Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use a more explicit signature verification #1078

Merged
merged 19 commits into from
Dec 17, 2024
Merged

Use a more explicit signature verification #1078

merged 19 commits into from
Dec 17, 2024

Conversation

pfefferle
Copy link
Member

This is a proposal to use the permission_callback, instead of a general hook, to verify signatures.

The advantage is, that it is easier to enable/disable verification for specific endpoints this way.

See #1077

@pfefferle
Use a more explicit signature verification
f141c7a 
This is a proposal to use the `permission_callback`, instead of a general hook, to verify signatures.

The advantage is, that it is easier to enable/disable verification for specific endpoints this way.

See #1077
@pfefferle pfefferle requested a review from a team December 13, 2024 10:08
@pfefferle
Copy link
Member Author

@mediaformat any idea why we have not used it in the first place?

@akirk akirk mentioned this pull request Dec 13, 2024
Open
jeherve
jeherve reviewed Dec 13, 2024
View reviewed changes
includes/rest/class-server.php Outdated Show resolved Hide resolved
includes/rest/class-server.php Outdated Show resolved Hide resolved
@pfefferle pfefferle requested review from akirk and jeherve December 13, 2024 12:01
@pfefferle pfefferle self-assigned this Dec 13, 2024
@pfefferle pfefferle marked this pull request as ready for review December 13, 2024 14:11
@mediaformat
Copy link
Contributor

@mediaformat any idea why we have not used it in the first place?

The callbacks use is more granular but I think that makes sense!

@pfefferle pfefferle requested review from obenland and a team December 13, 2024 17:20
@pfefferle
Copy link
Member Author

@Automattic/fediverse we really should merge this ASAP. I forgot that I enabled "Authorized-Fetch" in my test system, so it took me some time, to figure out, why the likes/repost widgets won't be displayed!

pfefferle and others added 2 commits December 16, 2024 16:45
@pfefferle @obenland
Update includes/rest/class-server.php
526a3c8 
Co-authored-by: Konstantin Obenland <[email protected]>
@pfefferle @obenland
Update includes/rest/class-server.php
49d66ef 
Co-authored-by: Konstantin Obenland <[email protected]>
@obenland
Copy link
Member

I think 1cffea7 went a bit too far. My feedback was specifically about the signature_verification method, the other hooks and function names were fine as they were.

@pfefferle
Copy link
Member Author

oops, I think I have not checked the search/replace properly enough! 🫣

@obenland
Copy link
Member

Do existing unit tests cover the change or should there be new ones added?

@pfefferle
Copy link
Member Author

@obenland there were test for all parts in the stack, but I added one that integrates all of them.

obenland
obenland approved these changes Dec 17, 2024
View reviewed changes
Copy link
Member

@obenland obenland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💖

@pfefferle pfefferle merged commit f080cbd into trunk Dec 17, 2024
24 checks passed
@pfefferle pfefferle deleted the improve/api-authorisation branch December 17, 2024 14:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@obenland obenland obenland approved these changes

@akirk akirk Awaiting requested review from akirk

@jeherve jeherve Awaiting requested review from jeherve

Assignees

@pfefferle pfefferle

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pfefferle @mediaformat @obenland @jeherve