From c9a52833b6840673bbed7454ca6b6b9cd88e7bfa Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Fri, 11 Feb 2022 14:52:45 +0100 Subject: [PATCH] Fix deletes not being signed in authorized fetch mode (#17484) Fix #17483 --- app/services/concerns/payloadable.rb | 18 +++++++++++++----- app/services/delete_account_service.rb | 2 +- app/services/remove_status_service.rb | 2 +- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/app/services/concerns/payloadable.rb b/app/services/concerns/payloadable.rb index 3e45570c34..04c3798fe0 100644 --- a/app/services/concerns/payloadable.rb +++ b/app/services/concerns/payloadable.rb @@ -1,13 +1,21 @@ # frozen_string_literal: true module Payloadable + # @param [ActiveModelSerializers::Model] record + # @param [ActiveModelSerializers::Serializer] serializer + # @param [Hash] options + # @option options [Account] :signer + # @option options [String] :sign_with + # @option options [Boolean] :always_sign + # @return [Hash] def serialize_payload(record, serializer, options = {}) - signer = options.delete(:signer) - sign_with = options.delete(:sign_with) - payload = ActiveModelSerializers::SerializableResource.new(record, options.merge(serializer: serializer, adapter: ActivityPub::Adapter)).as_json - object = record.respond_to?(:virtual_object) ? record.virtual_object : record + signer = options.delete(:signer) + sign_with = options.delete(:sign_with) + always_sign = options.delete(:always_sign) + payload = ActiveModelSerializers::SerializableResource.new(record, options.merge(serializer: serializer, adapter: ActivityPub::Adapter)).as_json + object = record.respond_to?(:virtual_object) ? record.virtual_object : record - if (object.respond_to?(:sign?) && object.sign?) && signer && signing_enabled? + if (object.respond_to?(:sign?) && object.sign?) && signer && (always_sign || signing_enabled?) ActivityPub::LinkedDataSignature.new(payload).sign!(signer, sign_with: sign_with) else payload diff --git a/app/services/delete_account_service.rb b/app/services/delete_account_service.rb index 0e3fedfe73..a572a7c597 100644 --- a/app/services/delete_account_service.rb +++ b/app/services/delete_account_service.rb @@ -265,7 +265,7 @@ class DeleteAccountService < BaseService end def delete_actor_json - @delete_actor_json ||= Oj.dump(serialize_payload(@account, ActivityPub::DeleteActorSerializer, signer: @account)) + @delete_actor_json ||= Oj.dump(serialize_payload(@account, ActivityPub::DeleteActorSerializer, signer: @account, always_sign: true)) end def delivery_inboxes diff --git a/app/services/remove_status_service.rb b/app/services/remove_status_service.rb index bec95bb1bc..7fb9b6301a 100644 --- a/app/services/remove_status_service.rb +++ b/app/services/remove_status_service.rb @@ -95,7 +95,7 @@ class RemoveStatusService < BaseService end def signed_activity_json - @signed_activity_json ||= Oj.dump(serialize_payload(@status, @status.reblog? ? ActivityPub::UndoAnnounceSerializer : ActivityPub::DeleteSerializer, signer: @account)) + @signed_activity_json ||= Oj.dump(serialize_payload(@status, @status.reblog? ? ActivityPub::UndoAnnounceSerializer : ActivityPub::DeleteSerializer, signer: @account, always_sign: true)) end def remove_reblogs