X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fplugs%2Fhttp_signature.ex;h=23d22a712fcf9839490b9d4cf44de3a370c7cf9b;hb=1f498ba2bb77a6dd103631d9de1e5c1bbfaaea10;hp=33fbba84017c9e9681d83881b9e3f6fb8ad65909;hpb=bee6acd51dc4e84e44caecf9d123dfff2f640a38;p=akkoma
diff --git a/lib/pleroma/plugs/http_signature.ex b/lib/pleroma/plugs/http_signature.ex
index 33fbba840..23d22a712 100644
--- a/lib/pleroma/plugs/http_signature.ex
+++ b/lib/pleroma/plugs/http_signature.ex
@@ -1,10 +1,8 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2018 Pleroma Authors
+# Copyright © 2017-2019 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
- alias Pleroma.Web.HTTPSignatures
- alias Pleroma.Web.ActivityPub.Utils
import Plug.Conn
require Logger
@@ -17,38 +15,31 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
end
def call(conn, _opts) do
- user = Utils.get_ap_id(conn.params["actor"])
- Logger.debug("Checking sig for #{user}")
- [signature | _] = get_req_header(conn, "signature")
+ headers = get_req_header(conn, "signature")
+ signature = Enum.at(headers, 0)
- cond do
- signature && String.contains?(signature, user) ->
- # set (request-target) header to the appropriate value
- # we also replace the digest header with the one we computed
- conn =
- conn
- |> put_req_header(
- "(request-target)",
- String.downcase("#{conn.method}") <> " #{conn.request_path}"
- )
-
- conn =
- if conn.assigns[:digest] do
- conn
- |> put_req_header("digest", conn.assigns[:digest])
- else
- conn
- end
-
- assign(conn, :valid_signature, HTTPSignatures.validate_conn(conn))
+ if signature do
+ # set (request-target) header to the appropriate value
+ # we also replace the digest header with the one we computed
+ conn =
+ conn
+ |> put_req_header(
+ "(request-target)",
+ String.downcase("#{conn.method}") <> " #{conn.request_path}"
+ )
- signature ->
- Logger.debug("Signature not from actor")
- assign(conn, :valid_signature, false)
+ conn =
+ if conn.assigns[:digest] do
+ conn
+ |> put_req_header("digest", conn.assigns[:digest])
+ else
+ conn
+ end
- true ->
- Logger.debug("No signature header!")
- conn
+ assign(conn, :valid_signature, HTTPSignatures.validate_conn(conn))
+ else
+ Logger.debug("No signature header!")
+ conn
end
end
end