From 89c1e90eb2a5da0a6f635a6158fe880076518a38 Mon Sep 17 00:00:00 2001 From: Roger Braun Date: Mon, 1 May 2017 22:02:07 +0200 Subject: [PATCH] Don't crypt raw iolists. --- lib/pleroma/web/websub/websub.ex | 3 ++- test/web/websub/websub_test.exs | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/websub/websub.ex b/lib/pleroma/web/websub/websub.ex index 905c237a0..546bfb5a4 100644 --- a/lib/pleroma/web/websub/websub.ex +++ b/lib/pleroma/web/websub/websub.ex @@ -41,6 +41,7 @@ def publish(topic, user, activity) do Enum.each(subscriptions, fn(sub) -> response = FeedRepresenter.to_simple_form(user, [activity], [user]) |> :xmerl.export_simple(:xmerl_xml) + |> to_string signature = sign(sub.secret, response) HTTPoison.post(sub.callback, response, [ @@ -51,7 +52,7 @@ def publish(topic, user, activity) do end def sign(secret, doc) do - :crypto.hmac(:sha, secret, doc) |> Base.encode16 + :crypto.hmac(:sha, secret, to_string(doc)) |> Base.encode16 end def incoming_subscription_request(user, %{"hub.mode" => "subscribe"} = params) do diff --git a/test/web/websub/websub_test.exs b/test/web/websub/websub_test.exs index ad312cd25..63acb3c43 100644 --- a/test/web/websub/websub_test.exs +++ b/test/web/websub/websub_test.exs @@ -167,4 +167,11 @@ test "rejects the subscription if it can't be accepted" do {:error, websub} = Websub.request_subscription(websub, poster, 1000) assert websub.state == "rejected" end + + test "sign a text" do + signed = Websub.sign("secret", "text") + assert signed == "B8392C23690CCF871F37EC270BE1582DEC57A503" + + signed = Websub.sign("secret", [["て"], ['す']]) + end end