Skip to content

Bluesky users occasionally get created without AP keys #1881

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
snarfed opened this issue Apr 14, 2025 · 2 comments
Open

Bluesky users occasionally get created without AP keys #1881

snarfed opened this issue Apr 14, 2025 · 2 comments
Labels
bug User-facing breakage and reliability issues within Bridgy Fed. now

Comments

@snarfed
Copy link
Owner

snarfed commented Apr 14, 2025

Not common, only seeing one of these every couple weeks or so, but still weird. What's happening here?

https://console.cloud.google.com/errors/detail/CKXLrIb56cr0zQE;locations=global;time=P30D?project=bridgy-federated&invt=AbuwZw

GET https://bsky.brid.gy/ap/did:plc:65isvpdvlh7ttv5tyk5jir4t 

ValueError: Invalid RSA public exponent 
at .construct ( /layers/google.python.pip/pip/lib/python3.12/site-packages/Crypto/PublicKey/RSA.py:647 )
at .public_pem ( /workspace/models.py:708 )
at .postprocess_as2_actor ( /workspace/activitypub.py:1014 )
at ._convert ( /workspace/activitypub.py:447 )
at .convert ( /workspace/protocol.py:603 )
at .actor ( /workspace/activitypub.py:1083 )
at .decorated ( /layers/google.python.pip/pip/lib/python3.12/site-packages/oauth_dropins/webutil/flask_util.py:366 )
at .dispatch_request ( /layers/google.python.pip/pip/lib/python3.12/site-packages/flask/app.py:902 )
at .full_dispatch_request ( /layers/google.python.pip/pip/lib/python3.12/site-packages/flask/app.py:917 )
at .handle_exception ( /layers/google.python.pip/pip/lib/python3.12/site-packages/oauth_dropins/webutil/flask_util.py:252 )
at .handle_user_exception ( /layers/google.python.pip/pip/lib/python3.12/site-packages/flask/app.py:809 )
at .full_dispatch_request ( /layers/google.python.pip/pip/lib/python3.12/site-packages/flask/app.py:919 )
at .wsgi_app ( /layers/google.python.pip/pip/lib/python3.12/site-packages/flask/app.py:1511 )

We generate AP keys in get_or_create:

bridgy-fed/models.py

Lines 390 to 402 in fe51b1f

# generate keys for all protocols _except_ our own
#
# these can use urandom() and do nontrivial math, so they can take time
# depending on the amount of randomness available and compute needed.
if cls.LABEL != 'activitypub':
if (not user.public_exponent or not user.private_exponent or not user.mod):
assert (not user.public_exponent and not user.private_exponent
and not user.mod), id
key = RSA.generate(KEY_BITS,
randfunc=random.randbytes if DEBUG else None)
user.mod = long_to_base64(key.n)
user.public_exponent = long_to_base64(key.e)
user.private_exponent = long_to_base64(key.d)

@snarfed snarfed added bug User-facing breakage and reliability issues within Bridgy Fed. now labels Apr 14, 2025
@snarfed
Copy link
Owner Author

snarfed commented Apr 25, 2025

Aha, this happens when we've already created a user before they enable the bridge. In User.get_or_create, we return the existing user and never create AP keys or do other network-specific setup.

Should be a straightforward fix.

snarfed added a commit that referenced this issue May 10, 2025
@snarfed
use Protocol.create_for for all protocols, not just HAS_COPIES ones
9f9ecce 
we can now use create_for for all protocol-specific setup for new users, eg creating AP keypairs. for #1881
@snarfed snarfed closed this as completed May 10, 2025
@snarfed
Copy link
Owner Author

snarfed commented May 13, 2025

Had to revert 9f9ecce since it may have caused #1929. 😕

@snarfed snarfed reopened this May 13, 2025
snarfed added a commit that referenced this issue May 17, 2025
@snarfed
use Protocol.create_for for all protocols, not just HAS_COPIES ones
612a7d9 
we can now use create_for for all protocol-specific setup for new users, eg creating AP keypairs. for #1881

first attempt at this may have caused #1929, so I'm paying more attention to it this time
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug User-facing breakage and reliability issues within Bridgy Fed. now
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@snarfed