From dc52a8ff437d7997beedc0def56d706fd0737c83 Mon Sep 17 00:00:00 2001 From: Mikael Nordfeldth Date: Mon, 2 Jun 2014 16:10:26 +0200 Subject: [PATCH] Don't ensureProfile before we verify signature --- plugins/OStatus/lib/salmonaction.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/plugins/OStatus/lib/salmonaction.php b/plugins/OStatus/lib/salmonaction.php index e217fd5a00..b0365d161d 100644 --- a/plugins/OStatus/lib/salmonaction.php +++ b/plugins/OStatus/lib/salmonaction.php @@ -49,14 +49,15 @@ class SalmonAction extends Action $entry = $magic_env->getPayload(); // Not cryptographically verified yet! $this->activity = new Activity($entry->documentElement); - $oprofile = $this->ensureProfile(); + $profile = Profile::fromUri($this->activity->actor->id); + assert($profile instanceof Profile); } catch (Exception $e) { common_debug('Salmon envelope parsing failed with: '.$e->getMessage()); $this->clientError($e->getMessage()); } // Cryptographic verification test - if (!$magic_env->verify($oprofile->localProfile())) { + if (!$magic_env->verify($profile)) { common_log(LOG_DEBUG, "Salmon signature verification failed."); // TRANS: Client error. $this->clientError(_m('Salmon signature verification failed.'));