From a74d88c4ee20d0991c1ec27b6a0fb9f59d8e7f9b Mon Sep 17 00:00:00 2001 From: Philipp Date: Sun, 18 Oct 2020 22:31:26 +0200 Subject: [PATCH] Remove 'headers' option occurrences and add a warning if used. --- src/Model/GServer.php | 2 +- src/Module/Magic.php | 12 ++++++------ src/Network/HTTPRequest.php | 1 + src/Util/HTTPSignature.php | 10 +++++----- 4 files changed, 13 insertions(+), 12 deletions(-) diff --git a/src/Model/GServer.php b/src/Model/GServer.php index 009816d81..3a2a0bd79 100644 --- a/src/Model/GServer.php +++ b/src/Model/GServer.php @@ -1639,7 +1639,7 @@ class GServer if (!empty($accesstoken)) { $api = 'https://instances.social/api/1.0/instances/list?count=0'; $header = ['Authorization: Bearer '.$accesstoken]; - $curlResult = DI::httpRequest()->get($api, ['headers' => $header]); + $curlResult = DI::httpRequest()->get($api, ['header' => $header]); if ($curlResult->isSuccess()) { $servers = json_decode($curlResult->getBody(), true); diff --git a/src/Module/Magic.php b/src/Module/Magic.php index fc37d91b4..af8ff3605 100644 --- a/src/Module/Magic.php +++ b/src/Module/Magic.php @@ -88,19 +88,19 @@ class Magic extends BaseModule $exp = explode('/profile/', $contact['url']); $basepath = $exp[0]; - $headers = []; - $headers['Accept'] = 'application/x-dfrn+json, application/x-zot+json'; - $headers['X-Open-Web-Auth'] = Strings::getRandomHex(); + $header = []; + $header['Accept'] = 'application/x-dfrn+json, application/x-zot+json'; + $header['X-Open-Web-Auth'] = Strings::getRandomHex(); // Create a header that is signed with the local users private key. - $headers = HTTPSignature::createSig( - $headers, + $header = HTTPSignature::createSig( + $header, $user['prvkey'], 'acct:' . $user['nickname'] . '@' . DI::baseUrl()->getHostname() . (DI::baseUrl()->getUrlPath() ? '/' . DI::baseUrl()->getUrlPath() : '') ); // Try to get an authentication token from the other instance. - $curlResult = DI::httpRequest()->get($basepath . '/owa', ['headers' => $headers]); + $curlResult = DI::httpRequest()->get($basepath . '/owa', ['header' => $header]); if ($curlResult->isSuccess()) { $j = json_decode($curlResult->getBody(), true); diff --git a/src/Network/HTTPRequest.php b/src/Network/HTTPRequest.php index df62ea454..93ce86c87 100644 --- a/src/Network/HTTPRequest.php +++ b/src/Network/HTTPRequest.php @@ -141,6 +141,7 @@ class HTTPRequest implements IHTTPRequest curl_setopt($ch, CURLOPT_ENCODING, ''); if (!empty($opts['headers'])) { + $this->logger->warning('Wrong option \'headers\' used.'); @curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']); } diff --git a/src/Util/HTTPSignature.php b/src/Util/HTTPSignature.php index 2b98b1a32..e3244fade 100644 --- a/src/Util/HTTPSignature.php +++ b/src/Util/HTTPSignature.php @@ -411,7 +411,7 @@ class HTTPSignature */ public static function fetchRaw($request, $uid = 0, $binary = false, $opts = []) { - $headers = []; + $header = []; if (!empty($uid)) { $owner = User::getOwnerDataById($uid); @@ -431,21 +431,21 @@ class HTTPSignature $path = parse_url($request, PHP_URL_PATH); $date = DateTimeFormat::utcNow(DateTimeFormat::HTTP); - $headers = ['Date: ' . $date, 'Host: ' . $host]; + $header = ['Date: ' . $date, 'Host: ' . $host]; $signed_data = "(request-target): get " . $path . "\ndate: ". $date . "\nhost: " . $host; $signature = base64_encode(Crypto::rsaSign($signed_data, $owner['uprvkey'], 'sha256')); - $headers[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",algorithm="rsa-sha256",headers="(request-target) date host",signature="' . $signature . '"'; + $header[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",algorithm="rsa-sha256",headers="(request-target) date host",signature="' . $signature . '"'; } if (!empty($opts['accept_content'])) { - $headers[] = 'Accept: ' . $opts['accept_content']; + $header[] = 'Accept: ' . $opts['accept_content']; } $curl_opts = $opts; - $curl_opts['header'] = $headers; + $curl_opts['header'] = $header; if ($opts['nobody']) { $curlResult = DI::httpRequest()->head($request, $curl_opts);