Ppchelko has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/390220 )
Change subject: Hash the JWT signature to avoid too big signatures
......................................................................
Hash the JWT signature to avoid too big signatures
Change-Id: I75b4be6fc031f480f0509eb31b9fa14d1a3855eb
---
M JobQueueEventBus.php
M SpecialRunSingleJob.php
2 files changed, 3 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/EventBus
refs/changes/20/390220/1
diff --git a/JobQueueEventBus.php b/JobQueueEventBus.php
index 2674678..70f13fb 100644
--- a/JobQueueEventBus.php
+++ b/JobQueueEventBus.php
@@ -62,7 +62,7 @@
*/
private static function getEventSignature( $event ) {
$secret =
MediaWikiServices::getInstance()->getMainConfig()->get( 'SecretKey' );
- return JWT::encode( $event, $secret );
+ return hash( 'sha256', JWT::encode( $event, $secret ) );
}
/**
diff --git a/SpecialRunSingleJob.php b/SpecialRunSingleJob.php
index 93e0b51..cd7ecc7 100644
--- a/SpecialRunSingleJob.php
+++ b/SpecialRunSingleJob.php
@@ -83,10 +83,10 @@
}
$signature = $event['mediawiki_signature'];
unset( $event['mediawiki_signature'] );
- $expected_signature = JWT::encode(
+ $expected_signature = hash( 'sha256', JWT::encode(
$event,
MediaWikiServices::getInstance()->getMainConfig()->get(
'SecretKey' )
- );
+ ) );
if ( !hash_equals( $expected_signature, $signature ) ) {
wfHttpError( 403, 'Forbidden', 'Invalid mediawiki
signature' );
return;
--
To view, visit https://gerrit.wikimedia.org/r/390220
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I75b4be6fc031f480f0509eb31b9fa14d1a3855eb
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/EventBus
Gerrit-Branch: master
Gerrit-Owner: Ppchelko <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
