kopia lustrzana https://github.com/snarfed/bridgy-fed
AP: add #key fragment to publicKey.id so it's not the same as actor id
thanks for the nudge @HelgeKrueger!pull/629/head
rodzic
9daa8f36eb
commit
4f7e394c6e
|
@ -431,8 +431,10 @@ def signed_request(fn, url, data=None, log_data=True, headers=None, **kwargs):
|
|||
# (request-target) is a special HTTP Signatures header that some fediverse
|
||||
# implementations require, eg Peertube.
|
||||
# https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12#section-2.3
|
||||
# https://github.com/snarfed/bridgy-fed/issues/40
|
||||
auth = HTTPSignatureAuth(secret=user.private_pem(), key_id=user.ap_actor(),
|
||||
# https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization#Signing_requests_using_HTTP_Signatures
|
||||
# https://docs.joinmastodon.org/spec/security/#http
|
||||
key_id = f'{user.ap_actor()}#key'
|
||||
auth = HTTPSignatureAuth(secret=user.private_pem(), key_id=key_id,
|
||||
algorithm='rsa-sha256', sign_header='signature',
|
||||
headers=HTTP_SIG_HEADERS)
|
||||
|
||||
|
@ -484,7 +486,7 @@ def postprocess_as2(activity, orig_obj=None, wrap=True):
|
|||
actor_url = host_url(activity.get('preferredUsername'))
|
||||
activity.update({
|
||||
'publicKey': {
|
||||
'id': actor_url,
|
||||
'id': f'{actor_url}#key',
|
||||
'owner': actor_url,
|
||||
'publicKeyPem': g.user.public_pem().decode(),
|
||||
},
|
||||
|
|
|
@ -58,7 +58,7 @@ ACTOR_BASE = {
|
|||
'sharedInbox': 'http://localhost/ap/sharedInbox',
|
||||
},
|
||||
'publicKey': {
|
||||
'id': 'http://localhost/user.com',
|
||||
'id': 'http://localhost/user.com#key',
|
||||
'owner': 'http://localhost/user.com',
|
||||
'publicKeyPem': 'populated in setUp()',
|
||||
},
|
||||
|
@ -337,7 +337,7 @@ class ActivityPubTest(TestCase):
|
|||
'followers': 'http://bf/fake/user.com/ap/followers',
|
||||
'endpoints': {'sharedInbox': 'http://localhost/ap/sharedInbox'},
|
||||
'publicKey': {
|
||||
'id': 'http://localhost/user.com',
|
||||
'id': 'http://localhost/user.com#key',
|
||||
'owner': 'http://localhost/user.com',
|
||||
'publicKeyPem': self.user.public_pem().decode(),
|
||||
},
|
||||
|
|
|
@ -266,8 +266,9 @@ class FollowTest(TestCase):
|
|||
|
||||
# check that we signed with the follower's key
|
||||
sig_template = inbox_kwargs['auth'].header_signer.signature_template
|
||||
self.assertTrue(sig_template.startswith('keyId="http://localhost/alice.com"'),
|
||||
sig_template)
|
||||
self.assertTrue(
|
||||
sig_template.startswith('keyId="http://localhost/alice.com#key"'),
|
||||
sig_template)
|
||||
|
||||
follow_id = f'http://localhost/web/alice.com/following#2022-01-02T03:04:05-{input}'
|
||||
|
||||
|
@ -481,8 +482,9 @@ class UnfollowTest(TestCase):
|
|||
|
||||
# check that we signed with the follower's key
|
||||
sig_template = inbox_kwargs['auth'].header_signer.signature_template
|
||||
self.assertTrue(sig_template.startswith('keyId="http://localhost/alice.com"'),
|
||||
sig_template)
|
||||
self.assertTrue(
|
||||
sig_template.startswith('keyId="http://localhost/alice.com#key"'),
|
||||
sig_template)
|
||||
|
||||
follower = Follower.query().get()
|
||||
self.assertEqual('inactive', follower.status)
|
||||
|
|
Ładowanie…
Reference in New Issue