From: Claire <claire.github-309c@sitedethib.com>
Date: Fri, 26 Feb 2021 16:40:27 +0000 (+0100)
Subject: Fix crash on receiving requests with missing Digest header (#15782)
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=75189af5287210581b38ff4257b58d9972f459b8;p=mastodon.git

Fix crash on receiving requests with missing Digest header (#15782)

* Fix crash on receiving requests with missing Digest header

Return an error pointing out that Digest is missing, instead of crashing.

Fixes #15743

* Fix from review feedback
---

diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb
index fc3978fbb..4dd0cac55 100644
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@@ -133,6 +133,7 @@ module SignatureVerification
 
   def verify_body_digest!
     return unless signed_headers.include?('digest')
+    raise SignatureVerificationError, 'Digest header missing' unless request.headers.key?('Digest')
 
     digests = request.headers['Digest'].split(',').map { |digest| digest.split('=', 2) }.map { |key, value| [key.downcase, value] }
     sha256  = digests.assoc('sha-256')