Validate id of ActivityPub representations (#5114)

Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are.
2017-10-04 08:13:48 +09:00 · 2017-10-04 08:13:48 +09:00 · 63f0979799
commit 63f0979799
parent ec13cfa4f9
17 changed files with 118 additions and 113 deletions
--- a/app/services/fetch_atom_service.rb
+++ b/app/services/fetch_atom_service.rb
@ -41,10 +41,11 @@ class FetchAtomService < BaseService
    return nil if @response.code != 200

    if @response.mime_type == 'application/atom+xml'
-      [@url, @response.to_s, :ostatus]
+      [@url, { prefetched_body: @response.to_s }, :ostatus]
    elsif ['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].include?(@response.mime_type)
-      if supported_activity?(@response.to_s)
-        [@url, @response.to_s, :activitypub]
+      json = body_to_json(body)
+      if supported_context?(json) && json['type'] == 'Person' && json['inbox'].present?
+        [json['id'], { id: true }, :activitypub]
      else
        @unsupported_activity = true
        nil
@ -79,10 +80,4 @@ class FetchAtomService < BaseService

    result
  end
-
-  def supported_activity?(body)
-    json = body_to_json(body)
-    return false unless supported_context?(json)
-    json['type'] == 'Person' ? json['inbox'].present? : true
-  end
 end