hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fail closed on unresolved signed payloads

Browse source 
Reject unknown remote Update targets and invalidate signed payloads when their signer identity cannot be mapped, avoiding crashes and fail-open signature state.
This commit is contained in:
Lain Soykaf 2026-05-01 12:33:26 +04:00
commit 4337e0eb1b
No known key found for this signature in database
4 changed files with 35 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/pleroma/web/activity_pub/object_validators/update_validator.ex
View file

@ -101,6 +101,10 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateValidator do
|> add_error(:object, "Can't be updated by this actor") |> add_error(:object, "Can't be updated by this actor")
end end
nil ->
cng
|> add_error(:object, "Can't be updated by this actor")
true -> true ->
cng cng
|> add_error(:object, "Update is neither for Object or Actor") |> add_error(:object, "Update is neither for Object or Actor")

4
lib/pleroma/web/plugs/mapped_signature_to_identity_plug.ex
View file

@ -32,8 +32,8 @@ defmodule Pleroma.Web.Plugs.MappedSignatureToIdentityPlug do
# remove me once testsuite uses mapped capabilities instead of what we do now # remove me once testsuite uses mapped capabilities instead of what we do now
{:user, nil} -> {:user, nil} ->
Logger.debug("Failed to map identity from signature (lookup failure)") Logger.debug("Failed to map identity from signature (lookup failure)")
Logger.debug("key_id=#{inspect(key_id_from_conn(conn))}, actor=#{actor}") Logger.debug("key_id=#{inspect(key_id_from_conn(conn))}, actor=#{inspect(actor)}")
conn assign(conn, :valid_signature, false)
end end
end end

17
test/pleroma/web/activity_pub/object_validators/update_handling_test.exs
View file

@ -90,6 +90,23 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateHandlingTest do
refute cng.valid? refute cng.valid?
assert Keyword.has_key?(cng.errors, :object) assert Keyword.has_key?(cng.errors, :object)
end end
test "returns an error if the remote update target IRI is unknown" do
remote_user = insert(:user, local: false, ap_id: "https://example.com/users/alice")
update = %{
"type" => "Update",
"actor" => remote_user.ap_id,
"id" => "https://example.com/activities/update-unknown-object-iri",
"to" => ["https://www.w3.org/ns/activitystreams#Public"],
"cc" => [],
"object" => "https://example.com/objects/unknown-iri"
}
assert {:error, %Ecto.Changeset{} = cng} = ObjectValidator.validate(update, local: false)
refute cng.valid?
assert Keyword.has_key?(cng.errors, :object)
end
end end
describe "update note" do describe "update note" do

12
test/pleroma/web/plugs/mapped_signature_to_identity_plug_test.exs
View file

@ -58,4 +58,16 @@ defmodule Pleroma.Web.Plugs.MappedSignatureToIdentityPlugTest do
assert conn.assigns.valid_signature == false assert conn.assigns.valid_signature == false
refute Map.has_key?(conn.assigns, :user) refute Map.has_key?(conn.assigns, :user)
end end
test "it considers a mapped identity to be invalid when embedded actor identity cannot be found" do
actor = "http://niu.moe/users/rye"
conn =
build_conn(:post, "/doesntmattter", %{"actor" => %{"id" => actor}})
|> set_signature(actor)
|> MappedSignatureToIdentityPlug.call(%{})
assert conn.assigns.valid_signature == false
refute Map.has_key?(conn.assigns, :user)
end
end end