From bafd22ecf487774c252a271d668716b0e1c84c6c Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Wed, 3 May 2017 17:02:18 +0200
Subject: Fix #2706 - Always respond with 200 to PuSH payloads (#2733)

Fix #2196 - Respond with 201 when Salmon accepted, 400 when unverified
Fix #2629 - Correctly handle confirm_domain? for local accounts
Unify rules for extracting author acct from XML, prefer <email>, fall back
to <name> + <uri> (see also #2017, #2172)
---
 app/services/verify_salmon_service.rb | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 app/services/verify_salmon_service.rb

(limited to 'app/services/verify_salmon_service.rb')

diff --git a/app/services/verify_salmon_service.rb b/app/services/verify_salmon_service.rb
new file mode 100644
index 000000000..cd674837d
--- /dev/null
+++ b/app/services/verify_salmon_service.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+class VerifySalmonService < BaseService
+  include AuthorExtractor
+
+  def call(payload)
+    body = salmon.unpack(payload)
+
+    xml = Nokogiri::XML(body)
+    xml.encoding = 'utf-8'
+
+    account = author_from_xml(xml.at_xpath('/xmlns:entry', xmlns: TagManager::XMLNS))
+
+    if account.nil?
+      false
+    else
+      salmon.verify(payload, account.keypair)
+    end
+  end
+
+  private
+
+  def salmon
+    @salmon ||= OStatus2::Salmon.new
+  end
+end
-- 
cgit