Relayed Creates rejected with "Invalid HTTP Signature"
Environment
- Installation type (OTP or From Source): from source(?) via nixpkgs
- Pleroma version (could be found in the "Version" tab of settings in Pleroma-FE): 2.5.0
- Elixir version (
elixir -v
for from source installations, N/A for OTP): 1.13.4 - Operating system: NixOS 22.11
- PostgreSQL version (
psql -V
): 14.6
Bug description
Relayed Create messages posted to /inbox are rejected with "Invalid HTTP Signature" after 23e91ec8, which changed the fallback logic for invalid signatures.
The "valid_signature=false" assign has two meanings:
- signature was not valid
- signature key id does not match author (MappedSignatureToIdentityPlug, "payload actor mismatch")
The second meaning applies to relayed Create requests.
Prior to 23e91ec8, requests with invalid signatures would hit the ActivityPubController inbox handler that (possibly) called post_inbox_relayed_create
. After the change, they are rejected eagerly with the "Invalid HTTP Signature" error.