If WP_REST_Request set actor for get_remote_key()

This commit is contained in:
Django Doucet 2023-05-10 19:46:52 -06:00
parent ca8aff1823
commit fc1b89561e

View file

@ -143,10 +143,12 @@ class Signature {
public static function verify_http_signature( $request ) { public static function verify_http_signature( $request ) {
if ( is_object( $request ) ) { // REST Request object if ( is_object( $request ) ) { // REST Request object
$headers = $request->get_headers(); $headers = $request->get_headers();
$actor = isset( json_decode( $request->get_body() )->actor ) ? json_decode( $request->get_body() )->actor : '';
$headers['(request-target)'][0] = strtolower( $request->get_method() ) . ' /' . rest_get_url_prefix() . $request->get_route(); $headers['(request-target)'][0] = strtolower( $request->get_method() ) . ' /' . rest_get_url_prefix() . $request->get_route();
} else { } else {
$request = self::format_server_request( $request ); $request = self::format_server_request( $request );
$headers = $request['headers']; // $_SERVER array $headers = $request['headers']; // $_SERVER array
$actor = null;
$headers['(request-target)'][0] = strtolower( $headers['request_method'][0] ) . ' ' . $headers['request_uri'][0]; $headers['(request-target)'][0] = strtolower( $headers['request_method'][0] ) . ' ' . $headers['request_uri'][0];
} }
@ -196,7 +198,11 @@ class Signature {
} }
} }
$public_key = self::get_remote_key( $signature_block['keyId'] ); if ( $actor ) {
$public_key = self::get_remote_key( $actor );
} else {
$public_key = self::get_remote_key( $signature_block['keyId'] );
}
if ( \is_wp_error( $public_key ) ) { if ( \is_wp_error( $public_key ) ) {
return $public_key; return $public_key;
} }