From f22a4ba6f5816331750ccc355da11c41de3e0e7a Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 4 Sep 2022 07:39:09 +0000 Subject: [PATCH] Be more tolerant when receiving messages --- src/Protocol/ActivityPub/Receiver.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/Protocol/ActivityPub/Receiver.php b/src/Protocol/ActivityPub/Receiver.php index c05f3c332e..ee07462b73 100644 --- a/src/Protocol/ActivityPub/Receiver.php +++ b/src/Protocol/ActivityPub/Receiver.php @@ -122,20 +122,21 @@ class Receiver $http_signer = HTTPSignature::getSigner($body, $header); if ($http_signer === false) { - Logger::warning('Invalid HTTP signature, message will be discarded.', ['uid' => $uid, 'actor' => $actor, 'header' => $header, 'body' => $body]); - return; + Logger::notice('Invalid HTTP signature, message will not be trusted.', ['uid' => $uid, 'actor' => $actor, 'header' => $header, 'body' => $body]); + $signer = []; } elseif (empty($http_signer)) { Logger::info('Signer is a tombstone. The message will be discarded, the signer account is deleted.'); return; } else { Logger::info('Valid HTTP signature', ['signer' => $http_signer]); + $signer = [$http_signer]; } - $signer = [$http_signer]; - Logger::info('Message for user ' . $uid . ' is from actor ' . $actor); - if (LDSignature::isSigned($activity)) { + if ($http_signer === false) { + $trust_source = false; + } elseif (LDSignature::isSigned($activity)) { $ld_signer = LDSignature::getSigner($activity); if (empty($ld_signer)) { Logger::info('Invalid JSON-LD signature from ' . $actor); -- 2.39.5