Fix trying to fetch key from empty URI when verifying HTTP signature (#16100)

2021-05-01 23:18:59 +02:00 · 2021-05-01 23:18:59 +02:00 · f627d2eb93
parent 422df9d670
commit f627d2eb93
2 changed files with 3 additions and 1 deletions
--- a/app/helpers/jsonld_helper.rb
+++ b/app/helpers/jsonld_helper.rb
@ -67,7 +67,7 @@ module JsonLdHelper
    unless id
      json = fetch_resource_without_id_validation(uri, on_behalf_of)

-      return unless json
+      return if !json.is_a?(Hash) || unsupported_uri_scheme?(json['id'])

      uri = json['id']
    end
--- a/app/services/activitypub/fetch_remote_key_service.rb
+++ b/app/services/activitypub/fetch_remote_key_service.rb
@ -5,6 +5,8 @@ class ActivityPub::FetchRemoteKeyService < BaseService

  # Returns account that owns the key
  def call(uri, id: true, prefetched_body: nil)
+    return if uri.blank?
+
    if prefetched_body.nil?
      if id
        @json = fetch_resource_without_id_validation(uri)