[ActivityPub] Slightly increase robustness on exception handling

Also ported Activitypub_rsa to PHP7
Minor indentation fixes
This commit is contained in:
Diogo Cordeiro 2019-10-11 17:08:37 +01:00
parent d9b5ef1cee
commit 6423750250
4 changed files with 178 additions and 128 deletions

View File

@ -57,15 +57,33 @@ class apInboxAction extends ManagedAction
common_debug('ActivityPub Inbox: Received a POST request.');
$body = $data = file_get_contents('php://input');
common_debug('ActivityPub Inbox: Request contents: '.$data);
common_debug('ActivityPub Inbox: Request contents: ' . $data);
$data = json_decode(file_get_contents('php://input'), true);
if (!isset($data['actor'])) {
ActivityPubReturn::error('Actor not found in the request.');
}
try {
$actor = Activitypub_explorer::get_profile_from_url($data['actor']);
} catch (HTTP_Request2_Exception $e) {
ActivityPubReturn::error('Failed to retrieve remote actor information.');
} catch (NoProfileException $e) {
// Assert: This won't happen.
common_log(LOG_ERR, 'PLEASE REPORT THIS: ActivityPub Inbox Handler failed with NoProfileException while retrieving remote actor information: ' . $e->getMessage());
ActivityPubReturn::error('An unknown error has occurred. This was logged, please alert the sysadmin.');
} catch (ServerException $e) {
ActivityPubReturn::error('Could not store this remote actor.');
} catch (Exception $e) {
ActivityPubReturn::error('Invalid actor.');
}
try {
$aprofile = Activitypub_profile::from_profile($actor);
} catch (Exception $e) {
// Assert: This won't happen.
common_log(LOG_ERR, 'PLEASE REPORT THIS: ActivityPub Inbox Handler failed while retrieving AProfile from Profile: ' . $e->getMessage());
ActivityPubReturn::error('An unknown error has occurred. This was logged, please alert the sysadmin.');
}
$actor_public_key = new Activitypub_rsa();
$actor_public_key = $actor_public_key->ensure_public_key($actor);
@ -73,7 +91,7 @@ class apInboxAction extends ManagedAction
common_debug('ActivityPub Inbox: HTTP Signature: Validation will now start!');
$headers = $this->get_all_headers();
common_debug('ActivityPub Inbox: Request Headers: '.print_r($headers, true));
common_debug('ActivityPub Inbox: Request Headers: ' . print_r($headers, true));
if (!isset($headers['signature'])) {
common_debug('ActivityPub Inbox: HTTP Signature: Missing Signature header.');
@ -82,25 +100,33 @@ class apInboxAction extends ManagedAction
// Extract the signature properties
$signatureData = HTTPSignature::parseSignatureHeader($headers['signature']);
common_debug('ActivityPub Inbox: HTTP Signature Data: '.print_r($signatureData, true));
common_debug('ActivityPub Inbox: HTTP Signature Data: ' . print_r($signatureData, true));
if (isset($signatureData['error'])) {
common_debug('ActivityPub Inbox: HTTP Signature: '.json_encode($signatureData, true));
common_debug('ActivityPub Inbox: HTTP Signature: ' . json_encode($signatureData, true));
ActivityPubReturn::error(json_encode($signatureData, true), 400);
}
list($verified, $headers) = HTTPSignature::verify($actor_public_key, $signatureData, $headers, $path, $body);
// If the signature fails verification the first time, update profile as it might have change public key
if($verified !== 1) {
// If the signature fails verification the first time, update profile as it might have changed public key
if ($verified !== 1) {
try {
$res = Activitypub_explorer::get_remote_user_activity($aprofile->getUri());
} catch (Exception $e) {
ActivityPubReturn::error('Invalid remote actor.');
}
try {
$actor = Activitypub_profile::update_profile($aprofile, $res);
} catch (Exception $e) {
ActivityPubReturn::error('Failed to updated remote actor information.');
}
$actor_public_key = new Activitypub_rsa();
$actor_public_key = $actor_public_key->ensure_public_key($actor);
list($verified, $headers) = HTTPSignature::verify($actor_public_key, $signatureData, $headers, $path, $body);
list($verified, /*$headers*/) = HTTPSignature::verify($actor_public_key, $signatureData, $headers, $path, $body);
}
// If it still failed despite profile update
if($verified !== 1) {
if ($verified !== 1) {
common_debug('ActivityPub Inbox: HTTP Signature: Invalid signature.');
ActivityPubReturn::error('Invalid signature.');
}

View File

@ -53,8 +53,8 @@ class Activitypub_profile extends Managed_DataObject
/**
* Return table definition for Schema setup and DB_DataObject usage.
*
* @author Diogo Cordeiro <diogo@fc.up.pt>
* @return array array of column definitions
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
public static function schemaDef()
{
@ -81,6 +81,7 @@ class Activitypub_profile extends Managed_DataObject
* @return array array to be used in a response
* @throws InvalidUrlException
* @throws ServerException
* @throws Exception
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
public static function profile_to_array($profile)
@ -111,7 +112,7 @@ class Activitypub_profile extends Managed_DataObject
'url' => $profile->getUrl(),
'manuallyApprovesFollowers' => false,
'publicKey' => [
'id' => $uri."#public-key",
'id' => $uri . "#public-key",
'owner' => $uri,
'publicKeyPem' => $public_key
],
@ -140,9 +141,9 @@ class Activitypub_profile extends Managed_DataObject
/**
* Insert the current object variables into the database
*
* @throws ServerException
* @author Diogo Cordeiro <diogo@fc.up.pt>
* @access public
* @throws ServerException
*/
public function do_insert()
{
@ -179,7 +180,7 @@ class Activitypub_profile extends Managed_DataObject
/**
* Fetch the locally stored profile for this Activitypub_profile
*
* @return Profile
* @return get_called_class
* @throws NoProfileException if it was not found
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
@ -195,10 +196,10 @@ class Activitypub_profile extends Managed_DataObject
/**
* Generates an Activitypub_profile from a Profile
*
* @author Diogo Cordeiro <diogo@fc.up.pt>
* @param Profile $profile
* @return Activitypub_profile
* @throws Exception if no Activitypub_profile exists for given Profile
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
public static function from_profile(Profile $profile)
{
@ -211,7 +212,7 @@ class Activitypub_profile extends Managed_DataObject
// create one!
$aprofile = self::create_from_local_profile($profile);
} else {
throw new Exception('No Activitypub_profile for Profile ID: '.$profile_id. ', this is a local user.');
throw new Exception('No Activitypub_profile for Profile ID: ' . $profile_id . ', this is a local user.');
}
}
@ -229,7 +230,8 @@ class Activitypub_profile extends Managed_DataObject
return $aprofile;
}
public static function from_profile_collection(array $profiles): array {
public static function from_profile_collection(array $profiles): array
{
$ap_profiles = [];
foreach ($profiles as $profile) {
@ -251,6 +253,8 @@ class Activitypub_profile extends Managed_DataObject
* @param Profile $profile
* @return Activitypub_profile
* @throws HTTP_Request2_Exception
* @throws Exception
* @throws Exception
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
private static function create_from_local_profile(Profile $profile)
@ -283,8 +287,8 @@ class Activitypub_profile extends Managed_DataObject
/**
* Returns sharedInbox if possible, inbox otherwise
*
* @author Diogo Cordeiro <diogo@fc.up.pt>
* @return string Inbox URL
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
public function get_inbox()
{
@ -298,8 +302,8 @@ class Activitypub_profile extends Managed_DataObject
/**
* Getter for uri property
*
* @author Diogo Cordeiro <diogo@fc.up.pt>
* @return string URI
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
public function getUri()
{
@ -309,8 +313,8 @@ class Activitypub_profile extends Managed_DataObject
/**
* Getter for url property
*
* @author Diogo Cordeiro <diogo@fc.up.pt>
* @return string URL
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
public function getUrl()
{
@ -320,8 +324,8 @@ class Activitypub_profile extends Managed_DataObject
/**
* Getter for id property
*
* @author Diogo Cordeiro <diogo@fc.up.pt>
* @return int
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
public function getID()
{
@ -352,11 +356,11 @@ class Activitypub_profile extends Managed_DataObject
* This should never return null -- you will either get an object or
* an exception will be thrown.
*
* @author GNU social
* @author Diogo Cordeiro <diogo@fc.up.pt>
* @param string $addr WebFinger address
* @return Activitypub_profile
* @throws Exception on error conditions
* @author Diogo Cordeiro <diogo@fc.up.pt>
* @author GNU social
*/
public static function ensure_webfinger($addr)
{
@ -441,7 +445,7 @@ class Activitypub_profile extends Managed_DataObject
* @param Activitypub_profile $aprofile
* @param array $res remote response
* @return Profile remote Profile object
* @throws Exception
* @throws NoProfileException
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
public static function update_profile($aprofile, $res)
@ -482,7 +486,7 @@ class Activitypub_profile extends Managed_DataObject
Activitypub_explorer::update_avatar($profile, $res['icon']['url']);
} catch (Exception $e) {
// Let the exception go, it isn't a serious issue
common_debug('An error ocurred while grabbing remote avatar'.$e->getMessage());
common_debug('An error ocurred while grabbing remote avatar' . $e->getMessage());
}
}
@ -497,7 +501,8 @@ class Activitypub_profile extends Managed_DataObject
* @return int number of subscribers
* @author Bruno Casteleiro <brunoccast@fc.up.pt>
*/
public static function subscriberCount(Profile $profile): int {
public static function subscriberCount(Profile $profile): int
{
$cnt = self::cacheGet(sprintf('activitypub_profile:subscriberCount:%d', $profile->id));
if ($cnt !== false && is_int($cnt)) {
@ -523,7 +528,8 @@ class Activitypub_profile extends Managed_DataObject
* @return int number of subscriptions
* @author Bruno Casteleiro <brunoccast@fc.up.pt>
*/
public static function subscriptionCount(Profile $profile): int {
public static function subscriptionCount(Profile $profile): int
{
$cnt = self::cacheGet(sprintf('activitypub_profile:subscriptionCount:%d', $profile->id));
if ($cnt !== false && is_int($cnt)) {
@ -541,19 +547,21 @@ class Activitypub_profile extends Managed_DataObject
return $cnt;
}
public static function updateSubscriberCount(Profile $profile, $adder) {
public static function updateSubscriberCount(Profile $profile, $adder)
{
$cnt = self::cacheGet(sprintf('activitypub_profile:subscriberCount:%d', $profile->id));
if ($cnt !== false && is_int($cnt)) {
self::cacheSet(sprintf('activitypub_profile:subscriberCount:%d', $profile->id), $cnt+$adder);
self::cacheSet(sprintf('activitypub_profile:subscriberCount:%d', $profile->id), $cnt + $adder);
}
}
public static function updateSubscriptionCount(Profile $profile, $adder) {
public static function updateSubscriptionCount(Profile $profile, $adder)
{
$cnt = self::cacheGet(sprintf('activitypub_profile:subscriptionCount:%d', $profile->id));
if ($cnt !== false && is_int($cnt)) {
self::cacheSet(sprintf('activitypub_profile:subscriptionCount:%d', $profile->id), $cnt+$adder);
self::cacheSet(sprintf('activitypub_profile:subscriptionCount:%d', $profile->id), $cnt + $adder);
}
}
@ -567,7 +575,8 @@ class Activitypub_profile extends Managed_DataObject
* @return array subscriber profile objects
* @author Bruno Casteleiro <brunoccast@fc.up.pt>
*/
public static function getSubscribers(Profile $profile, $offset = 0, $limit = null): array {
public static function getSubscribers(Profile $profile, $offset = 0, $limit = null): array
{
$cache = false;
if ($offset + $limit <= Subscription::CACHE_WINDOW) {
$subs = self::cacheGet(sprintf('activitypub_profile:subscriberCollection:%d', $profile->id));
@ -612,7 +621,8 @@ class Activitypub_profile extends Managed_DataObject
* @return array subscribed profile objects
* @author Bruno Casteleiro <brunoccast@fc.up.pt>
*/
public static function getSubscribed(Profile $profile, $offset = 0, $limit = null): array {
public static function getSubscribed(Profile $profile, $offset = 0, $limit = null): array
{
$cache = false;
if ($offset + $limit <= Subscription::CACHE_WINDOW) {
$subs = self::cacheGet(sprintf('activitypub_profile:subscribedCollection:%d', $profile->id));
@ -654,9 +664,11 @@ class Activitypub_profile extends Managed_DataObject
* @param Profile $actor subscriber profile object
* @param Profile $other subscribed profile object
* @return void
* @throws Exception
* @author Bruno Casteleiro <brunoccast@fc.up.pt>
*/
public static function subscribeCacheUpdate(Profile $actor, Profile $other) {
public static function subscribeCacheUpdate(Profile $actor, Profile $other)
{
self::blow('activitypub_profile:subscribedCollection:%d', $actor->getID());
self::blow('activitypub_profile:subscriberCollection:%d', $other->id);
self::updateSubscriptionCount($actor, +1);
@ -670,9 +682,11 @@ class Activitypub_profile extends Managed_DataObject
* @param Profile $actor subscriber profile object
* @param Profile $other subscribed profile object
* @return void
* @throws Exception
* @author Bruno Casteleiro <brunoccast@fc.up.pt>
*/
public static function unsubscribeCacheUpdate(Profile $actor, Profile $other) {
public static function unsubscribeCacheUpdate(Profile $actor, Profile $other)
{
self::blow('activitypub_profile:subscribedCollection:%d', $actor->getID());
self::blow('activitypub_profile:subscriberCollection:%d', $other->id);
self::updateSubscriptionCount($actor, -1);

View File

@ -46,8 +46,8 @@ class Activitypub_rsa extends Managed_DataObject
/**
* Return table definition for Schema setup and DB_DataObject usage.
*
* @author Diogo Cordeiro <diogo@fc.up.pt>
* @return array array of column definitions
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
public static function schemaDef()
{
@ -66,7 +66,15 @@ class Activitypub_rsa extends Managed_DataObject
];
}
public function get_private_key($profile)
/**
* Private key getter
*
* @param Profile $profile
* @return string
* @throws ServerException
* @throws Exception
*/
public function get_private_key(Profile $profile): string
{
$this->profile_id = $profile->getID();
$apRSA = self::getKV('profile_id', $this->profile_id);
@ -90,9 +98,10 @@ class Activitypub_rsa extends Managed_DataObject
* @param bool $fetch
* @return string The public key
* @throws ServerException It should never occur, but if so, we break everything!
* @throws Exception
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
public function ensure_public_key($profile, $fetch = true)
public function ensure_public_key(Profile $profile, bool $fetch = true): string
{
$this->profile_id = $profile->getID();
$apRSA = self::getKV('profile_id', $this->profile_id);
@ -119,11 +128,11 @@ class Activitypub_rsa extends Managed_DataObject
/**
* Insert the current object variables into the database.
*
* @throws ServerException
* @author Diogo Cordeiro <diogo@fc.up.pt>
* @access public
* @throws ServerException
*/
public function store_keys()
public function store_keys(): void
{
$this->created = $this->modified = common_sql_now();
$ok = $this->insert();
@ -135,11 +144,11 @@ class Activitypub_rsa extends Managed_DataObject
/**
* Generates a pair of RSA keys.
*
* @author PHP Manual Contributed Notes <dirt@awoms.com>
* @param string $private_key in/out
* @param string $public_key in/out
* @author PHP Manual Contributed Notes <dirt@awoms.com>
*/
public static function generate_keys(&$private_key, &$public_key)
public static function generate_keys(string &$private_key, string &$public_key): void
{
$config = [
'digest_alg' => 'sha512',
@ -162,12 +171,12 @@ class Activitypub_rsa extends Managed_DataObject
/**
* Update public key.
*
* @param Profile $profile
* @param Profile|Activitypub_profile $profile
* @param string $public_key
* @throws Exception
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
public static function update_public_key($profile, $public_key)
public static function update_public_key($profile, string $public_key): void
{
// Public Key
$apRSA = new Activitypub_rsa();

View File

@ -49,10 +49,10 @@ class Activitypub_explorer
* @param string $url
* @param bool $grab_online whether to try online grabbing, defaults to true
* @return Profile
* @throws HTTP_Request2_Exception
* @throws NoProfileException
* @throws Exception
* @throws ServerException
* @throws HTTP_Request2_Exception Network issues
* @throws NoProfileException This won't happen
* @throws Exception Invalid request
* @throws ServerException Error storing remote actor
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
public static function get_profile_from_url($url, $grab_online = true)
@ -171,6 +171,7 @@ class Activitypub_explorer
// Is this a known filthy little mudblood?
$aprofile = self::get_aprofile_by_url($uri);
if ($aprofile instanceof Activitypub_profile) {
// Assert: This AProfile has a Profile, no try catch.
$profile = $aprofile->local_profile();
common_debug('ActivityPub Explorer: Found a local Aprofile for ' . $uri);
// We found something!
@ -184,7 +185,7 @@ class Activitypub_explorer
$ACTIVITYPUB_BASE_ACTOR_URI_length = strlen(ACTIVITYPUB_BASE_ACTOR_URI);
if (substr($uri, 0, $ACTIVITYPUB_BASE_ACTOR_URI_length) == ACTIVITYPUB_BASE_ACTOR_URI) {
try {
$profile = Profile::getByID(intval(substr($uri, $ACTIVITYPUB_BASE_ACTOR_URI_length)));
$profile = Profile::getByID((int)substr($uri, $ACTIVITYPUB_BASE_ACTOR_URI_length));
common_debug('ActivityPub Explorer: Found a Profile for ' . $uri);
// We found something!
$this->discovered_actor_profiles[] = $profile;
@ -462,8 +463,8 @@ class Activitypub_explorer
* profile updating and shall not be used for anything else)
*
* @param string $url User's url
* @return mixed
* @throws Exception
* @return array
* @throws Exception Either network issues or unsupported Activity format
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
public static function get_remote_user_activity($url)