Refactor ActivityPub handling to prepare for non-Account actors (#19212)

* Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is specifically required to be an Account * Refactor SignatureVerification to allow non-Account actors * fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService * Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors * Refactor inbound ActivityPub payload processing to accept non-Account actors * Refactor inbound ActivityPub processing to accept activities relayed through non-Account * Refactor how Account key URIs are built * Refactor Request and drop unused key_id_format parameter * Rename ActivityPub::Dereferencer `signature_account` to `signature_actor`
2022-09-21 22:45:57 +02:00 · 2022-09-21 22:45:57 +02:00 · 8cf7006d4e
commit 8cf7006d4e
parent 84aff598ea
41 changed files with 436 additions and 180 deletions
--- a/spec/controllers/accounts_controller_spec.rb
+++ b/spec/controllers/accounts_controller_spec.rb
@ -420,7 +420,7 @@ RSpec.describe AccountsController, type: :controller do
        let(:remote_account) { Fabricate(:account, domain: 'example.com') }

        before do
-          allow(controller).to receive(:signed_request_account).and_return(remote_account)
+          allow(controller).to receive(:signed_request_actor).and_return(remote_account)
          get :show, params: { username: account.username, format: format }
        end

--- a/spec/controllers/activitypub/collections_controller_spec.rb
+++ b/spec/controllers/activitypub/collections_controller_spec.rb
@ -24,7 +24,7 @@ RSpec.describe ActivityPub::CollectionsController, type: :controller do
  end

  before do
-    allow(controller).to receive(:signed_request_account).and_return(remote_account)
+    allow(controller).to receive(:signed_request_actor).and_return(remote_account)

    Fabricate(:status_pin, account: account)
    Fabricate(:status_pin, account: account)
--- a/spec/controllers/activitypub/followers_synchronizations_controller_spec.rb
+++ b/spec/controllers/activitypub/followers_synchronizations_controller_spec.rb
@ -15,7 +15,7 @@ RSpec.describe ActivityPub::FollowersSynchronizationsController, type: :controll
  end

  before do
-    allow(controller).to receive(:signed_request_account).and_return(remote_account)
+    allow(controller).to receive(:signed_request_actor).and_return(remote_account)
  end

  describe 'GET #show' do
--- a/spec/controllers/activitypub/inboxes_controller_spec.rb
+++ b/spec/controllers/activitypub/inboxes_controller_spec.rb
@ -6,7 +6,7 @@ RSpec.describe ActivityPub::InboxesController, type: :controller do
  let(:remote_account) { nil }

  before do
-    allow(controller).to receive(:signed_request_account).and_return(remote_account)
+    allow(controller).to receive(:signed_request_actor).and_return(remote_account)
  end

  describe 'POST #create' do
--- a/spec/controllers/activitypub/outboxes_controller_spec.rb
+++ b/spec/controllers/activitypub/outboxes_controller_spec.rb
@ -28,7 +28,7 @@ RSpec.describe ActivityPub::OutboxesController, type: :controller do
  end

  before do
-    allow(controller).to receive(:signed_request_account).and_return(remote_account)
+    allow(controller).to receive(:signed_request_actor).and_return(remote_account)
  end

  describe 'GET #show' do
--- a/spec/controllers/activitypub/replies_controller_spec.rb
+++ b/spec/controllers/activitypub/replies_controller_spec.rb
@ -168,7 +168,7 @@ RSpec.describe ActivityPub::RepliesController, type: :controller do

  before do
    stub_const 'ActivityPub::RepliesController::DESCENDANTS_LIMIT', 5
-    allow(controller).to receive(:signed_request_account).and_return(remote_querier)
+    allow(controller).to receive(:signed_request_actor).and_return(remote_querier)

    Fabricate(:status, thread: status, visibility: :public)
    Fabricate(:status, thread: status, visibility: :public)
--- a/spec/controllers/concerns/signature_verification_spec.rb
+++ b/spec/controllers/concerns/signature_verification_spec.rb
@ -3,6 +3,16 @@
 require 'rails_helper'

 describe ApplicationController, type: :controller do
+  class WrappedActor
+    attr_reader :wrapped_account
+
+    def initialize(wrapped_account)
+      @wrapped_account = wrapped_account
+    end
+
+    delegate :uri, :keypair, to: :wrapped_account
+  end
+
  controller do
    include SignatureVerification

@ -73,6 +83,41 @@ describe ApplicationController, type: :controller do
      end
    end

+    context 'with a valid actor that is not an Account' do
+      let(:actor) { WrappedActor.new(author) }
+
+      before do
+        get :success
+
+        fake_request = Request.new(:get, request.url)
+        fake_request.on_behalf_of(author)
+
+        request.headers.merge!(fake_request.headers)
+
+        allow(ActivityPub::TagManager.instance).to receive(:uri_to_actor).with(anything) do
+          actor
+        end
+      end
+
+      describe '#signed_request?' do
+        it 'returns true' do
+          expect(controller.signed_request?).to be true
+        end
+      end
+
+      describe '#signed_request_account' do
+        it 'returns nil' do
+          expect(controller.signed_request_account).to be_nil
+        end
+      end
+
+      describe '#signed_request_actor' do
+        it 'returns the expected actor' do
+          expect(controller.signed_request_actor).to eq actor
+        end
+      end
+    end
+
    context 'with request older than a day' do
      before do
        get :success
--- a/spec/controllers/statuses_controller_spec.rb
+++ b/spec/controllers/statuses_controller_spec.rb
@ -426,7 +426,7 @@ describe StatusesController do
      let(:remote_account) { Fabricate(:account, domain: 'example.com') }

      before do
-        allow(controller).to receive(:signed_request_account).and_return(remote_account)
+        allow(controller).to receive(:signed_request_actor).and_return(remote_account)
      end

      context 'when account blocks account' do