Fix some HTTP signatures issues

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-11-17 16:01:39 +01:00 · 2021-11-17 16:01:39 +01:00 · cc9c2c878c
commit cc9c2c878c
parent 5489c54f10
2 changed files with 13 additions and 2 deletions
--- a/lib/federation/http_signatures/signature.ex
+++ b/lib/federation/http_signatures/signature.ex
@ -59,7 +59,7 @@ defmodule Mobilizon.Federation.HTTPSignatures.Signature do

      {:error, :actor_not_found} ->
        Logger.info(
-          "Unable to get actor from URL from local database, returning empty keys to trigger refreshment"
+          "Unable to get actor with URL #{url} from local database, returning empty keys to trigger refreshment"
        )

        {:ok, ""}
--- a/lib/web/plugs/http_signatures.ex
+++ b/lib/web/plugs/http_signatures.ex
@ -38,7 +38,18 @@ defmodule Mobilizon.Web.Plugs.HTTPSignatures do
        )
        |> maybe_put_digest_header()

-      signature_valid = HTTPSignatures.validate_conn(conn)
+      signature_valid =
+        try do
+          HTTPSignatures.validate_conn(conn)
+        rescue
+          # Because if the actor is not found in
+          # Mobilizon.Federation.HTTPSignatures.Signature.get_public_key_for_url/1
+          # we return an empty string as key,
+          # to give an extra-chance of fetching new actor keys
+          # and :public_key.verify doesn't like this
+          ArgumentError -> false
+        end
+
      Logger.debug("Is signature valid ? #{inspect(signature_valid)}")
      date_valid = date_valid?(conn)
      Logger.debug("Is date valid ? #{inspect(date_valid)}")