From cc9c2c878c7e88680accff7085c9119bb3298883 Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Wed, 17 Nov 2021 16:01:39 +0100 Subject: [PATCH] Fix some HTTP signatures issues Signed-off-by: Thomas Citharel --- lib/federation/http_signatures/signature.ex | 2 +- lib/web/plugs/http_signatures.ex | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/lib/federation/http_signatures/signature.ex b/lib/federation/http_signatures/signature.ex index 732738b61..cf334487a 100644 --- a/lib/federation/http_signatures/signature.ex +++ b/lib/federation/http_signatures/signature.ex @@ -59,7 +59,7 @@ defmodule Mobilizon.Federation.HTTPSignatures.Signature do {:error, :actor_not_found} -> Logger.info( - "Unable to get actor from URL from local database, returning empty keys to trigger refreshment" + "Unable to get actor with URL #{url} from local database, returning empty keys to trigger refreshment" ) {:ok, ""} diff --git a/lib/web/plugs/http_signatures.ex b/lib/web/plugs/http_signatures.ex index 3d0bfd6c3..df3785e8d 100644 --- a/lib/web/plugs/http_signatures.ex +++ b/lib/web/plugs/http_signatures.ex @@ -38,7 +38,18 @@ defmodule Mobilizon.Web.Plugs.HTTPSignatures do ) |> maybe_put_digest_header() - signature_valid = HTTPSignatures.validate_conn(conn) + signature_valid = + try do + HTTPSignatures.validate_conn(conn) + rescue + # Because if the actor is not found in + # Mobilizon.Federation.HTTPSignatures.Signature.get_public_key_for_url/1 + # we return an empty string as key, + # to give an extra-chance of fetching new actor keys + # and :public_key.verify doesn't like this + ArgumentError -> false + end + Logger.debug("Is signature valid ? #{inspect(signature_valid)}") date_valid = date_valid?(conn) Logger.debug("Is date valid ? #{inspect(date_valid)}")