Differential D19017 Diff 45613 src/applications/metamta/controller/PhabricatorMetaMTAMailgunReceiveController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/metamta/controller/PhabricatorMetaMTAMailgunReceiveController.php
| Show All 11 Lines | private function verifyMessage() { | ||||
| $timestamp = $request->getStr('timestamp'); | $timestamp = $request->getStr('timestamp'); | ||||
| $token = $request->getStr('token'); | $token = $request->getStr('token'); | ||||
| $sig = $request->getStr('signature'); | $sig = $request->getStr('signature'); | ||||
| // An install may configure multiple Mailgun mailers, and we might receive | // An install may configure multiple Mailgun mailers, and we might receive | ||||
| // inbound mail from any of them. Test the signature to see if it matches | // inbound mail from any of them. Test the signature to see if it matches | ||||
| // any configured Mailgun mailer. | // any configured Mailgun mailer. | ||||
| $mailers = PhabricatorMetaMTAMail::newMailers(); | $mailers = PhabricatorMetaMTAMail::newMailersWithTypes( | ||||
| $mailgun_type = PhabricatorMailImplementationMailgunAdapter::ADAPTERTYPE; | array( | ||||
| PhabricatorMailImplementationMailgunAdapter::ADAPTERTYPE, | |||||
| )); | |||||
| foreach ($mailers as $mailer) { | foreach ($mailers as $mailer) { | ||||
| if ($mailer->getAdapterType() != $mailgun_type) { | |||||
| continue; | |||||
| } | |||||
| $api_key = $mailer->getOption('api-key'); | $api_key = $mailer->getOption('api-key'); | ||||
| $hash = hash_hmac('sha256', $timestamp.$token, $api_key); | $hash = hash_hmac('sha256', $timestamp.$token, $api_key); | ||||
| if (phutil_hashes_are_identical($sig, $hash)) { | if (phutil_hashes_are_identical($sig, $hash)) { | ||||
| return true; | return true; | ||||
| } | } | ||||
| } | } | ||||
| return false; | return false; | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 74 Lines • Show Last 20 Lines | |||||