mirror
/
activitypub-single-php-file
kopia lustrzana https://gitlab.com/edent/activitypub-single-php-file
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Be more lenient with timestamp checking in signatures

merge-requests/5/head
Terence Eden 2024-03-17 20:53:30 +00:00
rodzic d88addacb0
commit d829c201f2
1 zmienionych plików z 6 dodań i 5 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

11
index.php
Wyświetl plik

@ -1484,8 +1484,8 @@ HTML;
// Ensure the header keys match the format expected by the signature // Ensure the header keys match the format expected by the signature
$headers = array_change_key_case( $headers, CASE_LOWER ); $headers = array_change_key_case( $headers, CASE_LOWER );
// Validate the timestamp is within ±30 seconds // Validate the timestamp
// 7.2.4 of https://datatracker.ietf.org/doc/rfc9421/ says compare the Date header and the published date of the message // 7.2.4 of https://datatracker.ietf.org/doc/rfc9421/
if ( !isset( $headers["date"] ) ) { if ( !isset( $headers["date"] ) ) {
// No date set // No date set
// Filename for the log // Filename for the log
@ -1502,10 +1502,11 @@ HTML;
$headerDatetime = DateTime::createFromFormat('D, d M Y H:i:s T', $dateHeader); $headerDatetime = DateTime::createFromFormat('D, d M Y H:i:s T', $dateHeader);
$currentDatetime = new DateTime(); $currentDatetime = new DateTime();
// First, check if the message was sent more than 30 seconds ago // First, check if the message was sent no more than ± 1 hour
// https://github.com/mastodon/mastodon/blob/82c2af0356ff888e9665b5b08fda58c7722be637/app/controllers/concerns/signature_verification.rb#L11
// Calculate the time difference in seconds // Calculate the time difference in seconds
$timeDifference = abs( $currentDatetime->getTimestamp() - $headerDatetime->getTimestamp() ); $timeDifference = abs( $currentDatetime->getTimestamp() - $headerDatetime->getTimestamp() );
if ( $timeDifference > 30 ) { if ( $timeDifference > 3600 ) {
// Write a log detailing the error // Write a log detailing the error
// Filename for the log // Filename for the log
$filename = "{$timestamp}.{$type}.Signature.Delay_Failure.txt"; $filename = "{$timestamp}.{$type}.Signature.Delay_Failure.txt";
@ -1525,7 +1526,7 @@ HTML;
$publishedDatetime = new DateTime($published); $publishedDatetime = new DateTime($published);
// Calculate the time difference in seconds // Calculate the time difference in seconds
$timeDifference = abs( $publishedDatetime->getTimestamp() - $headerDatetime->getTimestamp() ); $timeDifference = abs( $publishedDatetime->getTimestamp() - $headerDatetime->getTimestamp() );
if ( $timeDifference > 30 ) { if ( $timeDifference > 60 ) {
// Write a log detailing the error // Write a log detailing the error
// Filename for the log // Filename for the log
$filename = "{$timestamp}.{$type}.Signature.Time_Failure.txt"; $filename = "{$timestamp}.{$type}.Signature.Time_Failure.txt";