GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Don't ensureProfile before we verify signature

Browse Source
This commit is contained in:
Mikael Nordfeldth 2014-06-02 16:10:26 +02:00
parent 00b2bddc7c
commit dc52a8ff43
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
plugins/OStatus/lib/salmonaction.php
View File

@ -49,14 +49,15 @@ class SalmonAction extends Action
$entry = $magic_env->getPayload(); // Not cryptographically verified yet! $entry = $magic_env->getPayload(); // Not cryptographically verified yet!
$this->activity = new Activity($entry->documentElement); $this->activity = new Activity($entry->documentElement);
$oprofile = $this->ensureProfile(); $profile = Profile::fromUri($this->activity->actor->id);
assert($profile instanceof Profile);
} catch (Exception $e) { } catch (Exception $e) {
common_debug('Salmon envelope parsing failed with: '.$e->getMessage()); common_debug('Salmon envelope parsing failed with: '.$e->getMessage());
$this->clientError($e->getMessage()); $this->clientError($e->getMessage());
} }
// Cryptographic verification test // Cryptographic verification test
if (!$magic_env->verify($oprofile->localProfile())) { if (!$magic_env->verify($profile)) {
common_log(LOG_DEBUG, "Salmon signature verification failed."); common_log(LOG_DEBUG, "Salmon signature verification failed.");
// TRANS: Client error. // TRANS: Client error.
$this->clientError(_m('Salmon signature verification failed.')); $this->clientError(_m('Salmon signature verification failed.'));