Improve group refreshment and fixed date signature generation

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

lib/web/plugs/http_signatures.ex

@@ -48,6 +48,7 @@ defmodule Mobilizon.Web.Plugs.HTTPSignatures do
       signature_valid = HTTPSignatures.validate_conn(conn)
       Logger.debug("Is signature valid ? #{inspect(signature_valid)}")
       date_valid = date_valid?(conn)
+      Logger.debug("Is date valid ? #{inspect(date_valid)}")
       assign(conn, :valid_signature, signature_valid && date_valid)
     end
   end

lib/web/plugs/mapped_signature_to_identity.ex

@@ -48,9 +48,10 @@ defmodule Mobilizon.Web.Plugs.MappedSignatureToIdentity do
 
   # if this has payload make sure it is signed by the same actor that made it
   def call(%{assigns: %{valid_signature: true}, params: %{"actor" => actor}} = conn, _opts) do
-    with actor_id <- Utils.get_url(actor),
+    with actor_id when actor_id != nil <- Utils.get_url(actor),
          {:actor, %Actor{} = actor} <- {:actor, actor_from_key_id(conn)},
          {:actor_match, true} <- {:actor_match, actor.url == actor_id} do
+      Logger.debug("Mapped identity to #{actor.url} from actor param")
       assign(conn, :actor, actor)
     else
       {:actor_match, false} ->
@@ -58,7 +59,7 @@ defmodule Mobilizon.Web.Plugs.MappedSignatureToIdentity do
         Logger.debug("key_id=#{key_id_from_conn(conn)}, actor=#{actor}")
         assign(conn, :valid_signature, false)
 
-      # remove me once testsuite uses mapped capabilities instead of what we do now
+      # TODO: remove me once testsuite uses mapped capabilities instead of what we do now
       {:actor, nil} ->
         Logger.debug("Failed to map identity from signature (lookup failure)")
         Logger.debug("key_id=#{key_id_from_conn(conn)}, actor=#{actor}")
@@ -70,6 +71,7 @@ defmodule Mobilizon.Web.Plugs.MappedSignatureToIdentity do
   def call(%{assigns: %{valid_signature: true}} = conn, _opts) do
     case actor_from_key_id(conn) do
       %Actor{} = actor ->
+        Logger.debug("Mapped identity to #{actor.url} from signed fetch")
         assign(conn, :actor, actor)
 
       _ ->

lib/web/views/activity_pub/actor_view.ex

@@ -12,6 +12,7 @@ defmodule Mobilizon.Web.ActivityPub.ActorView do
   alias Mobilizon.Resources.Resource
   alias Mobilizon.Storage.Page
   alias Mobilizon.Todos.TodoList
+  require Logger
 
   @private_visibility_empty_collection %{elements: [], total: 0}
   @json_ld_header Utils.make_json_ld_header()
@@ -39,9 +40,16 @@ defmodule Mobilizon.Web.ActivityPub.ActorView do
     page = Map.get(args, :page, 1)
     collection_name = String.trim_trailing(view_name, ".json")
     collection_name = String.to_existing_atom(collection_name)
+    actor_applicant = Map.get(args, :actor_applicant)
+
+    Logger.debug("Rendering actor collection #{inspect(collection_name)}")
+
+    Logger.debug(
+      "Using authenticated fetch with actor #{if actor_applicant, do: actor_applicant.url, else: nil}"
+    )
 
     %{total: total, elements: elements} =
-      if can_get_collection?(collection_name, actor, Map.get(args, :actor_applicant)),
+      if can_get_collection?(collection_name, actor, actor_applicant),
         do: fetch_collection(collection_name, actor, page),
         else: default_collection(collection_name, actor, page)
 
@@ -127,8 +135,13 @@ defmodule Mobilizon.Web.ActivityPub.ActorView do
        when visibility in [:public, :unlisted] and collection in [:outbox, :followers, :following],
        do: true
 
-  defp can_get_collection?(_collection_name, %Actor{} = actor, %Actor{} = actor_applicant),
-    do: actor_applicant_group_member?(actor, actor_applicant)
+  defp can_get_collection?(_collection_name, %Actor{} = actor, %Actor{} = actor_applicant) do
+    Logger.debug(
+      "Testing if #{actor_applicant.url} can be allowed access to #{actor.url} private collections"
+    )
+
+    actor_applicant_group_member?(actor, actor_applicant)
+  end
 
   defp can_get_collection?(_, _, _), do: false