about summary refs log tree commit diff
path: root/app/controllers/api
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2017-05-03 17:02:18 +0200
committerGitHub <noreply@github.com>2017-05-03 17:02:18 +0200
commitbafd22ecf487774c252a271d668716b0e1c84c6c (patch)
treebda1f7d712b3d0094595b56261a36b38034d345b /app/controllers/api
parentdd9d57300ba3b6df91ef6398d8c369437cc2a9c7 (diff)
Fix #2706 - Always respond with 200 to PuSH payloads (#2733)
Fix #2196 - Respond with 201 when Salmon accepted, 400 when unverified
Fix #2629 - Correctly handle confirm_domain? for local accounts
Unify rules for extracting author acct from XML, prefer <email>, fall back
to <name> + <uri> (see also #2017, #2172)
Diffstat (limited to 'app/controllers/api')
-rw-r--r--app/controllers/api/salmon_controller.rb14
-rw-r--r--app/controllers/api/subscriptions_controller.rb5
2 files changed, 11 insertions, 8 deletions
diff --git a/app/controllers/api/salmon_controller.rb b/app/controllers/api/salmon_controller.rb
index a7872d542..7fc5e548d 100644
--- a/app/controllers/api/salmon_controller.rb
+++ b/app/controllers/api/salmon_controller.rb
@@ -5,13 +5,13 @@ class Api::SalmonController < ApiController
   respond_to :txt
 
   def update
-    body = request.body.read
+    payload = request.body.read
 
-    if body.nil?
-      head 200
-    else
-      SalmonWorker.perform_async(@account.id, body.force_encoding('UTF-8'))
+    if !payload.nil? && verify?(payload)
+      SalmonWorker.perform_async(@account.id, payload.force_encoding('UTF-8'))
       head 201
+    else
+      head 202
     end
   end
 
@@ -20,4 +20,8 @@ class Api::SalmonController < ApiController
   def set_account
     @account = Account.find(params[:id])
   end
+
+  def verify?(payload)
+    VerifySalmonService.new.call(payload)
+  end
 end
diff --git a/app/controllers/api/subscriptions_controller.rb b/app/controllers/api/subscriptions_controller.rb
index 51c476436..135a5632e 100644
--- a/app/controllers/api/subscriptions_controller.rb
+++ b/app/controllers/api/subscriptions_controller.rb
@@ -19,10 +19,9 @@ class Api::SubscriptionsController < ApiController
 
     if subscription.verify(body, request.headers['HTTP_X_HUB_SIGNATURE'])
       ProcessingWorker.perform_async(@account.id, body.force_encoding('UTF-8'))
-      head 201
-    else
-      head 202
     end
+
+    head 200
   end
 
   private