From 5211c64c2afa699d89c8ddcf0e4e6b0854e213a2 Mon Sep 17 00:00:00 2001
From: freamon <adslater@gmail.com>
Date: Thu, 15 Aug 2024 13:10:37 +0000
Subject: [PATCH] Return 400 Bad Request for signature verification errors

---
 app/activitypub/routes.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/activitypub/routes.py b/app/activitypub/routes.py
index e95dc90c..911fae93 100644
--- a/app/activitypub/routes.py
+++ b/app/activitypub/routes.py
@@ -440,6 +440,9 @@ def shared_inbox():
                 return ''
             except VerificationError as e:
                 activity_log.exception_message = 'Could not verify signature: ' + str(e)
+                activity_log.result = 'failure'
+                db.session.commit()
+                return '', 400
         else:
             actor_name = request_json['actor'] if 'actor' in request_json else ''
             activity_log.exception_message = f'Actor could not be found: {actor_name}'