Validate id of ActivityPub representations (#5114)

Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are.
author: Akihiko Odaki <akihiko.odaki.4i@stu.hosei.ac.jp> 2017-10-04 08:13:48 +0900
committer: Eugen Rochko <eugen@zeonfederated.com> 2017-10-04 01:13:48 +0200
commit: 63f097979990bf5ba9db848b8a253056bad781af (patch)
tree: a1681de3a9e40b977adbf4c54332e4ab787bd13e /app/helpers/jsonld_helper.rb
parent: ec13cfa4f940e9f9441ceff1f7389bb0e1bd61fb (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/app/helpers/jsonld_helper.rb b/app/helpers/jsonld_helper.rb
index d82a073320d..c23a2e09527 100644
--- a/app/helpers/jsonld_helper.rb
+++ b/app/helpers/jsonld_helper.rb
@@ -22,7 +22,18 @@ module JsonLdHelper
     graph.dump(:normalize)
   end
 
-  def fetch_resource(uri)
+  def fetch_resource(uri, id)
+    unless id
+      json = fetch_resource_without_id_validation(uri)
+      return unless json
+      uri = json['id']
+    end
+
+    json = fetch_resource_without_id_validation(uri)
+    json.present? && json['id'] == uri ? json : nil
+  end
+
+  def fetch_resource_without_id_validation(uri)
     response = build_request(uri).perform
     return if response.code != 200
     body_to_json(response.to_s)
author	Akihiko Odaki <akihiko.odaki.4i@stu.hosei.ac.jp>	2017-10-04 08:13:48 +0900
committer	Eugen Rochko <eugen@zeonfederated.com>	2017-10-04 01:13:48 +0200
commit	63f097979990bf5ba9db848b8a253056bad781af (patch)
tree	a1681de3a9e40b977adbf4c54332e4ab787bd13e /app/helpers/jsonld_helper.rb
parent	ec13cfa4f940e9f9441ceff1f7389bb0e1bd61fb (diff)