# HG changeset patch # User Kim Alvefur # Date 1296513145 -3600 # Node ID 100b3ad2e10c2e3db6882ef01d6e7576a7a533ac # Parent 433bf7dc3e7af917ace3ebfa3bbb4fd20ff5e21a mod_pubsub_feed: Fix verify_token checking. diff -r 433bf7dc3e7a -r 100b3ad2e10c mod_pubsub_feed/mod_pubsub_feed.lua --- a/mod_pubsub_feed/mod_pubsub_feed.lua Mon Jan 31 23:11:47 2011 +0100 +++ b/mod_pubsub_feed/mod_pubsub_feed.lua Mon Jan 31 23:32:25 2011 +0100 @@ -62,6 +62,7 @@ ["200"] = "OK"; ["202"] = "Accepted"; ["400"] = "Bad Request"; + ["403"] = "Forbidden"; ["404"] = "Not Found"; ["501"] = "Not Implemented"; }; @@ -163,13 +164,13 @@ end function subscribe(feed) - local token = uuid(); + feed.token = uuid(); local _body, body = { ["hub.callback"] = "http://"..module.host..":5280/callback?node=" .. urlencode(feed.node); --FIXME figure out your own hostname reliably? ["hub.mode"] = "subscribe"; --TODO unsubscribe ["hub.topic"] = feed.url; ["hub.verify"] = "async"; - ["hub.verify_token"] = token; + ["hub.verify_token"] = feed.token; --["hub.secret"] = ""; -- TODO http://pubsubhubbub.googlecode.com/svn/trunk/pubsubhubbub-core-0.3.html#authednotify --["hub.lease_seconds"] = ""; }, { }; @@ -211,9 +212,9 @@ -- it would probably invalidate the subscription -- when/if the hub asks if it should be renewed end - if query["hub.verify"] ~= feed.token then - module:log("debug", "Invalid verify_token: %s", tostring(query["hub.verify"])) - return http_response(401) + if query["hub.verify_token"] ~= feed.token then + module:log("debug", "Invalid verify_token: %s", tostring(query["hub.verify_token"])) + return http_response(403) end module:log("debug", "Confirming %s request to %s", feed.subscription, feed.url) return http_response(200, nil, query["hub.challenge"])