diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a2a6e1..f1a902b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -55,6 +55,8 @@ * Signatures are not verified and the corresponding payload is dropped if no public key is found. +* Sign forwarded AP replies and shares with the target content author's private key. + ### Internal changes * Dropped python 3.6 support. diff --git a/federation/outbound.py b/federation/outbound.py index 67d31aa..ad695b8 100644 --- a/federation/outbound.py +++ b/federation/outbound.py @@ -132,7 +132,10 @@ def handle_send( ] :arg parent_user: (Optional) User object of the parent object, if there is one. This must be given for the Diaspora protocol if a parent object exists, so that a proper ``parent_author_signature`` can - be generated. If given, the payload will be sent as this user. + be generated. If given, the payload will be sent as this user. For Activitypub, the + parent_user's private key will be used to generate the http signature if the author_user + is not a local user. + :arg payload_logger: (Optional) Function to log the payloads with. """ payloads = [] @@ -221,8 +224,10 @@ def handle_send( } ) continue + # The parent_user MUST be local + local_user = author_user if author_user.rsa_private_key else parent_user payloads.append({ - "auth": get_http_authentication(author_user.rsa_private_key, f"{author_user.id}#main-key"), + "auth": get_http_authentication(local_user.rsa_private_key, f"{local_user.id}#main-key"), "headers": { "Content-Type": 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"', }, diff --git a/federation/utils/django.py b/federation/utils/django.py index 1181780..e4549fd 100644 --- a/federation/utils/django.py +++ b/federation/utils/django.py @@ -23,7 +23,7 @@ def get_configuration(): } try: configuration.update(settings.FEDERATION) - except ImproperlyConfigured: + except (ModuleNotFoundError, ImproperlyConfigured): # Django is not properly configured, return defaults return configuration if not all([