Request to get a remote actor should be signed (to avoid 401 response from the remote server)
Describe the bug
When trying to accept a follow request of an actor from a remote GoToSocial server, Castopod answer with a 500 error. It seems to be a signature error.
Castopod receive the follow request and try to answer with an accept-follow message. It tries to build the remote actor by fetching the profile. The request to get the remote actor information is not signed so the remote server answer with a 401 error. Castopod fails to build the actor and return a 500 error.
Steps to reproduce
- Create a GoToSocial account
- Search a Castopod podcast
- Try to follow the podcast
Expected behavior
Castopod should sign the request.
Actual behavior
Castopod does not sign the get request and fail when receiving the 401 error. This lead to a 500 error.
Relevant logs and/or screenshots
CRITICAL - 2023-08-08 13:48:01 --> 22 : The requested URL returned error: 401
in SYSTEMPATH/HTTP/CURLRequest.php on line 655.
1 SYSTEMPATH/HTTP/CURLRequest.php(655): CodeIgniter\HTTP\Exceptions\HTTPException::forCurlError('22', 'The requested URL returned error: 401')
2 SYSTEMPATH/HTTP/CURLRequest.php(363): CodeIgniter\HTTP\CURLRequest->sendRequest([...])
3 SYSTEMPATH/HTTP/CURLRequest.php(136): CodeIgniter\HTTP\CURLRequest->send('get', 'https://gotosocial.pi4.delaage.fr/users/rdelaage')
4 SYSTEMPATH/HTTP/CURLRequest.php(169): CodeIgniter\HTTP\CURLRequest->request('get', 'https://gotosocial.pi4.delaage.fr/users/rdelaage', [...])
5 ROOTPATH/modules/Fediverse/ActivityRequest.php(62): CodeIgniter\HTTP\CURLRequest->get('https://gotosocial.pi4.delaage.fr/users/rdelaage', [...])
6 ROOTPATH/modules/Fediverse/Helpers/fediverse_helper.php(273): Modules\Fediverse\ActivityRequest->get()
7 ROOTPATH/modules/Fediverse/Helpers/fediverse_helper.php(239): create_actor_from_uri('https://gotosocial.pi4.delaage.fr/users/rdelaage')
8 ROOTPATH/modules/Fediverse/Controllers/ActorController.php(78): get_or_create_actor_from_uri('https://gotosocial.pi4.delaage.fr/users/rdelaage')
9 ROOTPATH/modules/Fediverse/Controllers/ActorController.php(56): Modules\Fediverse\Controllers\ActorController->inbox()
10 SYSTEMPATH/CodeIgniter.php(901): Modules\Fediverse\Controllers\ActorController->_remap('inbox', 'la_voix_est_libre')
11 SYSTEMPATH/CodeIgniter.php(457): CodeIgniter\CodeIgniter->runController(Object(Modules\Fediverse\Controllers\ActorController))
12 SYSTEMPATH/CodeIgniter.php(340): CodeIgniter\CodeIgniter->handleRequest(null, Object(Config\Cache), false)
13 FCPATH/index.php(73): CodeIgniter\CodeIgniter->run()
Context
- Castopod: 1.4.6
- OS: Debian bookwork
- Browser: Firefox
- Web server: Nginx Unit
- Federation with GoToSocial
Possible fixes
Sign the request (here ?)
Edited by Romain de Laage