From: Florian Forster Date: Wed, 7 Feb 2018 12:25:28 +0000 (+0100) Subject: Re-enable signature checking. X-Git-Url: https://git.verplant.org/?a=commitdiff_plain;h=b2a4c7b34862646d55add7c416362360cf383de5;p=kraftakt.git Re-enable signature checking. Reverts: bb0ee5050d834e438b67306c8e98d810478b3a08 --- diff --git a/kraftakt.go b/kraftakt.go index 40f0546..72389bd 100644 --- a/kraftakt.go +++ b/kraftakt.go @@ -258,13 +258,9 @@ func fitbitNotifyHandler(ctx context.Context, w http.ResponseWriter, r *http.Req // Fitbit recommendation: "If signature verification fails, you should // respond with a 404" if !fitbit.CheckSignature(ctx, data, r.Header.Get("X-Fitbit-Signature")) { - /* - log.Errorf(ctx, "signature mismatch") - w.WriteHeader(http.StatusNotFound) - return nil - */ - } else { - log.Warningf(ctx, "TODO(octo): re-enable signature checking, see https://community.fitbit.com/t5/Web-API-Development/Push-notification-signatures-are-currently-invalid/m-p/2496159") + log.Errorf(ctx, "signature mismatch") + w.WriteHeader(http.StatusNotFound) + return nil } if err := delayedHandleNotifications.Call(ctx, data); err != nil {