Skip to content

Request to get a remote actor should be signed (to avoid 401 response from the remote server)

Describe the bug

When trying to accept a follow request of an actor from a remote GoToSocial server, Castopod answer with a 500 error. It seems to be a signature error.

Castopod receive the follow request and try to answer with an accept-follow message. It tries to build the remote actor by fetching the profile. The request to get the remote actor information is not signed so the remote server answer with a 401 error. Castopod fails to build the actor and return a 500 error.

Steps to reproduce

  1. Create a GoToSocial account
  2. Search a Castopod podcast
  3. Try to follow the podcast

Expected behavior

Castopod should sign the request.

Actual behavior

Castopod does not sign the get request and fail when receiving the 401 error. This lead to a 500 error.

Relevant logs and/or screenshots

CRITICAL - 2023-08-08 13:48:01 --> 22 : The requested URL returned error: 401
in SYSTEMPATH/HTTP/CURLRequest.php on line 655.
 1 SYSTEMPATH/HTTP/CURLRequest.php(655): CodeIgniter\HTTP\Exceptions\HTTPException::forCurlError('22', 'The requested URL returned error: 401')
 2 SYSTEMPATH/HTTP/CURLRequest.php(363): CodeIgniter\HTTP\CURLRequest->sendRequest([...])
 3 SYSTEMPATH/HTTP/CURLRequest.php(136): CodeIgniter\HTTP\CURLRequest->send('get', 'https://gotosocial.pi4.delaage.fr/users/rdelaage')
 4 SYSTEMPATH/HTTP/CURLRequest.php(169): CodeIgniter\HTTP\CURLRequest->request('get', 'https://gotosocial.pi4.delaage.fr/users/rdelaage', [...])
 5 ROOTPATH/modules/Fediverse/ActivityRequest.php(62): CodeIgniter\HTTP\CURLRequest->get('https://gotosocial.pi4.delaage.fr/users/rdelaage', [...])
 6 ROOTPATH/modules/Fediverse/Helpers/fediverse_helper.php(273): Modules\Fediverse\ActivityRequest->get()
 7 ROOTPATH/modules/Fediverse/Helpers/fediverse_helper.php(239): create_actor_from_uri('https://gotosocial.pi4.delaage.fr/users/rdelaage')
 8 ROOTPATH/modules/Fediverse/Controllers/ActorController.php(78): get_or_create_actor_from_uri('https://gotosocial.pi4.delaage.fr/users/rdelaage')
 9 ROOTPATH/modules/Fediverse/Controllers/ActorController.php(56): Modules\Fediverse\Controllers\ActorController->inbox()
10 SYSTEMPATH/CodeIgniter.php(901): Modules\Fediverse\Controllers\ActorController->_remap('inbox', 'la_voix_est_libre')
11 SYSTEMPATH/CodeIgniter.php(457): CodeIgniter\CodeIgniter->runController(Object(Modules\Fediverse\Controllers\ActorController))
12 SYSTEMPATH/CodeIgniter.php(340): CodeIgniter\CodeIgniter->handleRequest(null, Object(Config\Cache), false)
13 FCPATH/index.php(73): CodeIgniter\CodeIgniter->run()

Context

  • Castopod: 1.4.6
  • OS: Debian bookwork
  • Browser: Firefox
  • Web server: Nginx Unit
  • Federation with GoToSocial

Possible fixes

Sign the request (here ?)

Edited by Romain de Laage