Merge branch 'bugfix/websub-hardening' into 'develop'

websub: improve error handling

See merge request pleroma/pleroma!670
This commit is contained in:
lambda 2019-01-15 20:02:56 +00:00
commit 9a444c0d22
2 changed files with 13 additions and 0 deletions

View file

@ -121,6 +121,12 @@ def incoming_subscription_request(user, %{"hub.mode" => "subscribe"} = params) d
end end
end end
def incoming_subscription_request(user, params) do
Logger.info("Unhandled WebSub request for #{user.nickname}: #{inspect(params)}")
{:error, "Invalid WebSub request"}
end
defp get_subscription(topic, callback) do defp get_subscription(topic, callback) do
Repo.get_by(WebsubServerSubscription, topic: topic, callback: callback) || Repo.get_by(WebsubServerSubscription, topic: topic, callback: callback) ||
%WebsubServerSubscription{} %WebsubServerSubscription{}

View file

@ -67,6 +67,13 @@ def websub_subscription_confirmation(
end end
end end
def websub_subscription_confirmation(conn, params) do
Logger.info("Invalid WebSub confirmation request: #{inspect(params)}")
conn
|> send_resp(500, "Invalid parameters")
end
def websub_incoming(conn, %{"id" => id}) do def websub_incoming(conn, %{"id" => id}) do
with "sha1=" <> signature <- hd(get_req_header(conn, "x-hub-signature")), with "sha1=" <> signature <- hd(get_req_header(conn, "x-hub-signature")),
signature <- String.downcase(signature), signature <- String.downcase(signature),