From f22a4ba6f5816331750ccc355da11c41de3e0e7a Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Sun, 4 Sep 2022 07:39:09 +0000
Subject: [PATCH] Be more tolerant when receiving messages

---
 src/Protocol/ActivityPub/Receiver.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/Protocol/ActivityPub/Receiver.php b/src/Protocol/ActivityPub/Receiver.php
index c05f3c332e..ee07462b73 100644
--- a/src/Protocol/ActivityPub/Receiver.php
+++ b/src/Protocol/ActivityPub/Receiver.php
@@ -122,20 +122,21 @@ class Receiver
 
 		$http_signer = HTTPSignature::getSigner($body, $header);
 		if ($http_signer === false) {
-			Logger::warning('Invalid HTTP signature, message will be discarded.', ['uid' => $uid, 'actor' => $actor, 'header' => $header, 'body' => $body]);
-			return;
+			Logger::notice('Invalid HTTP signature, message will not be trusted.', ['uid' => $uid, 'actor' => $actor, 'header' => $header, 'body' => $body]);
+			$signer = [];
 		} elseif (empty($http_signer)) {
 			Logger::info('Signer is a tombstone. The message will be discarded, the signer account is deleted.');
 			return;
 		} else {
 			Logger::info('Valid HTTP signature', ['signer' => $http_signer]);
+			$signer = [$http_signer];
 		}
 
-		$signer = [$http_signer];
-
 		Logger::info('Message for user ' . $uid . ' is from actor ' . $actor);
 
-		if (LDSignature::isSigned($activity)) {
+		if ($http_signer === false) {
+			$trust_source = false;
+		} elseif (LDSignature::isSigned($activity)) {
 			$ld_signer = LDSignature::getSigner($activity);
 			if (empty($ld_signer)) {
 				Logger::info('Invalid JSON-LD signature from ' . $actor);