From dc338dc881ead40723f0540aac7fe894f58b174d Mon Sep 17 00:00:00 2001
From: Tobi Smethurst <31960611+tsmethurst@users.noreply.github.com>
Date: Sun, 9 May 2021 20:34:27 +0200
Subject: Webfinger + Small fixes (#20)

---
 internal/federation/util.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'internal/federation')

diff --git a/internal/federation/util.go b/internal/federation/util.go
index ab854db7c..d76ce853d 100644
--- a/internal/federation/util.go
+++ b/internal/federation/util.go
@@ -112,6 +112,9 @@ func getPublicKeyFromResponse(c context.Context, b []byte, keyID *url.URL) (voca
 // Also note that this function *does not* dereference the remote account that the signature key is associated with.
 // Other functions should use the returned URL to dereference the remote account, if required.
 func (f *federator) AuthenticateFederatedRequest(username string, r *http.Request) (*url.URL, error) {
+	// set this extra field for signature validation
+	r.Header.Set("host", f.config.Host)
+
 	verifier, err := httpsig.NewVerifier(r)
 	if err != nil {
 		return nil, fmt.Errorf("could not create http sig verifier: %s", err)
@@ -208,7 +211,11 @@ func (f *federator) DereferenceRemoteAccount(username string, remoteAccountID *u
 		}
 		return p, nil
 	case string(gtsmodel.ActivityStreamsApplication):
-		// TODO: convert application into person
+		p, ok := t.(vocab.ActivityStreamsApplication)
+		if !ok {
+			return nil, errors.New("error resolving type as activitystreams application")
+		}
+		return p, nil
 	}
 
 	return nil, fmt.Errorf("type name %s not supported", t.GetTypeName())
-- 
cgit v1.2.3