Disable signature verification due to a problem on Fitbit's side.

author Florian Forster <ff@octo.it>

Thu, 1 Feb 2018 07:16:36 +0000 (08:16 +0100)

committer Florian Forster <ff@octo.it>

Thu, 1 Feb 2018 07:16:36 +0000 (08:16 +0100)
author Florian Forster <ff@octo.it>
Thu, 1 Feb 2018 07:16:36 +0000 (08:16 +0100)
committer Florian Forster <ff@octo.it>
Thu, 1 Feb 2018 07:16:36 +0000 (08:16 +0100)
diff --git a/kraftakt.go b/kraftakt.go

index d53a3a3..e2318e7 100644 (file)
--- a/kraftakt.go
+++ b/kraftakt.go
@@ -258,9 +258,13 @@ func fitbitNotifyHandler(ctx context.Context, w http.ResponseWriter, r *http.Req
         // Fitbit recommendation: "If signature verification fails, you should
         // respond with a 404"
         if !fitbit.CheckSignature(ctx, data, r.Header.Get("X-Fitbit-Signature")) {
-               log.Errorf(ctx, "signature mismatch")
-               w.WriteHeader(http.StatusNotFound)
-               return nil
+               /*
+                       log.Errorf(ctx, "signature mismatch")
+                       w.WriteHeader(http.StatusNotFound)
+                       return nil
+               */
+       } else {
+               log.Warningf(ctx, "TODO(octo): re-enable signature checking, see https://community.fitbit.com/t5/Web-API-Development/Push-notification-signatures-are-currently-invalid/m-p/2496159")
         }
  
         if err := delayedHandleNotifications.Call(ctx, data); err != nil {
author	Florian Forster <ff@octo.it>
	Thu, 1 Feb 2018 07:16:36 +0000 (08:16 +0100)
committer	Florian Forster <ff@octo.it>
	Thu, 1 Feb 2018 07:16:36 +0000 (08:16 +0100)