activitypub: normalize the actor to ensure we have its URI

4 files changed, 24 insertions, 4 deletions

diff --git a/lib/pleroma/plugs/http_signature.ex b/lib/pleroma/plugs/http_signature.ex
index efde652f5..2d0e10cad 100644
--- a/lib/pleroma/plugs/http_signature.ex
+++ b/lib/pleroma/plugs/http_signature.ex
@@ -1,5 +1,6 @@
 defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
   alias Pleroma.Web.HTTPSignatures
+  alias Pleroma.Web.ActivityPub.Utils
   import Plug.Conn
   require Logger
 
@@ -12,7 +13,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
   end
 
   def call(conn, _opts) do
-    user = conn.params["actor"]
+    user = Utils.normalize_actor(conn.params["actor"])
     Logger.debug("Checking sig for #{user}")
     [signature | _] = get_req_header(conn, "signature")
 
diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex
index f98545336..d92db0d5f 100644
--- a/lib/pleroma/web/activity_pub/utils.ex
+++ b/lib/pleroma/web/activity_pub/utils.ex
@@ -5,6 +5,22 @@ defmodule Pleroma.Web.ActivityPub.Utils do
   alias Ecto.{Changeset, UUID}
   import Ecto.Query
 
+  # Some implementations send the actor URI as the actor field, others send the entire actor object,
+  # so figure out what the actor's URI is based on what we have.
+  def normalize_actor(actor) do
+    cond do
+      is_binary(actor) ->
+        actor
+
+      is_map(actor) ->
+        actor["id"]
+    end
+  end
+
+  def normalize_params(params) do
+    Map.put(params, "actor", normalize_actor(params["actor"]))
+  end
+
   def make_json_ld_header do
     %{
       "@context" => [
diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex
index f84af2f15..8ca530031 100644
--- a/lib/pleroma/web/federator/federator.ex
+++ b/lib/pleroma/web/federator/federator.ex
@@ -5,6 +5,7 @@ defmodule Pleroma.Web.Federator do
   alias Pleroma.Web.{WebFinger, Websub}
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.ActivityPub.Transmogrifier
+  alias Pleroma.Web.ActivityPub.Utils
   require Logger
 
   @websub Application.get_env(:pleroma, :websub)
@@ -91,6 +92,8 @@ defmodule Pleroma.Web.Federator do
   def handle(:incoming_ap_doc, params) do
     Logger.info("Handling incoming AP activity")
 
+    params = Utils.normalize_params(params)
+
     with {:ok, _user} <- ap_enabled_actor(params["actor"]),
          nil <- Activity.get_by_ap_id(params["id"]),
          {:ok, _activity} <- Transmogrifier.handle_incoming(params) do
diff --git a/lib/pleroma/web/http_signatures/http_signatures.ex b/lib/pleroma/web/http_signatures/http_signatures.ex
index 9035f5eb6..dd3f825db 100644
--- a/lib/pleroma/web/http_signatures/http_signatures.ex
+++ b/lib/pleroma/web/http_signatures/http_signatures.ex
@@ -1,7 +1,7 @@
 # https://tools.ietf.org/html/draft-cavage-http-signatures-08
 defmodule Pleroma.Web.HTTPSignatures do
   alias Pleroma.User
-  alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Web.ActivityPub.Utils
   require Logger
 
   def split_signature(sig) do
@@ -31,14 +31,14 @@ defmodule Pleroma.Web.HTTPSignatures do
   def validate_conn(conn) do
     # TODO: How to get the right key and see if it is actually valid for that request.
     # For now, fetch the key for the actor.
-    with actor_id <- conn.params["actor"],
+    with actor_id <- Utils.normalize_actor(conn.params["actor"]),
          {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
       if validate_conn(conn, public_key) do
         true
       else
         Logger.debug("Could not validate, re-fetching user and trying one more time")
         # Fetch user anew and try one more time
-        with actor_id <- conn.params["actor"],
+        with actor_id <- Utils.normalize_actor(conn.params["actor"]),
              {:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id),
              {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
           validate_conn(conn, public_key)