UA-Fediland/pixelfed
2
0
Fork 0
mirror of https://github.com/pixelfed/pixelfed.git synced 2024-11-22 06:21:27 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update InboxPipeline, fail earlier for invalid public keys. Fixes #2648

Browse source
This commit is contained in:
Daniel Supernault 2021-02-12 22:25:34 -07:00
parent 40db9a1296
commit d1c5e9b867
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/Jobs/InboxPipeline/InboxValidator.php
View file

@ -173,6 +173,9 @@ class InboxValidator implements ShouldQueue
return;
}
$pkey = openssl_pkey_get_public($actor->public_key);
if(!$pkey) {
return 0;
}
$inboxPath = "/users/{$profile->username}/inbox";
list($verified, $headers) = HttpSignature::verify($pkey, $signatureData, $headers, $inboxPath, $body);
if($verified == 1) {

3
app/Jobs/InboxPipeline/InboxWorker.php
View file

@ -161,6 +161,9 @@ class InboxWorker implements ShouldQueue
return;
}
$pkey = openssl_pkey_get_public($actor->public_key);
if(!$pkey) {
return 0;
}
$inboxPath = "/f/inbox";
list($verified, $headers) = HttpSignature::verify($pkey, $signatureData, $headers, $inboxPath, $body);
if($verified == 1) {