From ae2a8b796c4805f35fcf4d7ca36803995d48d54c Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Tue, 15 Jan 2019 06:31:12 +0000
Subject: [PATCH] Avoid a notice in HTTP signature check, preparation for
 authentication

---
 src/Module/Objects.php     |  4 ++++
 src/Module/Outbox.php      |  4 ++++
 src/Util/HTTPSignature.php | 17 ++++++++++++-----
 3 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/src/Module/Objects.php b/src/Module/Objects.php
index e6dfb6a28e..3f8aea0d01 100644
--- a/src/Module/Objects.php
+++ b/src/Module/Objects.php
@@ -9,6 +9,7 @@ use Friendica\Protocol\ActivityPub;
 use Friendica\Core\System;
 use Friendica\Model\Item;
 use Friendica\Database\DBA;
+use Friendica\Util\HTTPSignature;
 
 /**
  * ActivityPub Objects
@@ -27,6 +28,9 @@ class Objects extends BaseModule
 			$a->internalRedirect(str_replace('objects/', 'display/', $a->query_string));
 		}
 
+		/// @todo Add Authentication to enable fetching of non public content
+		// $requester = HTTPSignature::getSigner('', $_SERVER);
+
 		$item = Item::selectFirst(['id'], ['guid' => $a->argv[1], 'origin' => true, 'private' => false]);
 		if (!DBA::isResult($item)) {
 			System::httpExit(404);
diff --git a/src/Module/Outbox.php b/src/Module/Outbox.php
index 681d1cccb1..41e10757f1 100644
--- a/src/Module/Outbox.php
+++ b/src/Module/Outbox.php
@@ -8,6 +8,7 @@ use Friendica\BaseModule;
 use Friendica\Protocol\ActivityPub;
 use Friendica\Core\System;
 use Friendica\Model\User;
+use Friendica\Util\HTTPSignature;
 
 /**
  * ActivityPub Outbox
@@ -29,6 +30,9 @@ class Outbox extends BaseModule
 
 		$page = defaults($_REQUEST, 'page', null);
 
+		/// @todo Add Authentication to enable fetching of non public content
+		// $requester = HTTPSignature::getSigner('', $_SERVER);
+
 		$outbox = ActivityPub\Transmitter::getOutbox($owner, $page);
 
 		header('Content-Type: application/activity+json');
diff --git a/src/Util/HTTPSignature.php b/src/Util/HTTPSignature.php
index db1ea90dcb..b54f500512 100644
--- a/src/Util/HTTPSignature.php
+++ b/src/Util/HTTPSignature.php
@@ -217,7 +217,7 @@ class HTTPSignature
 			$ret['signature'] = base64_decode(preg_replace('/\s+/', '', $matches[1]));
 		}
 
-		if (($ret['signature']) && ($ret['algorithm']) && (!$ret['headers'])) {
+		if (!empty($ret['signature']) && !empty($ret['algorithm']) && empty($ret['headers'])) {
 			$ret['headers'] = ['date'];
 		}
 
@@ -376,13 +376,20 @@ class HTTPSignature
 	 */
 	public static function getSigner($content, $http_headers)
 	{
-		$object = json_decode($content, true);
-
-		if (empty($object)) {
+		if (empty($http_headers['HTTP_SIGNATURE'])) {
 			return false;
 		}
 
-		$actor = JsonLD::fetchElement($object, 'actor', 'id');
+		if (!empty($content)) {
+			$object = json_decode($content, true);
+			if (empty($object)) {
+				return false;
+			}
+
+			$actor = JsonLD::fetchElement($object, 'actor', 'id');
+		} else {
+			$actor = '';
+		}
 
 		$headers = [];
 		$headers['(request-target)'] = strtolower($http_headers['REQUEST_METHOD']) . ' ' . $http_headers['REQUEST_URI'];