activitypub: warn instead of error

routers/api/v1/activitypub/reqsignature.go

@@ -14,6 +14,7 @@ import (
 
 	"code.gitea.io/gitea/modules/activitypub"
 	"code.gitea.io/gitea/modules/httplib"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	gitea_context "code.gitea.io/gitea/services/context"
 
@@ -89,7 +90,8 @@ func verifyHTTPSignatures(ctx *gitea_context.APIContext) (authenticated bool, er
 func ReqHTTPSignature() func(ctx *gitea_context.APIContext) {
 	return func(ctx *gitea_context.APIContext) {
 		if authenticated, err := verifyHTTPSignatures(ctx); err != nil {
-			ctx.ServerError("verifyHttpSignatures", err)
+			log.Warn("verifyHttpSignatures failed: %v", err)
+			ctx.Error(http.StatusBadRequest, "reqSignature", "request signature verification failed")
 		} else if !authenticated {
 			ctx.Error(http.StatusForbidden, "reqSignature", "request signature verification failed")
 		}

tests/integration/api_activitypub_person_test.go

@@ -108,6 +108,6 @@ func TestActivityPubPersonInbox(t *testing.T) {
 
 		// Unsigned request fails
 		req := NewRequest(t, "POST", user2inboxurl)
-		MakeRequest(t, req, http.StatusInternalServerError)
+		MakeRequest(t, req, http.StatusBadRequest)
 	})
 }