Don't crypt raw iolists.

diff --git a/lib/pleroma/web/websub/websub.ex b/lib/pleroma/web/websub/websub.ex
index 905c237a088ecb9ca426eca77181f9c1c1a2ce6e..546bfb5a4db9d91594c226052c8ba8e033e88f62 100644 (file)
--- a/lib/pleroma/web/websub/websub.ex
+++ b/lib/pleroma/web/websub/websub.ex
@@ -41,6 +41,7 @@ defmodule Pleroma.Web.Websub do
     Enum.each(subscriptions, fn(sub) ->
       response = FeedRepresenter.to_simple_form(user, [activity], [user])
       |> :xmerl.export_simple(:xmerl_xml)
+      |> to_string
 
       signature = sign(sub.secret, response)
       HTTPoison.post(sub.callback, response, [
@@ -51,7 +52,7 @@ defmodule Pleroma.Web.Websub do
   end
 
   def sign(secret, doc) do
-    :crypto.hmac(:sha, secret, doc) |> Base.encode16
+    :crypto.hmac(:sha, secret, to_string(doc)) |> Base.encode16
   end
 
   def incoming_subscription_request(user, %{"hub.mode" => "subscribe"} = params) do

diff --git a/test/web/websub/websub_test.exs b/test/web/websub/websub_test.exs
index ad312cd25017fd748f9f6995cf2c41de6eb3f0b6..63acb3c435e4b37a228ea61f3da6829aa703063c 100644 (file)
--- a/test/web/websub/websub_test.exs
+++ b/test/web/websub/websub_test.exs
@@ -167,4 +167,11 @@ defmodule Pleroma.Web.WebsubTest do
     {:error, websub} = Websub.request_subscription(websub, poster, 1000)
     assert websub.state == "rejected"
   end
+
+  test "sign a text" do
+    signed = Websub.sign("secret", "text")
+    assert signed == "B8392C23690CCF871F37EC270BE1582DEC57A503"
+
+    signed = Websub.sign("secret", [["て"], ['す']])
+  end
 end