From b3190c2cd6874b7bd54b114a7b239d8fe0ed73e4 Mon Sep 17 00:00:00 2001
From: Claire <>
Date: Thu, 3 Feb 2022 14:09:04 +0100
Subject: [PATCH] Fix compacted JSON-LD possibly causing compatibility issues
 on forwarding (#17428)

 app/helpers/jsonld_helper.rb                  | 72 ++++++++++++++++
 .../activitypub/process_collection_service.rb | 18 +++-
 spec/helpers/jsonld_helper_spec.rb            | 82 +++++++++++++++++++
 3 files changed, 170 insertions(+), 2 deletions(-)

diff --git a/app/helpers/jsonld_helper.rb b/app/helpers/jsonld_helper.rb
index 841f277467..c6557817d0 100644
--- a/app/helpers/jsonld_helper.rb
+++ b/app/helpers/jsonld_helper.rb
@@ -77,6 +77,78 @@ module JsonLdHelper
+  # Patches a JSON-LD document to avoid compatibility issues on redistribution
+  #
+  # Since compacting a JSON-LD document against Mastodon's built-in vocabulary
+  # means other extension namespaces will be expanded, malformed JSON-LD
+  # attributes lost, and some values “unexpectedly” compacted this method
+  # patches the following likely sources of incompatibility:
+  # - '' being compacted to
+  #   'as:Public' (for instance, pre-3.4.0 Mastodon does not understand
+  #   'as:Public')
+  # - single-item arrays being compacted to the item itself (`[foo]` being
+  #   compacted to `foo`)
+  #
+  # It is not always possible for `patch_for_forwarding!` to produce a document
+  # deemed safe for forwarding. Use `safe_for_forwarding?` to check the status
+  # of the output document.
+  #
+  # @param original [Hash] The original JSON-LD document used as reference
+  # @param compacted [Hash] The compacted JSON-LD document to be patched
+  # @return [void]
+  def patch_for_forwarding!(original, compacted)
+    original.without('@context', 'signature').each do |key, value|
+      next if value.nil? || !compacted.key?(key)
+      compacted_value = compacted[key]
+      if value.is_a?(Hash) && compacted_value.is_a?(Hash)
+        patch_for_forwarding!(value, compacted_value)
+      elsif value.is_a?(Array)
+        compacted_value = [compacted_value] unless compacted_value.is_a?(Array)
+        return if value.size != compacted_value.size
+        compacted[key] = do |v, vc|
+          if v.is_a?(Hash) && vc.is_a?(Hash)
+            patch_for_forwarding!(v, vc)
+            vc
+          elsif v == '' && vc == 'as:Public'
+            v
+          else
+            vc
+          end
+        end
+      elsif value == '' && compacted_value == 'as:Public'
+        compacted[key] = value
+      end
+    end
+  end
+  # Tests whether a JSON-LD compaction is deemed safe for redistribution,
+  # that is, if it doesn't change its meaning to consumers that do not actually
+  # handle JSON-LD, but rely on values being serialized in a certain way.
+  #
+  # See `patch_for_forwarding!` for details.
+  #
+  # @param original [Hash] The original JSON-LD document used as reference
+  # @param compacted [Hash] The compacted JSON-LD document to be patched
+  # @return [Boolean] Whether the patched document is deemed safe
+  def safe_for_forwarding?(original, compacted)
+    original.without('@context', 'signature').all? do |key, value|
+      compacted_value = compacted[key]
+      return false unless value.class == compacted_value.class
+      if value.is_a?(Hash)
+        safe_for_forwarding?(value, compacted_value)
+      elsif value.is_a?(Array)
+ do |v, vc|
+          v.is_a?(Hash) ? (vc.is_a?(Hash) && safe_for_forwarding?(v, vc)) : v == vc
+        end
+      else
+        value == compacted_value
+      end
+    end
+  end
   def fetch_resource(uri, id, on_behalf_of = nil)
     unless id
       json = fetch_resource_without_id_validation(uri, on_behalf_of)
diff --git a/app/services/activitypub/process_collection_service.rb b/app/services/activitypub/process_collection_service.rb
index 5f3d63bb39..eb008c40a2 100644
--- a/app/services/activitypub/process_collection_service.rb
+++ b/app/services/activitypub/process_collection_service.rb
@@ -5,13 +5,27 @@ class ActivityPub::ProcessCollectionService < BaseService
   def call(body, account, **options)
     @account = account
-    @json    = Oj.load(body, mode: :strict)
+    @json    = original_json = Oj.load(body, mode: :strict)
     @options = options
-    @json = compact(@json) if @json['signature'].is_a?(Hash)
+    begin
+      @json = compact(@json) if @json['signature'].is_a?(Hash)
+    rescue JSON::LD::JsonLdError => e
+      Rails.logger.debug "Error when compacting JSON-LD document for #{value_or_id(@json['actor'])}: #{e.message}"
+      @json = original_json.without('signature')
+    end
     return if !supported_context? || (different_actor? && verify_account!.nil?) || suspended_actor? || @account.local?
+    if @json['signature'].present?
+      # We have verified the signature, but in the compaction step above, might
+      # have introduced incompatibilities with other servers that do not
+      # normalize the JSON-LD documents (for instance, previous Mastodon
+      # versions), so skip redistribution if we can't get a safe document.
+      patch_for_forwarding!(original_json, @json)
+      @json.delete('signature') unless safe_for_forwarding?(original_json, @json)
+    end
     case @json['type']
     when 'Collection', 'CollectionPage'
       process_items @json['items']
diff --git a/spec/helpers/jsonld_helper_spec.rb b/spec/helpers/jsonld_helper_spec.rb
index 883a88b14d..744a14f260 100644
--- a/spec/helpers/jsonld_helper_spec.rb
+++ b/spec/helpers/jsonld_helper_spec.rb
@@ -89,4 +89,86 @@ describe JsonLdHelper do
       expect(fetch_resource_without_id_validation('https://host.test/')).to eq({})
+  context 'compaction and forwarding' do
+    let(:json) do
+      {
+        '@context' => [
+          '',
+          '',
+          {
+            'obsolete' => '',
+            'convo' => 'obsolete:conversation',
+            'new' => '',
+          },
+        ],
+        'type' => 'Create',
+        'to' => [''],
+        'object' => {
+          'id' => '',
+          'type' => 'Note',
+          'inReplyTo' => nil,
+          'convo' => '',
+          'tag' => [
+            {
+              'type' => 'Mention',
+              'href' => ['foo'],
+            }
+          ],
+        },
+        'signature' => {
+          'type' => 'RsaSignature2017',
+          'created' => '2022-02-02T12:00:00Z',
+          'creator' => '',
+          'signatureValue' => 'some-sig',
+        },
+      }
+    end
+    describe '#compact' do
+      it 'properly compacts JSON-LD with alternative context definitions' do
+        expect(compact(json).dig('object', 'conversation')).to eq ''
+      end
+      it 'compacts single-item arrays' do
+        expect(compact(json).dig('object', 'tag', 'href')).to eq 'foo'
+      end
+      it 'compacts the activistreams Public collection' do
+        expect(compact(json)['to']).to eq 'as:Public'
+      end
+      it 'properly copies signature' do
+        expect(compact(json)['signature']).to eq json['signature']
+      end
+    end
+    describe 'patch_for_forwarding!' do
+      it 'properly patches incompatibilities' do
+        json['object'].delete('convo')
+        compacted = compact(json)
+        patch_for_forwarding!(json, compacted)
+        expect(compacted['to']).to eq ['']
+        expect(compacted.dig('object', 'tag', 0, 'href')).to eq ['foo']
+        expect(safe_for_forwarding?(json, compacted)).to eq true
+      end
+    end
+    describe 'safe_for_forwarding?' do
+      it 'deems a safe compacting as such' do
+        json['object'].delete('convo')
+        compacted = compact(json)
+        deemed_compatible = patch_for_forwarding!(json, compacted)
+        expect(compacted['to']).to eq ['']
+        expect(safe_for_forwarding?(json, compacted)).to eq true
+      end
+      it 'deems an unsafe compacting as such' do
+        compacted = compact(json)
+        deemed_compatible = patch_for_forwarding!(json, compacted)
+        expect(compacted['to']).to eq ['']
+        expect(safe_for_forwarding?(json, compacted)).to eq false
+      end
+    end
+  end