Skip to content
Snippets Groups Projects
Normal view History Permalink
authentication.py 2.05 KiB
Newer Older
Eliot Berriot's avatar
Can now have multiple system actors
Eliot Berriot committed
1 
import cryptography
Eliot Berriot's avatar
Use our instance policies to discard fetched and inbox objects  
Eliot Berriot committed
2 3 
import logging
Eliot Berriot's avatar
Can now have multiple system actors
Eliot Berriot committed
4 
from django.contrib.auth.models import AnonymousUser
Eliot Berriot's avatar
Linting  
Eliot Berriot committed
5 
from rest_framework import authentication, exceptions as rest_exceptions
Eliot Berriot's avatar
Can now have multiple system actors
Eliot Berriot committed
6
Eliot Berriot's avatar
Use our instance policies to discard fetched and inbox objects  
Eliot Berriot committed
7 8 9 10 11 
from funkwhale_api.moderation import models as moderation_models
from . import actors, exceptions, keys, signing, utils


logger = logging.getLogger(__name__)
Eliot Berriot's avatar
Can now have multiple system actors
Eliot Berriot committed
12 13 14 


class SignatureAuthentication(authentication.BaseAuthentication):
Eliot Berriot's avatar
Fixed inconsistencies between test and prod requests  
Eliot Berriot committed
15 16 
    def authenticate_actor(self, request):
        headers = utils.clean_wsgi_headers(request.META)
Eliot Berriot's avatar
Can now have multiple system actors
Eliot Berriot committed
17 
        try:
Eliot Berriot's avatar
Blacked the code  
Eliot Berriot committed
18 
            signature = headers["Signature"]
Eliot Berriot's avatar
Can now have multiple system actors
Eliot Berriot committed
19 20 
            key_id = keys.get_key_id_from_signature_header(signature)
        except KeyError:
Eliot Berriot's avatar
Fixed inconsistencies between test and prod requests  
Eliot Berriot committed
21 
            return
Eliot Berriot's avatar
Can now have multiple system actors
Eliot Berriot committed
22 
        except ValueError as e:
Eliot Berriot's avatar
Linting  
Eliot Berriot committed
23 
            raise rest_exceptions.AuthenticationFailed(str(e))
Eliot Berriot's avatar
Can now have multiple system actors
Eliot Berriot committed
24 25 

        try:
Eliot Berriot's avatar
Use our instance policies to discard fetched and inbox objects  
Eliot Berriot committed
26 27 
            actor_url = key_id.split("#")[0]
        except (TypeError, IndexError, AttributeError):
Eliot Berriot's avatar
Linting  
Eliot Berriot committed
28 
            raise rest_exceptions.AuthenticationFailed("Invalid key id")
Eliot Berriot's avatar
Use our instance policies to discard fetched and inbox objects  
Eliot Berriot committed
29 30 31 32 33 34 35 36 37 38 39 

        policies = (
            moderation_models.InstancePolicy.objects.active()
            .filter(block_all=True)
            .matching_url(actor_url)
        )
        if policies.exists():
            raise exceptions.BlockedActorOrDomain()

        try:
            actor = actors.get_actor(actor_url)
Eliot Berriot's avatar
Can now have multiple system actors
Eliot Berriot committed
40 
        except Exception as e:
Eliot Berriot's avatar
Use our instance policies to discard fetched and inbox objects  
Eliot Berriot committed
41 42 43 
            logger.info(
                "Discarding HTTP request from blocked actor/domain %s", actor_url
            )
Eliot Berriot's avatar
Linting  
Eliot Berriot committed
44 
            raise rest_exceptions.AuthenticationFailed(str(e))
Eliot Berriot's avatar
Can now have multiple system actors
Eliot Berriot committed
45
Eliot Berriot's avatar
Avoid fetching Actor object on every request authentication  
Eliot Berriot committed
46 
        if not actor.public_key:
Eliot Berriot's avatar
Linting  
Eliot Berriot committed
47 
            raise rest_exceptions.AuthenticationFailed("No public key found")
Eliot Berriot's avatar
Can now have multiple system actors
Eliot Berriot committed
48 49 

        try:
Eliot Berriot's avatar
Blacked the code  
Eliot Berriot committed
50 
            signing.verify_django(request, actor.public_key.encode("utf-8"))
Eliot Berriot's avatar
Can now have multiple system actors
Eliot Berriot committed
51 
        except cryptography.exceptions.InvalidSignature:
Eliot Berriot's avatar
Linting  
Eliot Berriot committed
52 
            raise rest_exceptions.AuthenticationFailed("Invalid signature")
Eliot Berriot's avatar
Can now have multiple system actors
Eliot Berriot committed
53
Eliot Berriot's avatar
Avoid fetching Actor object on every request authentication  
Eliot Berriot committed
54 
        return actor
Eliot Berriot's avatar
Fixed inconsistencies between test and prod requests  
Eliot Berriot committed
55 56 

    def authenticate(self, request):
Eliot Berriot's avatar
Blacked the code  
Eliot Berriot committed
57 
        setattr(request, "actor", None)
Eliot Berriot's avatar
Fixed inconsistencies between test and prod requests  
Eliot Berriot committed
58 
        actor = self.authenticate_actor(request)
Eliot Berriot's avatar
Can now serve track from remote library  
Eliot Berriot committed
59 60 
        if not actor:
            return
Eliot Berriot's avatar
Can now have multiple system actors
Eliot Berriot committed
61 
        user = AnonymousUser()
Eliot Berriot's avatar
Blacked the code  
Eliot Berriot committed
62 
        setattr(request, "actor", actor)
Eliot Berriot's avatar
Can now have multiple system actors
Eliot Berriot committed
63 
        return (user, None)