Allow HTTP Signature verification to pass if signature is 24 hours old

Previously requirement was 30 seconds, which caused loss of messages where signature validation didn't happen immediately, but in a background worker which didn't immediately process the job. Refs: https://git.feneas.org/socialhome/socialhome/issues/563
2019-11-27 23:21:31 +02:00 · 2019-11-27 23:21:31 +02:00 · e0d818f724
commit e0d818f724
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -11,6 +11,13 @@
 * All outgoing entities are now validated before sending. This stops the sending of invalid
  entities to the network, for example a Share of a Post from ActivityPub to the Diaspora
  protocol network.
+  
+### Fixed
+
+* Allow ActivityPub HTTP Signature verification to pass if signature is at most 24 hours old.
+
+  Previously requirement was 30 seconds, which caused loss of messages where signature validation
+  didn't happen immediately, but in a background worker which didn't immediately process the job.

 ## [0.18.1] - 2019-10-06

--- a/federation/protocols/activitypub/signing.py
+++ b/federation/protocols/activitypub/signing.py
@ -42,9 +42,10 @@ def verify_request_signature(request: RequestType, public_key: Union[str, bytes]

    ts = parse_http_date(date_header)
    dt = datetime.datetime.utcfromtimestamp(ts).replace(tzinfo=pytz.utc)
-    delta = datetime.timedelta(seconds=30)
+    past_delta = datetime.timedelta(hours=24)
+    future_delta = datetime.timedelta(seconds=30)
    now = datetime.datetime.utcnow().replace(tzinfo=pytz.utc)
-    if dt < now - delta or dt > now + delta:
+    if dt < now - past_delta or dt > now + future_delta:
        raise ValueError("Request Date is too far in future or past")

    HTTPSignatureHeaderAuth.verify(request, key_resolver=lambda **kwargs: key)