Differential D14026 Diff 33933 src/applications/metamta/controller/PhabricatorMetaMTAMailgunReceiveController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/metamta/controller/PhabricatorMetaMTAMailgunReceiveController.php
| <?php | <?php | ||||
| final class PhabricatorMetaMTAMailgunReceiveController | final class PhabricatorMetaMTAMailgunReceiveController | ||||
| extends PhabricatorMetaMTAController { | extends PhabricatorMetaMTAController { | ||||
| public function shouldRequireLogin() { | public function shouldRequireLogin() { | ||||
| return false; | return false; | ||||
| } | } | ||||
| private function verifyMessage() { | private function verifyMessage() { | ||||
| $api_key = PhabricatorEnv::getEnvConfig('mailgun.api-key'); | $api_key = PhabricatorEnv::getEnvConfig('mailgun.api-key'); | ||||
| $request = $this->getRequest(); | $request = $this->getRequest(); | ||||
| $timestamp = $request->getStr('timestamp'); | $timestamp = $request->getStr('timestamp'); | ||||
| $token = $request->getStr('token'); | $token = $request->getStr('token'); | ||||
| $sig = $request->getStr('signature'); | $sig = $request->getStr('signature'); | ||||
| return hash_hmac('sha256', $timestamp.$token, $api_key) == $sig; | $hash = hash_hmac('sha256', $timestamp.$token, $api_key); | ||||
| return phutil_hashes_are_identical($sig, $hash); | |||||
| } | } | ||||
| public function processRequest() { | public function processRequest() { | ||||
| // No CSRF for Mailgun. | // No CSRF for Mailgun. | ||||
| $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | ||||
| if (!$this->verifyMessage()) { | if (!$this->verifyMessage()) { | ||||
| throw new Exception( | throw new Exception( | ||||
| pht('Mail signature is not valid. Check your Mailgun API key.')); | pht('Mail signature is not valid. Check your Mailgun API key.')); | ||||
| ▲ Show 20 Lines • Show All 50 Lines • Show Last 20 Lines | |||||