Don't crypt raw iolists.

This commit is contained in:
Roger Braun 2017-05-01 22:02:07 +02:00
parent 8ae13d94dc
commit 89c1e90eb2
2 changed files with 9 additions and 1 deletions

View file

@ -41,6 +41,7 @@ defmodule Pleroma.Web.Websub do
Enum.each(subscriptions, fn(sub) -> Enum.each(subscriptions, fn(sub) ->
response = FeedRepresenter.to_simple_form(user, [activity], [user]) response = FeedRepresenter.to_simple_form(user, [activity], [user])
|> :xmerl.export_simple(:xmerl_xml) |> :xmerl.export_simple(:xmerl_xml)
|> to_string
signature = sign(sub.secret, response) signature = sign(sub.secret, response)
HTTPoison.post(sub.callback, response, [ HTTPoison.post(sub.callback, response, [
@ -51,7 +52,7 @@ defmodule Pleroma.Web.Websub do
end end
def sign(secret, doc) do def sign(secret, doc) do
:crypto.hmac(:sha, secret, doc) |> Base.encode16 :crypto.hmac(:sha, secret, to_string(doc)) |> Base.encode16
end end
def incoming_subscription_request(user, %{"hub.mode" => "subscribe"} = params) do def incoming_subscription_request(user, %{"hub.mode" => "subscribe"} = params) do

View file

@ -167,4 +167,11 @@ defmodule Pleroma.Web.WebsubTest do
{:error, websub} = Websub.request_subscription(websub, poster, 1000) {:error, websub} = Websub.request_subscription(websub, poster, 1000)
assert websub.state == "rejected" assert websub.state == "rejected"
end end
test "sign a text" do
signed = Websub.sign("secret", "text")
assert signed == "B8392C23690CCF871F37EC270BE1582DEC57A503"
signed = Websub.sign("secret", [[""], ['']])
end
end end