mirror
/
bridgy-fed
kopia lustrzana https://github.com/snarfed/bridgy-fed
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

AP: add #key fragment to publicKey.id so it's not the same as actor id 

thanks for the nudge @HelgeKrueger!
pull/629/head
Ryan Barrett 2023-08-26 09:21:53 -07:00
rodzic 9daa8f36eb
commit 4f7e394c6e
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 6BE31FDF4776E9D4
3 zmienionych plików z 13 dodań i 9 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

8
activitypub.py
Wyświetl plik

@ -431,8 +431,10 @@ def signed_request(fn, url, data=None, log_data=True, headers=None, **kwargs):
# (request-target) is a special HTTP Signatures header that some fediverse
# implementations require, eg Peertube.
# https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12#section-2.3
# https://github.com/snarfed/bridgy-fed/issues/40
auth = HTTPSignatureAuth(secret=user.private_pem(), key_id=user.ap_actor(),
# https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization#Signing_requests_using_HTTP_Signatures
# https://docs.joinmastodon.org/spec/security/#http
key_id = f'{user.ap_actor()}#key'
auth = HTTPSignatureAuth(secret=user.private_pem(), key_id=key_id,
algorithm='rsa-sha256', sign_header='signature',
headers=HTTP_SIG_HEADERS)
@ -484,7 +486,7 @@ def postprocess_as2(activity, orig_obj=None, wrap=True):
actor_url = host_url(activity.get('preferredUsername'))
activity.update({
'publicKey': {
'id': actor_url,
'id': f'{actor_url}#key',
'owner': actor_url,
'publicKeyPem': g.user.public_pem().decode(),
},

4
tests/test_activitypub.py
Wyświetl plik

@ -58,7 +58,7 @@ ACTOR_BASE = {
'sharedInbox': 'http://localhost/ap/sharedInbox',
},
'publicKey': {
'id': 'http://localhost/user.com',
'id': 'http://localhost/user.com#key',
'owner': 'http://localhost/user.com',
'publicKeyPem': 'populated in setUp()',
},
@ -337,7 +337,7 @@ class ActivityPubTest(TestCase):
'followers': 'http://bf/fake/user.com/ap/followers',
'endpoints': {'sharedInbox': 'http://localhost/ap/sharedInbox'},
'publicKey': {
'id': 'http://localhost/user.com',
'id': 'http://localhost/user.com#key',
'owner': 'http://localhost/user.com',
'publicKeyPem': self.user.public_pem().decode(),
},

10
tests/test_follow.py
Wyświetl plik

@ -266,8 +266,9 @@ class FollowTest(TestCase):
# check that we signed with the follower's key
sig_template = inbox_kwargs['auth'].header_signer.signature_template
self.assertTrue(sig_template.startswith('keyId="http://localhost/alice.com"'),
sig_template)
self.assertTrue(
sig_template.startswith('keyId="http://localhost/alice.com#key"'),
sig_template)
follow_id = f'http://localhost/web/alice.com/following#2022-01-02T03:04:05-{input}'
@ -481,8 +482,9 @@ class UnfollowTest(TestCase):
# check that we signed with the follower's key
sig_template = inbox_kwargs['auth'].header_signer.signature_template
self.assertTrue(sig_template.startswith('keyId="http://localhost/alice.com"'),
sig_template)
self.assertTrue(
sig_template.startswith('keyId="http://localhost/alice.com#key"'),
sig_template)
follower = Follower.query().get()
self.assertEqual('inactive', follower.status)