diff options
author | zotlabs <mike@macgirvin.com> | 2017-09-04 22:30:55 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-09-04 22:35:54 -0700 |
commit | d58f965b9ab58acd3f218cce3c9d428e27315045 (patch) | |
tree | d13dfac45094537efbda490dc4a1d801e9e30a52 | |
parent | 83d0e48ebe4ba4b8b3ca5918bde98a1aaf005c31 (diff) | |
download | volse-hubzilla-d58f965b9ab58acd3f218cce3c9d428e27315045.tar.gz volse-hubzilla-d58f965b9ab58acd3f218cce3c9d428e27315045.tar.bz2 volse-hubzilla-d58f965b9ab58acd3f218cce3c9d428e27315045.zip |
some more prep work for Zot VI - some of this will need to be undone or at least re-arranged later but we need to bootstrap a test environment.
-rw-r--r-- | Zotlabs/Web/HTTPSig.php | 13 | ||||
-rw-r--r-- | Zotlabs/Zot/Finger.php | 5 |
2 files changed, 13 insertions, 5 deletions
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index e9e262125..2b139a2a1 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -126,9 +126,16 @@ class HTTPSig { function get_activitypub_key($id) { - $x = q("select xchan_pubkey from xchan where xchan_hash = '%s' and xchan_network = 'activitypub' ", - dbesc($id) - ); + if(strpos($id,'acct:') === 0) { + $x = q("select xchan_pubkey from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1", + dbesc(str_replace('acct:','',$id)) + ); + } + else { + $x = q("select xchan_pubkey from xchan where xchan_hash = '%s' and xchan_network = 'activitypub' ", + dbesc($id) + ); + } if($x && $x[0]['xchan_pubkey']) { return ($x[0]['xchan_pubkey']); diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php index 865e78517..e205b136f 100644 --- a/Zotlabs/Zot/Finger.php +++ b/Zotlabs/Zot/Finger.php @@ -120,9 +120,10 @@ class Finger { return $ret; } - $verify = \Zotlabs\Web\HTTPSig::verify($result); - $x = json_decode($result['body'], true); + + $verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : ''); + if($x && (! $verify['header_valid'])) { $signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null); if($signed_token) { |