From 3d3c01b276bd9c38dfcd1f218d44923ead792f6c Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Mon, 4 Dec 2023 08:27:57 +0100
Subject: [PATCH] fix(activitypub): reject unsigned or badly signed activity
 with correct http error code

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 lib/web/controllers/activity_pub_controller.ex | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/web/controllers/activity_pub_controller.ex b/lib/web/controllers/activity_pub_controller.ex
index 9ea5a81bd..673235e26 100644
--- a/lib/web/controllers/activity_pub_controller.ex
+++ b/lib/web/controllers/activity_pub_controller.ex
@@ -161,9 +161,15 @@ defmodule Mobilizon.Web.ActivityPubController do
       )
 
       Logger.debug(inspect(conn.req_headers))
-    end
 
-    json(conn, "error")
+      conn
+      |> put_status(:forbidden)
+      |> json("ActivityPub signature could not be checked")
+    else
+      conn
+      |> put_status(:unauthorized)
+      |> json("ActivityPub signature could not be found")
+    end
   end
 
   def relay(conn, _params) do