aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/api/signature/payload.rs6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/api/signature/payload.rs b/src/api/signature/payload.rs
index b50fb3bb..4a84610c 100644
--- a/src/api/signature/payload.rs
+++ b/src/api/signature/payload.rs
@@ -350,9 +350,9 @@ pub async fn verify_v4(
)
.ok_or_internal_error("Unable to build signing HMAC")?;
hmac.update(payload);
- let our_signature = hex::encode(hmac.finalize().into_bytes());
- if signature != our_signature {
- return Err(Error::forbidden("Invalid signature".to_string()));
+ let signature = hex::decode(&signature).map_err(|_| Error::forbidden("Invalid signature"))?;
+ if hmac.verify_slice(&signature).is_err() {
+ return Err(Error::forbidden("Invalid signature"));
}
Ok(key)