Verify HTTP signatures only when request accepts "activity+json" type

author: Egor Kislitsyn <egor@kislitsyn.com> 2019-12-19 20:17:18 +0700
committer: Egor Kislitsyn <egor@kislitsyn.com> 2019-12-19 20:17:18 +0700
commit: 775212121cc3eb108bca6c4b94a3fdf6d8d8fcd1 (patch)
tree: 67c9ca81cc1d998bb63c7ea3c8137746016820b0 /lib
parent: 36d66d965519037d086ad5080ccf833801c3381e (diff)
download: pleroma-775212121cc3eb108bca6c4b94a3fdf6d8d8fcd1.tar.gz
1 files changed, 9 insertions, 4 deletions
diff --git a/lib/pleroma/plugs/http_signature.ex b/lib/pleroma/plugs/http_signature.ex
index ecd7a55bf..477a5b578 100644
--- a/lib/pleroma/plugs/http_signature.ex
+++ b/lib/pleroma/plugs/http_signature.ex
@@ -4,6 +4,7 @@
 
 defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
   import Plug.Conn
+  import Phoenix.Controller, only: [get_format: 1, text: 2]
   require Logger
 
   def init(options) do
@@ -15,9 +16,13 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
   end
 
   def call(conn, _opts) do
-    conn
-    |> maybe_assign_valid_signature()
-    |> maybe_require_signature()
+    if get_format(conn) == "activity+json" do
+      conn
+      |> maybe_assign_valid_signature()
+      |> maybe_require_signature()
+    else
+      conn
+    end
   end
 
   defp maybe_assign_valid_signature(conn) do
@@ -51,7 +56,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
     if Pleroma.Config.get([:activitypub, :authorized_fetch_mode], false) do
       conn
       |> put_status(:unauthorized)
-      |> Phoenix.Controller.text("Request not signed")
+      |> text("Request not signed")
       |> halt()
     else
       conn
author	Egor Kislitsyn <egor@kislitsyn.com>	2019-12-19 20:17:18 +0700
committer	Egor Kislitsyn <egor@kislitsyn.com>	2019-12-19 20:17:18 +0700
commit	775212121cc3eb108bca6c4b94a3fdf6d8d8fcd1 (patch)
tree	67c9ca81cc1d998bb63c7ea3c8137746016820b0 /lib
parent	36d66d965519037d086ad5080ccf833801c3381e (diff)
download	pleroma-775212121cc3eb108bca6c4b94a3fdf6d8d8fcd1.tar.gz