From 19888b95cc99a4a1333431909067b8147de7892c Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sun, 15 Apr 2018 21:04:09 -0700
Subject: draft-cavage issues

---
 Zotlabs/Web/HTTPSig.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'Zotlabs/Web')

diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 9bcc2e5ec..255511ede 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -59,6 +59,8 @@ class HTTPSig {
 			$headers['(request-target)'] =
 				strtolower($_SERVER['REQUEST_METHOD']) . ' ' .
 				$_SERVER['REQUEST_URI'];
+			$headers['content-type'] = $_SERVER['CONTENT_TYPE'];
+
 			foreach($_SERVER as $k => $v) {
 				if(strpos($k,'HTTP_') === 0) {
 					$field = str_replace('_','-',strtolower(substr($k,5)));
@@ -67,6 +69,10 @@ class HTTPSig {
 			}
 		}
 
+		// logger('SERVER: ' . print_r($_SERVER,true), LOGGER_ALL);
+
+		// logger('headers: ' . print_r($headers,true), LOGGER_ALL);
+
 		$sig_block = null;
 
 		if(array_key_exists('signature',$headers)) {
@@ -194,10 +200,10 @@ class HTTPSig {
 		if($r) {
 			$j = json_decode($r,true);
 
-			if($j['id'] !== $id)
-				return false;
-
 			if(array_key_exists('publicKey',$j) && array_key_exists('publicKeyPem',$j['publicKey'])) {
+				if((array_key_exists('id',$j['publicKey']) && $j['publicKey']['id'] !== $id) && $j['id'] !== $id)
+					return false;
+
 				return($j['publicKey']['publicKeyPem']);
 			}
 		}
-- 
cgit v1.2.3