Signature: Handle non-ap ids in key ids.

Mastodon and Gab sometimes send the format `acct:name@server`.
2020-05-01 15:54:38 +02:00 · 2020-05-01 15:54:38 +02:00 · a912f72a36
parent 3370bb0e46
commit a912f72a36
2 changed files with 29 additions and 7 deletions
--- a/lib/pleroma/signature.ex
+++ b/lib/pleroma/signature.ex
@ -8,6 +8,7 @@ defmodule Pleroma.Signature do
  alias Pleroma.Keys
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Web.ActivityPub.ObjectValidators.Types

  def key_id_to_actor_id(key_id) do
    uri =
@ -21,12 +22,23 @@ defmodule Pleroma.Signature do
        uri
      end

-    URI.to_string(uri)
+    maybe_ap_id = URI.to_string(uri)
+
+    case Types.ObjectID.cast(maybe_ap_id) do
+      {:ok, ap_id} ->
+        {:ok, ap_id}
+
+      _ ->
+        case Pleroma.Web.WebFinger.finger(maybe_ap_id) do
+          %{"ap_id" => ap_id} -> {:ok, ap_id}
+          _ -> {:error, maybe_ap_id}
+        end
+    end
  end

  def fetch_public_key(conn) do
    with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
-         actor_id <- key_id_to_actor_id(kid),
+         {:ok, actor_id} <- key_id_to_actor_id(kid),
         {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
      {:ok, public_key}
    else
@ -37,7 +49,7 @@ defmodule Pleroma.Signature do

  def refetch_public_key(conn) do
    with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
-         actor_id <- key_id_to_actor_id(kid),
+         {:ok, actor_id} <- key_id_to_actor_id(kid),
         {:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id),
         {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
      {:ok, public_key}
--- a/test/signature_test.exs
+++ b/test/signature_test.exs
@ -44,7 +44,8 @@ defmodule Pleroma.SignatureTest do

    test "it returns error when not found user" do
      assert capture_log(fn ->
-               assert Signature.fetch_public_key(make_fake_conn("test-ap_id")) == {:error, :error}
+               assert Signature.fetch_public_key(make_fake_conn("https://test-ap-id")) ==
+                        {:error, :error}
             end) =~ "[error] Could not decode user"
    end

@ -64,7 +65,7 @@ defmodule Pleroma.SignatureTest do

    test "it returns error when not found user" do
      assert capture_log(fn ->
-               {:error, _} = Signature.refetch_public_key(make_fake_conn("test-ap_id"))
+               {:error, _} = Signature.refetch_public_key(make_fake_conn("https://test-ap_id"))
             end) =~ "[error] Could not decode user"
    end
  end
@ -100,12 +101,21 @@ defmodule Pleroma.SignatureTest do
  describe "key_id_to_actor_id/1" do
    test "it properly deduces the actor id for misskey" do
      assert Signature.key_id_to_actor_id("https://example.com/users/1234/publickey") ==
-               "https://example.com/users/1234"
+               {:ok, "https://example.com/users/1234"}
    end

    test "it properly deduces the actor id for mastodon and pleroma" do
      assert Signature.key_id_to_actor_id("https://example.com/users/1234#main-key") ==
-               "https://example.com/users/1234"
+               {:ok, "https://example.com/users/1234"}
+    end
+
+    test "it calls webfinger for 'acct:' accounts" do
+      with_mock(Pleroma.Web.WebFinger,
+        finger: fn _ -> %{"ap_id" => "https://gensokyo.2hu/users/raymoo"} end
+      ) do
+        assert Signature.key_id_to_actor_id("acct:raymoo@gensokyo.2hu") ==
+                 {:ok, "https://gensokyo.2hu/users/raymoo"}
+      end
    end
  end