From a7f910a6934f68465d1db881cabe11e8dfcf9e00 Mon Sep 17 00:00:00 2001 From: Maxence Lange Date: Wed, 23 Nov 2022 11:40:06 -0100 Subject: [PATCH] filter request-target from header Signed-off-by: Maxence Lange --- Makefile | 1 - composer.lock | 8 ++++---- lib/Db/CoreRequestBuilder.php | 10 +++++----- lib/Migration/Version1000Date20221118000001.php | 2 ++ lib/Service/CurlService.php | 7 +++++-- lib/Service/SignatureService.php | 4 +++- lib/Tools/Model/Request.php | 2 +- 7 files changed, 20 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index 840d253a..8bab9928 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,6 @@ all: dev-setup lint build-js-production composer test # Dev env management dev-setup: clean clean-dev npm-init composer - cp -R node_modules/twemoji/2/svg img/twemoji npm-init: npm install diff --git a/composer.lock b/composer.lock index 851cab56..2aae038e 100644 --- a/composer.lock +++ b/composer.lock @@ -1171,12 +1171,12 @@ "source": { "type": "git", "url": "https://github.com/nextcloud-deps/ocp.git", - "reference": "d1f996e8d03a10184d48a0120282886b3f7806f7" + "reference": "e57eb6aaa56318399f587969879f96d547e015c6" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/nextcloud-deps/ocp/zipball/d1f996e8d03a10184d48a0120282886b3f7806f7", - "reference": "d1f996e8d03a10184d48a0120282886b3f7806f7", + "url": "https://api.github.com/repos/nextcloud-deps/ocp/zipball/e57eb6aaa56318399f587969879f96d547e015c6", + "reference": "e57eb6aaa56318399f587969879f96d547e015c6", "shasum": "" }, "require": { @@ -1207,7 +1207,7 @@ "issues": "https://github.com/nextcloud-deps/ocp/issues", "source": "https://github.com/nextcloud-deps/ocp/tree/master" }, - "time": "2022-11-10T00:44:20+00:00" + "time": "2022-11-23T00:37:22+00:00" }, { "name": "nikic/php-parser", diff --git a/lib/Db/CoreRequestBuilder.php b/lib/Db/CoreRequestBuilder.php index d5bc865c..c2ff47d5 100644 --- a/lib/Db/CoreRequestBuilder.php +++ b/lib/Db/CoreRequestBuilder.php @@ -36,6 +36,7 @@ use DateTime; use Doctrine\DBAL\Query\QueryBuilder; use Exception; use OC; +use OC\DB\Connection; use OC\DB\SchemaWrapper; use OCA\Social\Exceptions\InvalidResourceException; use OCA\Social\Model\ActivityPub\Actor\Person; @@ -44,7 +45,6 @@ use OCA\Social\Model\StreamAction; use OCA\Social\Service\ConfigService; use OCA\Social\Service\MiscService; use OCA\Social\Tools\Exceptions\DateTimeException; -use OCP\DB\ISchemaWrapper; use OCP\DB\QueryBuilder\IQueryBuilder; use OCP\IDBConnection; use OCP\IURLGenerator; @@ -1187,8 +1187,8 @@ class CoreRequestBuilder { ->selectAlias($prefix . '_f.follow_id', $prefix . '_follow_id') ->selectAlias($prefix . '_f.creation', $prefix . '_creation') ->leftJoin( - $this->defaultSelectAlias, CoreRequestBuilder::TABLE_FOLLOWS, $prefix . '_f', - $andX + $this->defaultSelectAlias, CoreRequestBuilder::TABLE_FOLLOWS, $prefix . '_f', + $andX ); } @@ -1263,7 +1263,7 @@ class CoreRequestBuilder { * this just empty all tables from the app. */ public function emptyAll() { - $schema = new SchemaWrapper(Server::get(IDBConnection::class)); + $schema = new SchemaWrapper(Server::get(Connection::class)); foreach (array_keys(self::$tables) as $table) { if ($schema->hasTable($table)) { $qb = $this->dbConnection->getQueryBuilder(); @@ -1278,7 +1278,7 @@ class CoreRequestBuilder { * this just empty all tables from the app. */ public function uninstallSocialTables() { - $schema = new SchemaWrapper(Server::get(IDBConnection::class)); + $schema = new SchemaWrapper(Server::get(Connection::class)); foreach (array_keys(self::$tables) as $table) { if ($schema->hasTable($table)) { $schema->dropTable($table); diff --git a/lib/Migration/Version1000Date20221118000001.php b/lib/Migration/Version1000Date20221118000001.php index e7179db5..b38d7f3f 100644 --- a/lib/Migration/Version1000Date20221118000001.php +++ b/lib/Migration/Version1000Date20221118000001.php @@ -1187,6 +1187,7 @@ class Version1000Date20221118000001 extends SimpleMigrationStep { ); $table->setPrimaryKey(['id']); + $table->addIndex(['token']); } @@ -1372,6 +1373,7 @@ class Version1000Date20221118000001 extends SimpleMigrationStep { ] ); $table->setPrimaryKey(['id']); + $table->addIndex(['token']); } diff --git a/lib/Service/CurlService.php b/lib/Service/CurlService.php index 69f3582b..3433a969 100644 --- a/lib/Service/CurlService.php +++ b/lib/Service/CurlService.php @@ -342,7 +342,7 @@ class CurlService { * @throws RequestServerException */ public function retrieveJsonOrig(NCRequest $request): array { - $result = $this->doRequestOrig($request); + $result = $this->doRequest($request); if (strpos($request->getContentType(), 'application/xrd') === 0) { $xml = simplexml_load_string($result); @@ -374,7 +374,10 @@ class CurlService { $curl = $this->initRequest($request); $result = curl_exec($curl); - $this->logger->debug('[>>] ' . json_encode($request) . ' result: ' . json_encode($result)); + $this->logger->debug( + '[>>] ' . json_encode($request) + . ' result [' . curl_getinfo($curl, CURLINFO_HTTP_CODE) . ']: ' . json_encode($result) + ); if (in_array(curl_errno($curl), $ignoreProtocolOnErrors)) { continue; diff --git a/lib/Service/SignatureService.php b/lib/Service/SignatureService.php index 371cdc27..dcc699f8 100644 --- a/lib/Service/SignatureService.php +++ b/lib/Service/SignatureService.php @@ -163,7 +163,9 @@ class SignatureService { $signingElements = []; foreach ($elements as $element) { $signingElements[] = $element . ': ' . $data[$element]; - $request->addHeader($element, $data[$element]); + if ($element !== '(request-target)') { + $request->addHeader($element, $data[$element]); + } } return implode("\n", $signingElements); diff --git a/lib/Tools/Model/Request.php b/lib/Tools/Model/Request.php index 0f9c9fc4..3e93c66b 100644 --- a/lib/Tools/Model/Request.php +++ b/lib/Tools/Model/Request.php @@ -472,7 +472,7 @@ class Request implements JsonSerializable { * @return array */ public function getHeaders(): array { - return array_merge(['User-Agent' => $this->getUserAgent()], $this->headers); + return array_merge(['user-agent' => $this->getUserAgent()], $this->headers); } /**