diff options
| author | Ariadne Conill <ariadne@dereferenced.org> | 2019-07-18 15:06:58 +0000 |
|---|---|---|
| committer | Ariadne Conill <ariadne@dereferenced.org> | 2019-07-18 15:11:21 +0000 |
| commit | 88d064d80e4a3272a2a7101089b5f924fd175866 (patch) | |
| tree | 27510d4c7006b3058693159137fd4ce22dd1b7ae /lib | |
| parent | f9a0014681a2054ca9fec9df4729bce8bc0b4060 (diff) | |
| download | pleroma-88d064d80e4a3272a2a7101089b5f924fd175866.tar.gz | |
http signature plug: remove redundant checks handled by HTTPSignatures library
the redundant checks assumed a POST request, which will not work for signed GETs.
this check was originally needed because the HTTPSignatures adapter assumed that
the requests were also POST requests. but now, the adapter has been corrected.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/plugs/http_signature.ex | 49 |
1 files changed, 20 insertions, 29 deletions
diff --git a/lib/pleroma/plugs/http_signature.ex b/lib/pleroma/plugs/http_signature.ex index e2874c469..d87fa52fa 100644 --- a/lib/pleroma/plugs/http_signature.ex +++ b/lib/pleroma/plugs/http_signature.ex @@ -3,7 +3,6 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do - alias Pleroma.Web.ActivityPub.Utils import Plug.Conn require Logger @@ -16,38 +15,30 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do end def call(conn, _opts) do - user = Utils.get_ap_id(conn.params["actor"]) - Logger.debug("Checking sig for #{user}") [signature | _] = get_req_header(conn, "signature") - cond do - signature && String.contains?(signature, user) -> - # set (request-target) header to the appropriate value - # we also replace the digest header with the one we computed - conn = - conn - |> put_req_header( - "(request-target)", - String.downcase("#{conn.method}") <> " #{conn.request_path}" - ) - - conn = - if conn.assigns[:digest] do - conn - |> put_req_header("digest", conn.assigns[:digest]) - else - conn - end - - assign(conn, :valid_signature, HTTPSignatures.validate_conn(conn)) + if signature do + # set (request-target) header to the appropriate value + # we also replace the digest header with the one we computed + conn = + conn + |> put_req_header( + "(request-target)", + String.downcase("#{conn.method}") <> " #{conn.request_path}" + ) - signature -> - Logger.debug("Signature not from actor") - assign(conn, :valid_signature, false) + conn = + if conn.assigns[:digest] do + conn + |> put_req_header("digest", conn.assigns[:digest]) + else + conn + end - true -> - Logger.debug("No signature header!") - conn + assign(conn, :valid_signature, HTTPSignatures.validate_conn(conn)) + else + Logger.debug("No signature header!") + conn end end end |