From f7b5214fa7351a49aa82017de79a99fb3d8bc482 Mon Sep 17 00:00:00 2001
From: Georg Krause <mail@georg-krause.net>
Date: Sun, 28 Feb 2021 20:34:25 +0100
Subject: [PATCH] Revert "Merge branch '876-http-signature' into 'develop'"

This reverts merge request !1120
---
 api/funkwhale_api/federation/factories.py | 3 ++-
 api/funkwhale_api/federation/signing.py   | 5 +++--
 api/requirements/base.txt                 | 4 +++-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/api/funkwhale_api/federation/factories.py b/api/funkwhale_api/federation/factories.py
index 971c774a7a..574560f0df 100644
--- a/api/funkwhale_api/federation/factories.py
+++ b/api/funkwhale_api/federation/factories.py
@@ -20,10 +20,11 @@ class SignatureAuthFactory(factory.Factory):
     algorithm = "rsa-sha256"
     key = factory.LazyFunction(lambda: keys.get_key_pair()[0])
     key_id = factory.Faker("url")
+    use_auth_header = False
     headers = ["(request-target)", "user-agent", "host", "date", "accept"]
 
     class Meta:
-        model = requests_http_signature.HTTPSignatureHeaderAuth
+        model = requests_http_signature.HTTPSignatureAuth
 
 
 @registry.register(name="federation.SignedRequest")
diff --git a/api/funkwhale_api/federation/signing.py b/api/funkwhale_api/federation/signing.py
index 17a0228a4b..b69c486682 100644
--- a/api/funkwhale_api/federation/signing.py
+++ b/api/funkwhale_api/federation/signing.py
@@ -46,7 +46,7 @@ def verify(request, public_key):
     verify_date(date)
     try:
         return requests_http_signature.HTTPSignatureAuth.verify(
-            request, key_resolver=lambda **kwargs: public_key, scheme="Signature"
+            request, key_resolver=lambda **kwargs: public_key, use_auth_header=False
         )
     except cryptography.exceptions.InvalidSignature:
         logger.warning(
@@ -98,7 +98,8 @@ def verify_django(django_request, public_key):
 
 
 def get_auth(private_key, private_key_id):
-    return requests_http_signature.HTTPSignatureHeaderAuth(
+    return requests_http_signature.HTTPSignatureAuth(
+        use_auth_header=False,
         headers=["(request-target)", "user-agent", "host", "date"],
         algorithm="rsa-sha256",
         key=private_key.encode("utf-8"),
diff --git a/api/requirements/base.txt b/api/requirements/base.txt
index 4b8d6c6889..db6d43eaaf 100644
--- a/api/requirements/base.txt
+++ b/api/requirements/base.txt
@@ -45,7 +45,9 @@ uvicorn[standard]~=0.12.0
 gunicorn~=20.0.0
 
 cryptography~=2.9.0
-requests-http-signature==0.2.0
+# requests-http-signature==0.0.3
+# clone until the branch is merged and released upstream
+git+https://github.com/agateblue/requests-http-signature.git@signature-header-support
 django-cleanup~=5.0.0
 requests~=2.24.0
 pyOpenSSL~=19.1.0
-- 
GitLab