diff --git a/api/funkwhale_api/federation/factories.py b/api/funkwhale_api/federation/factories.py index 971c774a7a7e1e6cabeba839ac38c4a94028cc7e..574560f0df0dc8957438b108acfa06983cab8fea 100644 --- a/api/funkwhale_api/federation/factories.py +++ b/api/funkwhale_api/federation/factories.py @@ -20,10 +20,11 @@ class SignatureAuthFactory(factory.Factory): algorithm = "rsa-sha256" key = factory.LazyFunction(lambda: keys.get_key_pair()[0]) key_id = factory.Faker("url") + use_auth_header = False headers = ["(request-target)", "user-agent", "host", "date", "accept"] class Meta: - model = requests_http_signature.HTTPSignatureHeaderAuth + model = requests_http_signature.HTTPSignatureAuth @registry.register(name="federation.SignedRequest") diff --git a/api/funkwhale_api/federation/signing.py b/api/funkwhale_api/federation/signing.py index 17a0228a4bb4e352126524ad92369c4879fbd19a..b69c486682bf06cbcba520ecf2c62d8c662e0d84 100644 --- a/api/funkwhale_api/federation/signing.py +++ b/api/funkwhale_api/federation/signing.py @@ -46,7 +46,7 @@ def verify(request, public_key): verify_date(date) try: return requests_http_signature.HTTPSignatureAuth.verify( - request, key_resolver=lambda **kwargs: public_key, scheme="Signature" + request, key_resolver=lambda **kwargs: public_key, use_auth_header=False ) except cryptography.exceptions.InvalidSignature: logger.warning( @@ -98,7 +98,8 @@ def verify_django(django_request, public_key): def get_auth(private_key, private_key_id): - return requests_http_signature.HTTPSignatureHeaderAuth( + return requests_http_signature.HTTPSignatureAuth( + use_auth_header=False, headers=["(request-target)", "user-agent", "host", "date"], algorithm="rsa-sha256", key=private_key.encode("utf-8"), diff --git a/api/requirements/base.txt b/api/requirements/base.txt index 4b8d6c688905893c3da1346b3e7b4ad06f9846b6..db6d43eaaffac1533cf356b3a6f5d5d8cda84c71 100644 --- a/api/requirements/base.txt +++ b/api/requirements/base.txt @@ -45,7 +45,9 @@ uvicorn[standard]~=0.12.0 gunicorn~=20.0.0 cryptography~=2.9.0 -requests-http-signature==0.2.0 +# requests-http-signature==0.0.3 +# clone until the branch is merged and released upstream +git+https://github.com/agateblue/requests-http-signature.git@signature-header-support django-cleanup~=5.0.0 requests~=2.24.0 pyOpenSSL~=19.1.0