Commit 89c1e90e authored by lain's avatar lain
Browse files

Don't crypt raw iolists.

parent 8ae13d94
......@@ -41,6 +41,7 @@ def publish(topic, user, activity) do
Enum.each(subscriptions, fn(sub) ->
response = FeedRepresenter.to_simple_form(user, [activity], [user])
|> :xmerl.export_simple(:xmerl_xml)
|> to_string
signature = sign(sub.secret, response)
HTTPoison.post(sub.callback, response, [
......@@ -51,7 +52,7 @@ def publish(topic, user, activity) do
end
def sign(secret, doc) do
:crypto.hmac(:sha, secret, doc) |> Base.encode16
:crypto.hmac(:sha, secret, to_string(doc)) |> Base.encode16
end
def incoming_subscription_request(user, %{"hub.mode" => "subscribe"} = params) do
......
......@@ -167,4 +167,11 @@ test "rejects the subscription if it can't be accepted" do
{:error, websub} = Websub.request_subscription(websub, poster, 1000)
assert websub.state == "rejected"
end
test "sign a text" do
signed = Websub.sign("secret", "text")
assert signed == "B8392C23690CCF871F37EC270BE1582DEC57A503"
signed = Websub.sign("secret", [["て"], ['す']])
end
end
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment