Differential D19017 Diff 45613 src/applications/metamta/controller/PhabricatorMetaMTAMailgunReceiveController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/metamta/controller/PhabricatorMetaMTAMailgunReceiveController.php
Show All 11 Lines | private function verifyMessage() { | ||||
$timestamp = $request->getStr('timestamp'); | $timestamp = $request->getStr('timestamp'); | ||||
$token = $request->getStr('token'); | $token = $request->getStr('token'); | ||||
$sig = $request->getStr('signature'); | $sig = $request->getStr('signature'); | ||||
// An install may configure multiple Mailgun mailers, and we might receive | // An install may configure multiple Mailgun mailers, and we might receive | ||||
// inbound mail from any of them. Test the signature to see if it matches | // inbound mail from any of them. Test the signature to see if it matches | ||||
// any configured Mailgun mailer. | // any configured Mailgun mailer. | ||||
$mailers = PhabricatorMetaMTAMail::newMailers(); | $mailers = PhabricatorMetaMTAMail::newMailersWithTypes( | ||||
$mailgun_type = PhabricatorMailImplementationMailgunAdapter::ADAPTERTYPE; | array( | ||||
PhabricatorMailImplementationMailgunAdapter::ADAPTERTYPE, | |||||
)); | |||||
foreach ($mailers as $mailer) { | foreach ($mailers as $mailer) { | ||||
if ($mailer->getAdapterType() != $mailgun_type) { | |||||
continue; | |||||
} | |||||
$api_key = $mailer->getOption('api-key'); | $api_key = $mailer->getOption('api-key'); | ||||
$hash = hash_hmac('sha256', $timestamp.$token, $api_key); | $hash = hash_hmac('sha256', $timestamp.$token, $api_key); | ||||
if (phutil_hashes_are_identical($sig, $hash)) { | if (phutil_hashes_are_identical($sig, $hash)) { | ||||
return true; | return true; | ||||
} | } | ||||
} | } | ||||
return false; | return false; | ||||
} | } | ||||
▲ Show 20 Lines • Show All 74 Lines • Show Last 20 Lines |