Fix deletes not being signed in authorized fetch mode (#17484)

Fix #17483
pull/1684/head
Eugen Rochko 2022-02-11 14:52:45 +01:00 committed by GitHub
parent d4e6774a0c
commit c9a52833b6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 7 deletions

View File

@ -1,13 +1,21 @@
# frozen_string_literal: true # frozen_string_literal: true
module Payloadable module Payloadable
# @param [ActiveModelSerializers::Model] record
# @param [ActiveModelSerializers::Serializer] serializer
# @param [Hash] options
# @option options [Account] :signer
# @option options [String] :sign_with
# @option options [Boolean] :always_sign
# @return [Hash]
def serialize_payload(record, serializer, options = {}) def serialize_payload(record, serializer, options = {})
signer = options.delete(:signer) signer = options.delete(:signer)
sign_with = options.delete(:sign_with) sign_with = options.delete(:sign_with)
payload = ActiveModelSerializers::SerializableResource.new(record, options.merge(serializer: serializer, adapter: ActivityPub::Adapter)).as_json always_sign = options.delete(:always_sign)
object = record.respond_to?(:virtual_object) ? record.virtual_object : record payload = ActiveModelSerializers::SerializableResource.new(record, options.merge(serializer: serializer, adapter: ActivityPub::Adapter)).as_json
object = record.respond_to?(:virtual_object) ? record.virtual_object : record
if (object.respond_to?(:sign?) && object.sign?) && signer && signing_enabled? if (object.respond_to?(:sign?) && object.sign?) && signer && (always_sign || signing_enabled?)
ActivityPub::LinkedDataSignature.new(payload).sign!(signer, sign_with: sign_with) ActivityPub::LinkedDataSignature.new(payload).sign!(signer, sign_with: sign_with)
else else
payload payload

View File

@ -265,7 +265,7 @@ class DeleteAccountService < BaseService
end end
def delete_actor_json def delete_actor_json
@delete_actor_json ||= Oj.dump(serialize_payload(@account, ActivityPub::DeleteActorSerializer, signer: @account)) @delete_actor_json ||= Oj.dump(serialize_payload(@account, ActivityPub::DeleteActorSerializer, signer: @account, always_sign: true))
end end
def delivery_inboxes def delivery_inboxes

View File

@ -95,7 +95,7 @@ class RemoveStatusService < BaseService
end end
def signed_activity_json def signed_activity_json
@signed_activity_json ||= Oj.dump(serialize_payload(@status, @status.reblog? ? ActivityPub::UndoAnnounceSerializer : ActivityPub::DeleteSerializer, signer: @account)) @signed_activity_json ||= Oj.dump(serialize_payload(@status, @status.reblog? ? ActivityPub::UndoAnnounceSerializer : ActivityPub::DeleteSerializer, signer: @account, always_sign: true))
end end
def remove_reblogs def remove_reblogs