aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-09-04 22:30:55 -0700
committerzotlabs <mike@macgirvin.com>2017-09-04 22:35:54 -0700
commitd58f965b9ab58acd3f218cce3c9d428e27315045 (patch)
treed13dfac45094537efbda490dc4a1d801e9e30a52
parent83d0e48ebe4ba4b8b3ca5918bde98a1aaf005c31 (diff)
downloadvolse-hubzilla-d58f965b9ab58acd3f218cce3c9d428e27315045.tar.gz
volse-hubzilla-d58f965b9ab58acd3f218cce3c9d428e27315045.tar.bz2
volse-hubzilla-d58f965b9ab58acd3f218cce3c9d428e27315045.zip
some more prep work for Zot VI - some of this will need to be undone or at least re-arranged later but we need to bootstrap a test environment.
-rw-r--r--Zotlabs/Web/HTTPSig.php13
-rw-r--r--Zotlabs/Zot/Finger.php5
2 files changed, 13 insertions, 5 deletions
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index e9e262125..2b139a2a1 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -126,9 +126,16 @@ class HTTPSig {
function get_activitypub_key($id) {
- $x = q("select xchan_pubkey from xchan where xchan_hash = '%s' and xchan_network = 'activitypub' ",
- dbesc($id)
- );
+ if(strpos($id,'acct:') === 0) {
+ $x = q("select xchan_pubkey from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
+ dbesc(str_replace('acct:','',$id))
+ );
+ }
+ else {
+ $x = q("select xchan_pubkey from xchan where xchan_hash = '%s' and xchan_network = 'activitypub' ",
+ dbesc($id)
+ );
+ }
if($x && $x[0]['xchan_pubkey']) {
return ($x[0]['xchan_pubkey']);
diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php
index 865e78517..e205b136f 100644
--- a/Zotlabs/Zot/Finger.php
+++ b/Zotlabs/Zot/Finger.php
@@ -120,9 +120,10 @@ class Finger {
return $ret;
}
- $verify = \Zotlabs\Web\HTTPSig::verify($result);
-
$x = json_decode($result['body'], true);
+
+ $verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : '');
+
if($x && (! $verify['header_valid'])) {
$signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null);
if($signed_token) {