From 84bd1ccfad02f09bfcd0f0011ac3447137af52b3 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Tue, 16 Nov 2021 15:46:23 +0100
Subject: [PATCH] Don't sign fetch when fetching actor for a given signature

Otherwise it's doing a loop

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 lib/federation/activity_pub/fetcher.ex      | 4 ++--
 lib/federation/activity_pub/utils.ex        | 7 ++++---
 lib/federation/http_signatures/signature.ex | 5 +++--
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/lib/federation/activity_pub/fetcher.ex b/lib/federation/activity_pub/fetcher.ex
index b5842f75a..479c2322c 100644
--- a/lib/federation/activity_pub/fetcher.ex
+++ b/lib/federation/activity_pub/fetcher.ex
@@ -13,7 +13,7 @@ defmodule Mobilizon.Federation.ActivityPub.Fetcher do
   alias Mobilizon.Service.HTTP.ActivityPub, as: ActivityPubClient
 
   import Mobilizon.Federation.ActivityPub.Utils,
-    only: [maybe_date_fetch: 2, sign_fetch: 4, origin_check?: 2]
+    only: [maybe_date_fetch: 2, sign_fetch: 5, origin_check?: 2]
 
   import Mobilizon.Service.Guards, only: [is_valid_string: 1]
 
@@ -28,7 +28,7 @@ defmodule Mobilizon.Federation.ActivityPub.Fetcher do
     headers =
       [{:Accept, "application/activity+json"}]
       |> maybe_date_fetch(date)
-      |> sign_fetch(on_behalf_of, url, date)
+      |> sign_fetch(on_behalf_of, url, date, options)
 
     client = ActivityPubClient.client(headers: headers)
 
diff --git a/lib/federation/activity_pub/utils.ex b/lib/federation/activity_pub/utils.ex
index b74d87853..e6977fe79 100644
--- a/lib/federation/activity_pub/utils.ex
+++ b/lib/federation/activity_pub/utils.ex
@@ -650,9 +650,10 @@ defmodule Mobilizon.Federation.ActivityPub.Utils do
   @doc """
   Sign a request with an actor.
   """
-  @spec sign_fetch(Enum.t(), Actor.t(), String.t(), String.t()) :: Enum.t()
-  def sign_fetch(headers, actor, id, date) do
-    if Mobilizon.Config.get([:activitypub, :sign_object_fetches]) do
+  @spec sign_fetch(Enum.t(), Actor.t(), String.t(), String.t(), Keyword.t()) :: Enum.t()
+  def sign_fetch(headers, actor, id, date, options \\ []) do
+    if Mobilizon.Config.get([:activitypub, :sign_object_fetches]) and
+         Keyword.get(options, :ignore_sign_object_fetches, false) == false do
       headers ++ make_signature(actor, id, date)
     else
       headers
diff --git a/lib/federation/http_signatures/signature.ex b/lib/federation/http_signatures/signature.ex
index e35d46fad..f99dad4ee 100644
--- a/lib/federation/http_signatures/signature.ex
+++ b/lib/federation/http_signatures/signature.ex
@@ -103,8 +103,9 @@ defmodule Mobilizon.Federation.HTTPSignatures.Signature do
     actor_id = key_id_to_actor_url(kid)
     Logger.debug("Refetching public key for #{actor_id}")
 
-    with {:ok, _actor} <- ActivityPubActor.make_actor_from_url(actor_id) do
-      get_public_key_for_url(actor_id)
+    with {:ok, %Actor{} = actor} <-
+           ActivityPubActor.make_actor_from_url(actor_url, ignore_sign_object_fetches: true) do
+      get_actor_public_key(actor)
     end
   end