diff --git a/src/Module/Magic.php b/src/Module/Magic.php index 45fde43f64..12747dca7c 100644 --- a/src/Module/Magic.php +++ b/src/Module/Magic.php @@ -88,9 +88,10 @@ class Magic extends BaseModule $exp = explode('/profile/', $contact['url']); $basepath = $exp[0]; - $header = []; - $header['Accept'] = 'application/x-dfrn+json, application/x-zot+json'; - $header['X-Open-Web-Auth'] = Strings::getRandomHex(); + $header = [ + 'Accept' => ['application/x-dfrn+json', 'application/x-zot+json'], + 'X-Open-Web-Auth' => [Strings::getRandomHex()], + ]; // Create a header that is signed with the local users private key. $header = HTTPSignature::createSig( diff --git a/src/Util/HTTPSignature.php b/src/Util/HTTPSignature.php index cf3e1294f2..eab778b820 100644 --- a/src/Util/HTTPSignature.php +++ b/src/Util/HTTPSignature.php @@ -140,6 +140,9 @@ class HTTPSignature public static function createSig($head, $prvkey, $keyid = 'Key') { $return_headers = []; + if (!empty($head)) { + $return_headers = $head; + } $alg = 'sha512'; $algorithm = 'rsa-sha512'; @@ -149,15 +152,7 @@ class HTTPSignature $headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"'; - $sighead = 'Authorization: Signature ' . $headerval; - - if ($head) { - foreach ($head as $k => $v) { - $return_headers[] = $k . ': ' . $v; - } - } - - $return_headers[] = $sighead; + $return_headers['Authorization'] = ['Signature ' . $headerval]; return $return_headers; } @@ -176,6 +171,9 @@ class HTTPSignature $fields = ''; foreach ($head as $k => $v) { + if (is_array($v)) { + $v = implode(', ', $v); + } $headers .= strtolower($k) . ': ' . trim($v) . "\n"; if ($fields) { $fields .= ' '; diff --git a/tests/src/Util/HTTPSignatureTest.php b/tests/src/Util/HTTPSignatureTest.php index 02f04ec01c..a2d1389759 100644 --- a/tests/src/Util/HTTPSignatureTest.php +++ b/tests/src/Util/HTTPSignatureTest.php @@ -124,8 +124,8 @@ G1vVmRgkLDqhc4+r3wDz3qy6JpV7tg== -----END PRIVATE KEY-----', 'keyId' => 'acct:admin@friendica.local', 'header' => [ - 'Accept' => 'application/x-dfrn+json, application/x-zot+json', - 'X-Open-Web-Auth' => '1dde649b855fd1aae542a91c4edd8c3a7a4c59d8eaf3136cdee05dfc16a30bac', + 'Accept' => ['application/x-dfrn+json', 'application/x-zot+json'], + 'X-Open-Web-Auth' => ['1dde649b855fd1aae542a91c4edd8c3a7a4c59d8eaf3136cdee05dfc16a30bac'], ], 'signature' => 'Signature keyId="acct:admin@friendica.local",algorithm="rsa-sha512",headers="accept x-open-web-auth",signature="cb09/wdmRdFhrQUczL0lR6LTkVh8qb/vYh70DFCW40QrzvuUYHzJ+GqqJW6tcCb2rXP4t+aobWKfZ4wFMBtVbejAiCgF01pzEBJfDevdyu7khlfKo+Gtw1CGk4/0so1QmqASeHdlG3ID3GnmuovqZn2v5f5D+1UAJ6Pu6mtAXrGRntoEM/oqYBAsRrMtDSDAE4tnOSDu2YfVJJLfyUX1ZWjUK0ejZXZ0YTDJwU8PqRcRX17NhBaDq82dEHlfhD7I/aOclwVbfKIi5Ud619XCxPq0sAAYso17MhUm40oBCJVze2x4pswJhv9IFYohtR5G/fKkz2eosu3xeRflvGicS4JdclhTRgCGWDy10DV76FiXiS5N2clLXreHItWEXlZKZx6m9zAZoEX92VRnc4BY4jDsRR89Pl88hELaxiNipviyHS7XYZTRnkLM+nvtOcxkHSCbEs7oGw+AX+pLHoU5otNOqy+ZbXQ1cUvFOBYZmYdX3DiWaLfBKraakPkslJuU3yJu95X1qYmQTpOZDR4Ma/yf5fmWJh5D9ywnXxxd6RaupoO6HTtIl6gmsfcsyZNi5hRbbgPI3BiQwGYVGF6qzJpEOMzEyHyAuFeanhicc8b+P+DCwXni5sjM7ntKwShbCBP80KHSdoumORin3/PYgHCmHZVv71N0HNlPZnyVzZw="', ] @@ -147,7 +147,6 @@ G1vVmRgkLDqhc4+r3wDz3qy6JpV7tg== public function testSignHeader(string $privKey, string $keyId, array $header, string $signature) { $signed = HTTPSignature::createSig($header, $privKey, $keyId); - print_r($signed); - self::assertEquals($signature, substr($signed[2], strlen('Authorization: '))); + self::assertEquals($signature, $signed['Authorization'][0]); } }