aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Lib/Enotify.php16
-rw-r--r--Zotlabs/Module/Channel.php2
-rw-r--r--Zotlabs/Module/Home.php10
-rw-r--r--Zotlabs/Module/Id.php6
-rw-r--r--Zotlabs/Web/HTTPSig.php10
-rw-r--r--include/network.php1
6 files changed, 10 insertions, 35 deletions
diff --git a/Zotlabs/Lib/Enotify.php b/Zotlabs/Lib/Enotify.php
index fcb324a42..6d5e249ef 100644
--- a/Zotlabs/Lib/Enotify.php
+++ b/Zotlabs/Lib/Enotify.php
@@ -559,20 +559,6 @@ class Enotify {
}
}
-
- $r = q("select id from notify where hash = '%s' and link = '%s' and ntype = %d and uid = %d limit 1",
- dbesc($datarray['hash']),
- dbesc($datarray['link']),
- intval($datarray['ntype']),
- intval($recip['channel_id'])
- );
-
- if ($r) {
- pop_lang();
- logger('duplicate_notification');
- return;
- }
-
$r = q("insert into notify (hash,xname,url,photo,created,msg,aid,uid,link,parent,seen,ntype,verb,otype)
values('%s','%s','%s','%s','%s','%s',%d,%d,'%s','%s',%d,%d,'%s','%s')",
dbesc($datarray['hash']),
@@ -593,7 +579,7 @@ class Enotify {
$r = q("select id from notify where hash = '%s' and link = '%s' and ntype = %d and uid = %d limit 1",
dbesc($datarray['hash']),
- dbesc($datarray['link']),
+ dbesc($itemlink),
intval($datarray['ntype']),
intval($recip['channel_id'])
);
diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php
index e35a611d0..f73f25d5f 100644
--- a/Zotlabs/Module/Channel.php
+++ b/Zotlabs/Module/Channel.php
@@ -85,7 +85,7 @@ class Channel extends Controller {
$headers = [
'Content-Type' => 'application/x-zot+json',
'Digest' => HTTPSig::generate_digest_header($data),
- 'Date' => datetime_convert('UTC','UTC', 'now', 'D, d M Y H:i:s \\G\\M\\T')
+ '(request-target)' => strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']
];
$h = HTTPSig::create_sig($headers, $channel['channel_prvkey'], channel_url($channel));
diff --git a/Zotlabs/Module/Home.php b/Zotlabs/Module/Home.php
index 0dec432d0..39a1c8ea4 100644
--- a/Zotlabs/Module/Home.php
+++ b/Zotlabs/Module/Home.php
@@ -24,13 +24,9 @@ class Home extends Controller {
$key = Config::Get('system', 'prvkey');
$ret = json_encode(Libzot::site_info());
- $headers = [
- 'Content-Type' => 'application/x-zot+json',
- 'Digest' => HTTPSig::generate_digest_header($ret),
- 'Date' => datetime_convert('UTC','UTC', 'now', 'D, d M Y H:i:s \\G\\M\\T')
- ];
-
- $h = HTTPSig::create_sig($headers, $key, z_root());
+ $headers = ['Content-Type' => 'application/x-zot+json', 'Digest' => HTTPSig::generate_digest_header($ret)];
+ $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'];
+ $h = HTTPSig::create_sig($headers, $key, z_root());
HTTPSig::set_headers($h);
echo $ret;
diff --git a/Zotlabs/Module/Id.php b/Zotlabs/Module/Id.php
index 004cad6e7..e08568d00 100644
--- a/Zotlabs/Module/Id.php
+++ b/Zotlabs/Module/Id.php
@@ -6,8 +6,8 @@ namespace Zotlabs\Module;
*
* Controller for responding to x-zot: protocol requests
* x-zot:_jkfRG85nJ-714zn-LW_VbTFW8jSjGAhAydOcJzHxqHkvEHWG2E0RbA_pbch-h4R63RG1YJZifaNzgccoLa3MQ/453c1678-1a79-4af7-ab65-6b012f6cab77
- *
- */
+ *
+ */
use Zotlabs\Lib\Activity;
use Zotlabs\Lib\ActivityStreams;
@@ -104,7 +104,7 @@ class Id extends Controller {
$headers['Content-Type'] = 'application/x-zot+json' ;
$ret = json_encode($x, JSON_UNESCAPED_SLASHES);
$headers['Digest'] = HTTPSig::generate_digest_header($ret);
- $headers['Date'] = datetime_convert('UTC','UTC', 'now', 'D, d M Y H:i:s \\G\\M\\T');
+ $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'];
$h = HTTPSig::create_sig($headers,$chan['channel_prvkey'],channel_url($chan));
HTTPSig::set_headers($h);
echo $ret;
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index ce56ae46b..391fa0950 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -118,23 +118,15 @@ class HTTPSig {
return $result;
}
- $found = preg_match('/alg="(.*?)"/', $headers['signature-input'], $matches);
- $alg = ($found) ? $matches[1] : null;
-
$keyInfo = self::get_key($key, $keytype, $keyId);
$publicKey = $keyInfo['public_key'];
$messageSigner = new HttpMessageSigner();
$messageSigner->setPublicKey($publicKey);
- $messageSigner->setAlgorithm($alg);
+ $messageSigner->setAlgorithm('rsa-sha256');
$messageSigner->setKeyId($keyId);
- $messageSigner->setNonce(preg_match('/nonce="(.*?)"/', $headers['signature-input'], $matches) ? $matches[1] : '');
- $messageSigner->setTag(preg_match('/tag="(.*?)"/', $headers['signature-input'], $matches) ? $matches[1] : '');
- $messageSigner->setCreated(preg_match('/created=([0-9]+)/', $headers['signature-input'], $matches) ? $matches[1] : '');
- $messageSigner->setExpires(preg_match('/expires=([0-9]+)/', $headers['signature-input'], $matches) ? $matches[1] : '');
-
$verified = $messageSigner->verifyRequest(App::$request);
logger('verified (RFC9421): ' . (($verified) ? 'true' : 'false'), LOGGER_DEBUG);
diff --git a/include/network.php b/include/network.php
index 83bb281a4..cb5027922 100644
--- a/include/network.php
+++ b/include/network.php
@@ -433,6 +433,7 @@ function as_return_and_die($obj, $channel = []) {
$headers['Content-Type'] = 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"' ;
$headers['Date'] = datetime_convert('UTC','UTC', 'now', 'D, d M Y H:i:s \\G\\M\\T');
$headers['Digest'] = HTTPSig::generate_digest_header($ret);
+ $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'];
if ($channel) {
$h = HTTPSig::create_sig($headers, $channel['channel_prvkey'], channel_url($channel));