diff options
| author | 2024-08-13 15:37:09 +0000 | |
|---|---|---|
| committer | 2024-08-13 15:37:09 +0000 | |
| commit | 9cd27b412d75ab9cb26054aa85d0eca82d78552e (patch) | |
| tree | 8e8bfc0997fc53a0a193b7d5e192112cfc024cc4 /internal/api/activitypub/users | |
| parent | [bugfix] relax missing preferred_username, instead using webfingered username... (diff) | |
| download | gotosocial-9cd27b412d75ab9cb26054aa85d0eca82d78552e.tar.xz | |
[security] harden account update logic (#3198)
* on account update, ensure that public key has not changed
* change expected error message
* also support the case of changing account keys when expired (not waiting for handshake)
* tweak account update hardening logic, add tests for updating account with pubkey expired
* add check for whether incoming data was via federator, accepting keys if so
* use freshest window for federated account updates + comment about it
Diffstat (limited to 'internal/api/activitypub/users')
0 files changed, 0 insertions, 0 deletions
