diff --git a/api/funkwhale_api/federation/factories.py b/api/funkwhale_api/federation/factories.py
index f5d612b0dad5133197fb4385b583833539920126..3cfecfa96739df0081986c3615df48eaf5d2113e 100644
--- a/api/funkwhale_api/federation/factories.py
+++ b/api/funkwhale_api/federation/factories.py
@@ -15,6 +15,7 @@ class SignatureAuthFactory(factory.Factory):
algorithm = 'rsa-sha256'
key = factory.LazyFunction(lambda: keys.get_key_pair()[0])
key_id = factory.Faker('url')
+ use_auth_header = False
class Meta:
model = requests_http_signature.HTTPSignatureAuth
diff --git a/api/funkwhale_api/federation/signing.py b/api/funkwhale_api/federation/signing.py
index 87ac82bac0b9a5b599ce7d3721e8f4f876c02e8c..6f77cbd425813381388f6d368ca5df5fc35b6691 100644
--- a/api/funkwhale_api/federation/signing.py
+++ b/api/funkwhale_api/federation/signing.py
@@ -5,7 +5,8 @@ import requests_http_signature
def verify(request, public_key):
return requests_http_signature.HTTPSignatureAuth.verify(
request,
- key_resolver=lambda **kwargs: public_key
+ key_resolver=lambda **kwargs: public_key,
+ use_auth_header=False,
)
@@ -20,7 +21,7 @@ def verify_django(django_request, public_key):
# with requests_http_signature
headers[h.lower()] = v
try:
- signature = headers['authorization']
+ signature = headers['signature']
except KeyError:
raise exceptions.MissingSignature
diff --git a/api/requirements/base.txt b/api/requirements/base.txt
index 02cf1c70224c8387fdffc052a937b8d8397f9c23..b66e297a9942524b02df71fdcc67c81225e62c1e 100644
--- a/api/requirements/base.txt
+++ b/api/requirements/base.txt
@@ -61,4 +61,6 @@ django-cacheops>=4,<4.1
daphne==2.0.4
cryptography>=2,<3
-requests-http-signature==0.0.3
+# requests-http-signature==0.0.3
+# clone until the branch is merged and released upstream
+git+https://github.com/EliotBerriot/requests-http-signature.git@signature-header-support
diff --git a/api/tests/federation/test_signing.py b/api/tests/federation/test_signing.py
index dc678f749bb0d7063ff58842c24de2391261b9ef..9da7a0f872a03da619543bccddfe9921a3f6e7c7 100644
--- a/api/tests/federation/test_signing.py
+++ b/api/tests/federation/test_signing.py
@@ -7,23 +7,23 @@ from funkwhale_api.federation import signing
from funkwhale_api.federation import keys
-def test_can_sign_and_verify_request(factories):
- private, public = factories['federation.KeyPair']()
- auth = factories['federation.SignatureAuth'](key=private)
- request = factories['federation.SignedRequest'](
+def test_can_sign_and_verify_request(nodb_factories):
+ private, public = nodb_factories['federation.KeyPair']()
+ auth = nodb_factories['federation.SignatureAuth'](key=private)
+ request = nodb_factories['federation.SignedRequest'](
auth=auth
)
prepared_request = request.prepare()
assert 'date' in prepared_request.headers
- assert 'authorization' in prepared_request.headers
- assert prepared_request.headers['authorization'].startswith('Signature')
- assert signing.verify(prepared_request, public) is None
+ assert 'signature' in prepared_request.headers
+ assert signing.verify(
+ prepared_request, public) is None
-def test_can_sign_and_verify_request_digest(factories):
- private, public = factories['federation.KeyPair']()
- auth = factories['federation.SignatureAuth'](key=private)
- request = factories['federation.SignedRequest'](
+def test_can_sign_and_verify_request_digest(nodb_factories):
+ private, public = nodb_factories['federation.KeyPair']()
+ auth = nodb_factories['federation.SignatureAuth'](key=private)
+ request = nodb_factories['federation.SignedRequest'](
auth=auth,
method='post',
data=b'hello=world'
@@ -31,14 +31,13 @@ def test_can_sign_and_verify_request_digest(factories):
prepared_request = request.prepare()
assert 'date' in prepared_request.headers
assert 'digest' in prepared_request.headers
- assert 'authorization' in prepared_request.headers
- assert prepared_request.headers['authorization'].startswith('Signature')
+ assert 'signature' in prepared_request.headers
assert signing.verify(prepared_request, public) is None
-def test_verify_fails_with_wrong_key(factories):
- wrong_private, wrong_public = factories['federation.KeyPair']()
- request = factories['federation.SignedRequest']()
+def test_verify_fails_with_wrong_key(nodb_factories):
+ wrong_private, wrong_public = nodb_factories['federation.KeyPair']()
+ request = nodb_factories['federation.SignedRequest']()
prepared_request = request.prepare()
with pytest.raises(cryptography.exceptions.InvalidSignature):
@@ -55,7 +54,7 @@ def test_can_verify_django_request(factories, api_request):
'/',
headers={
'Date': prepared.headers['date'],
- 'Authorization': prepared.headers['authorization'],
+ 'Signature': prepared.headers['signature'],
}
)
assert signing.verify_django(django_request, public_key) is None
@@ -74,7 +73,7 @@ def test_can_verify_django_request_digest(factories, api_request):
headers={
'Date': prepared.headers['date'],
'Digest': prepared.headers['digest'],
- 'Authorization': prepared.headers['authorization'],
+ 'Signature': prepared.headers['signature'],
}
)
@@ -94,7 +93,7 @@ def test_can_verify_django_request_digest_failure(factories, api_request):
headers={
'Date': prepared.headers['date'],
'Digest': prepared.headers['digest'] + 'noop',
- 'Authorization': prepared.headers['authorization'],
+ 'Signature': prepared.headers['signature'],
}
)
@@ -112,7 +111,7 @@ def test_can_verify_django_request_failure(factories, api_request):
'/',
headers={
'Date': 'Wrong',
- 'Authorization': prepared.headers['authorization'],
+ 'Signature': prepared.headers['signature'],
}
)
with pytest.raises(cryptography.exceptions.InvalidSignature):