[bugfix] Ensure activities sender always = activities actor (#2608)

author: tobi <31960611+tsmethurst@users.noreply.github.com> 2024-02-06 12:59:37 +0100
committer: GitHub <noreply@github.com> 2024-02-06 12:59:37 +0100
commit: b6fe8e7a5b68c5d12b23056b6654157c739c7376 (patch)
tree: 6a30d3e67ddba70608e5cb0d25bb759877a3bb1c /internal/federation/authenticate.go
parent: [feature] serdes for moved/also_known_as (#2600) (diff)
download: gotosocial-b6fe8e7a5b68c5d12b23056b6654157c739c7376.tar.xz
1 files changed, 11 insertions, 0 deletions
diff --git a/internal/federation/authenticate.go b/internal/federation/authenticate.go
index 6899e5ad3..59281fa65 100644
--- a/internal/federation/authenticate.go
+++ b/internal/federation/authenticate.go
@@ -214,6 +214,17 @@ func (f *Federator) AuthenticateFederatedRequest(ctx context.Context, requestedU
 			err := gtserror.Newf("error dereferencing account %s: %w", pubKeyAuth.OwnerURI, err)
 			return nil, gtserror.NewErrorInternalError(err)
 		}
+
+		// Catch a possible (but very rare) race condition where
+		// we've fetched a key, then fetched the Actor who owns the
+		// key, but the Key of the Actor has changed in the meantime.
+		if !pubKeyAuth.Owner.PublicKey.Equal(pubKeyAuth.FetchedPubKey) {
+			err := gtserror.Newf(
+				"key mismatch: fetched key %s does not match pubkey of fetched Actor %s",
+				pubKeyID, pubKeyAuth.Owner.URI,
+			)
+			return nil, gtserror.NewErrorUnauthorized(err)
+		}
 	}
 
 	if !pubKeyAuth.Owner.SuspendedAt.IsZero() {
author	tobi <31960611+tsmethurst@users.noreply.github.com>	2024-02-06 12:59:37 +0100
committer	GitHub <noreply@github.com>	2024-02-06 12:59:37 +0100
commit	b6fe8e7a5b68c5d12b23056b6654157c739c7376 (patch)
tree	6a30d3e67ddba70608e5cb0d25bb759877a3bb1c /internal/federation/authenticate.go
parent	[feature] serdes for moved/also_known_as (#2600) (diff)
download	gotosocial-b6fe8e7a5b68c5d12b23056b6654157c739c7376.tar.xz