Be more tolerant when receiving messages

This commit is contained in:
Michael 2022-09-04 07:39:09 +00:00
parent dd59ad9032
commit f22a4ba6f5

View file

@ -122,20 +122,21 @@ class Receiver
$http_signer = HTTPSignature::getSigner($body, $header); $http_signer = HTTPSignature::getSigner($body, $header);
if ($http_signer === false) { if ($http_signer === false) {
Logger::warning('Invalid HTTP signature, message will be discarded.', ['uid' => $uid, 'actor' => $actor, 'header' => $header, 'body' => $body]); Logger::notice('Invalid HTTP signature, message will not be trusted.', ['uid' => $uid, 'actor' => $actor, 'header' => $header, 'body' => $body]);
return; $signer = [];
} elseif (empty($http_signer)) { } elseif (empty($http_signer)) {
Logger::info('Signer is a tombstone. The message will be discarded, the signer account is deleted.'); Logger::info('Signer is a tombstone. The message will be discarded, the signer account is deleted.');
return; return;
} else { } else {
Logger::info('Valid HTTP signature', ['signer' => $http_signer]); Logger::info('Valid HTTP signature', ['signer' => $http_signer]);
$signer = [$http_signer];
} }
$signer = [$http_signer];
Logger::info('Message for user ' . $uid . ' is from actor ' . $actor); Logger::info('Message for user ' . $uid . ' is from actor ' . $actor);
if (LDSignature::isSigned($activity)) { if ($http_signer === false) {
$trust_source = false;
} elseif (LDSignature::isSigned($activity)) {
$ld_signer = LDSignature::getSigner($activity); $ld_signer = LDSignature::getSigner($activity);
if (empty($ld_signer)) { if (empty($ld_signer)) {
Logger::info('Invalid JSON-LD signature from ' . $actor); Logger::info('Invalid JSON-LD signature from ' . $actor);