harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix the like signatures to the "new ordering" - inbound and outbound

Browse Source
This commit is contained in:
friendica 2014-09-10 16:32:19 -07:00
parent 08638f3ec8
commit 79bd451631
1 changed files with 12 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
include/diaspora.php
View File

@ -1783,10 +1783,7 @@ function diaspora_like($importer,$xml,$msg) {
// It looks like "RelayableRetractions" are used for "unlike" instead // It looks like "RelayableRetractions" are used for "unlike" instead
if($positive === 'false') { if($positive === 'false') {
logger('diaspora_like: received a like with positive set to "false"...ignoring'); logger('diaspora_like: received a like with positive set to "false"...ignoring');
/* q("UPDATE `item` SET `deleted` = 1 WHERE `id` = %d AND `uid` = %d", // perhaps call drop_item()
intval($r[0]['id']),
intval($importer['channel_id'])
);*/
// FIXME--actually don't unless it turns out that Diaspora does indeed send out "false" likes // FIXME--actually don't unless it turns out that Diaspora does indeed send out "false" likes
// send notification via proc_run() // send notification via proc_run()
return; return;
@ -1820,16 +1817,12 @@ function diaspora_like($importer,$xml,$msg) {
who sent the salmon who sent the salmon
*/ */
// $signed_data = $guid . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $diaspora_handle;
// 2014-09-10 let's try this: signatures are failing. I'll try and make a signable string from // 2014-09-10 let's try this: signatures are failing. I'll try and make a signable string from
// the parameters in the order they were presented in the post. This is how D* creates the signable string. // the parameters in the order they were presented in the post. This is how D* creates the signable string.
$signed_data = $positive . ';' . $guid . ';' . $target_type . ';' . $parent_guid . ';' . $diaspora_handle; $signed_data = $positive . ';' . $guid . ';' . $target_type . ';' . $parent_guid . ';' . $diaspora_handle;
$key = $msg['key']; $key = $msg['key'];
if($parent_author_signature) { if($parent_author_signature) {
@ -1840,12 +1833,12 @@ function diaspora_like($importer,$xml,$msg) {
$parent_author_signature = base64_decode($parent_author_signature); $parent_author_signature = base64_decode($parent_author_signature);
if(! rsa_verify($signed_data,$parent_author_signature,$key,'sha256')) { if(! rsa_verify($signed_data,$parent_author_signature,$key,'sha256')) {
// if (intval(get_config('system','ignore_diaspora_like_signature'))) if (intval(get_config('system','ignore_diaspora_like_signature')))
logger('diaspora_like: top-level owner verification failed. Proceeding anyway.'); logger('diaspora_like: top-level owner verification failed. Proceeding anyway.');
// else { else {
// logger('diaspora_like: top-level owner verification failed.'); logger('diaspora_like: top-level owner verification failed.');
// return; return;
// } }
} }
} }
else { else {
@ -1857,16 +1850,15 @@ function diaspora_like($importer,$xml,$msg) {
$author_signature = base64_decode($author_signature); $author_signature = base64_decode($author_signature);
if(! rsa_verify($signed_data,$author_signature,$key,'sha256')) { if(! rsa_verify($signed_data,$author_signature,$key,'sha256')) {
// if (intval(get_config('system','ignore_diaspora_like_signature'))) if (intval(get_config('system','ignore_diaspora_like_signature')))
logger('diaspora_like: like creator verification failed. Proceeding anyway'); logger('diaspora_like: like creator verification failed. Proceeding anyway');
// else { else {
// logger('diaspora_like: like creator verification failed.'); logger('diaspora_like: like creator verification failed.');
// return; return;
// } }
} }
} }
logger('diaspora_like: signature check complete.',LOGGER_DEBUG); logger('diaspora_like: signature check complete.',LOGGER_DEBUG);
// Phew! Everything checks out. Now create an item. // Phew! Everything checks out. Now create an item.
@ -2577,7 +2569,7 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) {
if($relay_retract) if($relay_retract)
$sender_signed_text = $item['mid'] . ';' . $target_type; $sender_signed_text = $item['mid'] . ';' . $target_type;
elseif($like) elseif($like)
$sender_signed_text = $item['mid'] . ';' . $target_type . ';' . $parent['mid'] . ';' . $positive . ';' . $handle; $sender_signed_text = $positive . ';' . $item['mid'] . ';' . $target_type . ';' . $parent['mid'] . ';' . $handle;
else else
$sender_signed_text = $item['mid'] . ';' . $parent['mid'] . ';' . $text . ';' . $handle; $sender_signed_text = $item['mid'] . ';' . $parent['mid'] . ';' . $text . ';' . $handle;
} }