mirror
/
social
kopia lustrzana https://github.com/nextcloud/social
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

check content-length and digest 

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
pull/1227/head
Maxence Lange 2021-03-18 18:10:48 -01:00
rodzic b2b285168b
commit bbe59a942a
1 zmienionych plików z 8 dodań i 3 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

11
lib/Service/SignatureService.php
Wyświetl plik

@ -256,6 +256,14 @@ class SignatureService {
throw new SignatureException('object is too old'); throw new SignatureException('object is too old');
} }
if (strlen($data) !== (int)$request->getHeader('content-length')) {
throw new SignatureException('issue with content-length');
}
if ($this->generateDigest($data) !== $request->getHeader('digest')) {
throw new SignatureException('issue with digest');
}
try { try {
return $this->checkRequestSignature($request, $data); return $this->checkRequestSignature($request, $data);
} catch (RequestContentException $e) { } catch (RequestContentException $e) {
@ -379,9 +387,6 @@ class SignatureService {
$signed = base64_decode($sign['signature']); $signed = base64_decode($sign['signature']);
$estimated = $this->generateEstimatedSignature($headers, $request); $estimated = $this->generateEstimatedSignature($headers, $request);
// TODO: check digest
// $this->generateDigest($data);
try { try {
$publicKey = $this->retrieveKey($keyId); $publicKey = $this->retrieveKey($keyId);
$this->checkRequestSignatureUsingPublicKey($publicKey, $sign, $estimated, $signed); $this->checkRequestSignatureUsingPublicKey($publicKey, $sign, $estimated, $signed);