Avoid a notice in HTTP signature check, preparation for authentication

diff --git a/src/Module/Objects.php b/src/Module/Objects.php
index e6dfb6a28e829f8ffdeaeef926d600ce994f7b92..3f8aea0d01adc4432a523645c92d82341be2a675 100644 (file)
--- a/src/Module/Objects.php
+++ b/src/Module/Objects.php
@@ -9,6 +9,7 @@ use Friendica\Protocol\ActivityPub;
 use Friendica\Core\System;
 use Friendica\Model\Item;
 use Friendica\Database\DBA;
+use Friendica\Util\HTTPSignature;
 
 /**
  * ActivityPub Objects
@@ -27,6 +28,9 @@ class Objects extends BaseModule
                        $a->internalRedirect(str_replace('objects/', 'display/', $a->query_string));
                }
 
+               /// @todo Add Authentication to enable fetching of non public content
+               // $requester = HTTPSignature::getSigner('', $_SERVER);
+
                $item = Item::selectFirst(['id'], ['guid' => $a->argv[1], 'origin' => true, 'private' => false]);
                if (!DBA::isResult($item)) {
                        System::httpExit(404);

diff --git a/src/Module/Outbox.php b/src/Module/Outbox.php
index 681d1cccb103d76ccd1b225758e67f442a115f3b..41e10757f1231ae90a10138fe49cc09cc4ef722b 100644 (file)
--- a/src/Module/Outbox.php
+++ b/src/Module/Outbox.php
@@ -8,6 +8,7 @@ use Friendica\BaseModule;
 use Friendica\Protocol\ActivityPub;
 use Friendica\Core\System;
 use Friendica\Model\User;
+use Friendica\Util\HTTPSignature;
 
 /**
  * ActivityPub Outbox
@@ -29,6 +30,9 @@ class Outbox extends BaseModule
 
                $page = defaults($_REQUEST, 'page', null);
 
+               /// @todo Add Authentication to enable fetching of non public content
+               // $requester = HTTPSignature::getSigner('', $_SERVER);
+
                $outbox = ActivityPub\Transmitter::getOutbox($owner, $page);
 
                header('Content-Type: application/activity+json');

diff --git a/src/Util/HTTPSignature.php b/src/Util/HTTPSignature.php
index db1ea90dcb5ff74ad1c170e21c219cc05dfee06a..b54f50051235e56621462196b36cc51e372c5936 100644 (file)
--- a/src/Util/HTTPSignature.php
+++ b/src/Util/HTTPSignature.php
@@ -217,7 +217,7 @@ class HTTPSignature
                        $ret['signature'] = base64_decode(preg_replace('/\s+/', '', $matches[1]));
                }
 
-               if (($ret['signature']) && ($ret['algorithm']) && (!$ret['headers'])) {
+               if (!empty($ret['signature']) && !empty($ret['algorithm']) && empty($ret['headers'])) {
                        $ret['headers'] = ['date'];
                }
 
@@ -376,13 +376,20 @@ class HTTPSignature
         */
        public static function getSigner($content, $http_headers)
        {
-               $object = json_decode($content, true);
-
-               if (empty($object)) {
+               if (empty($http_headers['HTTP_SIGNATURE'])) {
                        return false;
                }
 
-               $actor = JsonLD::fetchElement($object, 'actor', 'id');
+               if (!empty($content)) {
+                       $object = json_decode($content, true);
+                       if (empty($object)) {
+                               return false;
+                       }
+
+                       $actor = JsonLD::fetchElement($object, 'actor', 'id');
+               } else {
+                       $actor = '';
+               }
 
                $headers = [];
                $headers['(request-target)'] = strtolower($http_headers['REQUEST_METHOD']) . ' ' . $http_headers['REQUEST_URI'];