)
except ValueError: