commit: 9a444c0d22fc935c0e268c10d32c847125fd3627
parent: d1c40cbca04ff231de0aa6a021bec440f316fb06
Author: lambda <pleromagit@rogerbraun.net>
Date: Tue, 15 Jan 2019 20:02:56 +0000
Merge branch 'bugfix/websub-hardening' into 'develop'
websub: improve error handling
See merge request pleroma/pleroma!670
Diffstat:
2 files changed, 13 insertions(+), 0 deletions(-)
diff --git a/lib/pleroma/web/websub/websub.ex b/lib/pleroma/web/websub/websub.ex
@@ -121,6 +121,12 @@ defmodule Pleroma.Web.Websub do
end
end
+ def incoming_subscription_request(user, params) do
+ Logger.info("Unhandled WebSub request for #{user.nickname}: #{inspect(params)}")
+
+ {:error, "Invalid WebSub request"}
+ end
+
defp get_subscription(topic, callback) do
Repo.get_by(WebsubServerSubscription, topic: topic, callback: callback) ||
%WebsubServerSubscription{}
diff --git a/lib/pleroma/web/websub/websub_controller.ex b/lib/pleroma/web/websub/websub_controller.ex
@@ -67,6 +67,13 @@ defmodule Pleroma.Web.Websub.WebsubController do
end
end
+ def websub_subscription_confirmation(conn, params) do
+ Logger.info("Invalid WebSub confirmation request: #{inspect(params)}")
+
+ conn
+ |> send_resp(500, "Invalid parameters")
+ end
+
def websub_incoming(conn, %{"id" => id}) do
with "sha1=" <> signature <- hd(get_req_header(conn, "x-hub-signature")),
signature <- String.downcase(signature),