forked from fedi/mastodon
Fix HTTP responses for salmon and ActivityPub inbox processing (#5200)
* Return sensible HTTP status for ActivityPub inbox processing * Return sensible HTTP status for salmon slap processing * Return additional information to debug signature verification failures
This commit is contained in:
parent
e6543d5fc4
commit
dfaa219f88
|
@ -9,9 +9,9 @@ class ActivityPub::InboxesController < Api::BaseController
|
||||||
if signed_request_account
|
if signed_request_account
|
||||||
upgrade_account
|
upgrade_account
|
||||||
process_payload
|
process_payload
|
||||||
head 201
|
|
||||||
else
|
|
||||||
head 202
|
head 202
|
||||||
|
else
|
||||||
|
[signature_verification_failure_reason, 401]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -7,9 +7,11 @@ class Api::SalmonController < Api::BaseController
|
||||||
def update
|
def update
|
||||||
if verify_payload?
|
if verify_payload?
|
||||||
process_salmon
|
process_salmon
|
||||||
head 201
|
|
||||||
else
|
|
||||||
head 202
|
head 202
|
||||||
|
elsif payload.present?
|
||||||
|
[signature_verification_failure_reason, 401]
|
||||||
|
else
|
||||||
|
head 400
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -9,10 +9,15 @@ module SignatureVerification
|
||||||
request.headers['Signature'].present?
|
request.headers['Signature'].present?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def signature_verification_failure_reason
|
||||||
|
return @signature_verification_failure_reason if defined?(@signature_verification_failure_reason)
|
||||||
|
end
|
||||||
|
|
||||||
def signed_request_account
|
def signed_request_account
|
||||||
return @signed_request_account if defined?(@signed_request_account)
|
return @signed_request_account if defined?(@signed_request_account)
|
||||||
|
|
||||||
unless signed_request?
|
unless signed_request?
|
||||||
|
@signature_verification_failure_reason = 'Request not signed'
|
||||||
@signed_request_account = nil
|
@signed_request_account = nil
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
@ -27,6 +32,7 @@ module SignatureVerification
|
||||||
end
|
end
|
||||||
|
|
||||||
if incompatible_signature?(signature_params)
|
if incompatible_signature?(signature_params)
|
||||||
|
@signature_verification_failure_reason = 'Incompatible request signature'
|
||||||
@signed_request_account = nil
|
@signed_request_account = nil
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
@ -34,6 +40,7 @@ module SignatureVerification
|
||||||
account = account_from_key_id(signature_params['keyId'])
|
account = account_from_key_id(signature_params['keyId'])
|
||||||
|
|
||||||
if account.nil?
|
if account.nil?
|
||||||
|
@signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"
|
||||||
@signed_request_account = nil
|
@signed_request_account = nil
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
@ -51,9 +58,11 @@ module SignatureVerification
|
||||||
@signed_request_account = account
|
@signed_request_account = account
|
||||||
@signed_request_account
|
@signed_request_account
|
||||||
else
|
else
|
||||||
|
@signed_verification_failure_reason = "Verification failed for #{account.username}@#{account.domain} #{account.uri}"
|
||||||
@signed_request_account = nil
|
@signed_request_account = nil
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
|
@signed_verification_failure_reason = "Verification failed for #{account.username}@#{account.domain} #{account.uri}"
|
||||||
@signed_request_account = nil
|
@signed_request_account = nil
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -46,8 +46,8 @@ RSpec.describe Api::SalmonController, type: :controller do
|
||||||
post :update, params: { id: account.id }
|
post :update, params: { id: account.id }
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'returns http success' do
|
it 'returns http client error' do
|
||||||
expect(response).to have_http_status(202)
|
expect(response).to have_http_status(400)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue