Fix some HTTP signatures issues

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2021-11-17 16:01:39 +01:00
parent 5489c54f10
commit cc9c2c878c
No known key found for this signature in database
GPG Key ID: A061B9DDE0CA0773
2 changed files with 13 additions and 2 deletions

View File

@ -59,7 +59,7 @@ defmodule Mobilizon.Federation.HTTPSignatures.Signature do
{:error, :actor_not_found} -> {:error, :actor_not_found} ->
Logger.info( Logger.info(
"Unable to get actor from URL from local database, returning empty keys to trigger refreshment" "Unable to get actor with URL #{url} from local database, returning empty keys to trigger refreshment"
) )
{:ok, ""} {:ok, ""}

View File

@ -38,7 +38,18 @@ defmodule Mobilizon.Web.Plugs.HTTPSignatures do
) )
|> maybe_put_digest_header() |> maybe_put_digest_header()
signature_valid = HTTPSignatures.validate_conn(conn) signature_valid =
try do
HTTPSignatures.validate_conn(conn)
rescue
# Because if the actor is not found in
# Mobilizon.Federation.HTTPSignatures.Signature.get_public_key_for_url/1
# we return an empty string as key,
# to give an extra-chance of fetching new actor keys
# and :public_key.verify doesn't like this
ArgumentError -> false
end
Logger.debug("Is signature valid ? #{inspect(signature_valid)}") Logger.debug("Is signature valid ? #{inspect(signature_valid)}")
date_valid = date_valid?(conn) date_valid = date_valid?(conn)
Logger.debug("Is date valid ? #{inspect(date_valid)}") Logger.debug("Is date valid ? #{inspect(date_valid)}")