mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-22 14:15:22 +00:00
Fix security context sometimes not being added in LD-Signed activities (#31871)
This commit is contained in:
parent
24ef8255b3
commit
c35ea59ee6
|
@ -4,6 +4,7 @@ class ActivityPub::LinkedDataSignature
|
||||||
include JsonLdHelper
|
include JsonLdHelper
|
||||||
|
|
||||||
CONTEXT = 'https://w3id.org/identity/v1'
|
CONTEXT = 'https://w3id.org/identity/v1'
|
||||||
|
SIGNATURE_CONTEXT = 'https://w3id.org/security/v1'
|
||||||
|
|
||||||
def initialize(json)
|
def initialize(json)
|
||||||
@json = json.with_indifferent_access
|
@json = json.with_indifferent_access
|
||||||
|
@ -46,7 +47,13 @@ class ActivityPub::LinkedDataSignature
|
||||||
|
|
||||||
signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), to_be_signed))
|
signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), to_be_signed))
|
||||||
|
|
||||||
@json.merge('signature' => options.merge('signatureValue' => signature))
|
# Mastodon's context is either an array or a single URL
|
||||||
|
context_with_security = Array(@json['@context'])
|
||||||
|
context_with_security << 'https://w3id.org/security/v1'
|
||||||
|
context_with_security.uniq!
|
||||||
|
context_with_security = context_with_security.first if context_with_security.size == 1
|
||||||
|
|
||||||
|
@json.merge('signature' => options.merge('signatureValue' => signature), '@context' => context_with_security)
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
|
@ -95,16 +95,11 @@ RSpec.describe ActivityPub::LinkedDataSignature do
|
||||||
describe '#sign!' do
|
describe '#sign!' do
|
||||||
subject { described_class.new(raw_json).sign!(sender) }
|
subject { described_class.new(raw_json).sign!(sender) }
|
||||||
|
|
||||||
it 'returns a hash' do
|
it 'returns a hash with a signature, the expected context, and the signature can be verified', :aggregate_failures do
|
||||||
expect(subject).to be_a Hash
|
expect(subject).to be_a Hash
|
||||||
end
|
|
||||||
|
|
||||||
it 'contains signature' do
|
|
||||||
expect(subject['signature']).to be_a Hash
|
expect(subject['signature']).to be_a Hash
|
||||||
expect(subject['signature']['signatureValue']).to be_present
|
expect(subject['signature']['signatureValue']).to be_present
|
||||||
end
|
expect(Array(subject['@context'])).to include('https://w3id.org/security/v1')
|
||||||
|
|
||||||
it 'can be verified again' do
|
|
||||||
expect(described_class.new(subject).verify_actor!).to eq sender
|
expect(described_class.new(subject).verify_actor!).to eq sender
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue