diff --git a/app/Jobs/InboxPipeline/InboxValidator.php b/app/Jobs/InboxPipeline/InboxValidator.php index 9e0c89a4..fcc827dc 100644 --- a/app/Jobs/InboxPipeline/InboxValidator.php +++ b/app/Jobs/InboxPipeline/InboxValidator.php @@ -80,9 +80,6 @@ class InboxValidator implements ShouldQueue if($this->verifySignature($headers, $profile, $payload) == true) { (new Inbox($headers, $profile, $payload))->handle(); return; - } else if($this->blindKeyRotation($headers, $profile, $payload) == true) { - (new Inbox($headers, $profile, $payload))->handle(); - return; } else { return; } @@ -96,18 +93,18 @@ class InboxValidator implements ShouldQueue $signature = is_array($headers['signature']) ? $headers['signature'][0] : $headers['signature']; $date = is_array($headers['date']) ? $headers['date'][0] : $headers['date']; if(!$signature) { - return; + return false; } if(!$date) { - return; + return false; } if(!now()->parse($date)->gt(now()->subDays(1)) || !now()->parse($date)->lt(now()->addDays(1)) ) { - return; + return false; } if(!isset($bodyDecoded['id'])) { - return; + return false; } $signatureData = HttpSignature::parseSignatureHeader($signature); $keyId = Helpers::validateUrl($signatureData['keyId']); @@ -127,12 +124,11 @@ class InboxValidator implements ShouldQueue } } if(parse_url($attr, PHP_URL_HOST) !== $keyDomain) { - return; + return false; } } if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) { - return; - abort(400, 'Invalid request'); + return false; } $actor = Profile::whereKeyId($keyId)->first(); if(!$actor) { @@ -140,11 +136,11 @@ class InboxValidator implements ShouldQueue $actor = Helpers::profileFirstOrNew($actorUrl); } if(!$actor) { - return; + return false; } $pkey = openssl_pkey_get_public($actor->public_key); if(!$pkey) { - return 0; + return false; } $inboxPath = "/users/{$profile->username}/inbox"; list($verified, $headers) = HttpSignature::verify($pkey, $signatureData, $headers, $inboxPath, $body); diff --git a/app/Jobs/InboxPipeline/InboxWorker.php b/app/Jobs/InboxPipeline/InboxWorker.php index 4af86bbe..0dd76e9a 100644 --- a/app/Jobs/InboxPipeline/InboxWorker.php +++ b/app/Jobs/InboxPipeline/InboxWorker.php @@ -68,9 +68,6 @@ class InboxWorker implements ShouldQueue if($this->verifySignature($headers, $payload) == true) { (new Inbox($headers, $profile, $payload))->handle(); return; - } else if($this->blindKeyRotation($headers, $payload) == true) { - (new Inbox($headers, $profile, $payload))->handle(); - return; } else { return; } @@ -83,18 +80,18 @@ class InboxWorker implements ShouldQueue $signature = is_array($headers['signature']) ? $headers['signature'][0] : $headers['signature']; $date = is_array($headers['date']) ? $headers['date'][0] : $headers['date']; if(!$signature) { - return; + return false; } if(!$date) { - return; + return false; } if(!now()->parse($date)->gt(now()->subDays(1)) || !now()->parse($date)->lt(now()->addDays(1)) ) { - return; + return false; } if(!isset($bodyDecoded['id'])) { - return; + return false; } $signatureData = HttpSignature::parseSignatureHeader($signature); $keyId = Helpers::validateUrl($signatureData['keyId']); @@ -114,11 +111,11 @@ class InboxWorker implements ShouldQueue } } if(parse_url($attr, PHP_URL_HOST) !== $keyDomain) { - return; + return false; } } if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) { - return; + return false; } $actor = Profile::whereKeyId($keyId)->first(); if(!$actor) { @@ -126,11 +123,11 @@ class InboxWorker implements ShouldQueue $actor = Helpers::profileFirstOrNew($actorUrl); } if(!$actor) { - return; + return false; } $pkey = openssl_pkey_get_public($actor->public_key); if(!$pkey) { - return 0; + return false; } $inboxPath = "/f/inbox"; list($verified, $headers) = HttpSignature::verify($pkey, $signatureData, $headers, $inboxPath, $body);