Skip to content
Snippets Groups Projects
Commit 0edf32ed authored by Georg Krause's avatar Georg Krause
Browse files

Merge branch '876-http-signature' into 'develop'

Fix #876: use proper http-signature release

Closes #876

See merge request funkwhale/funkwhale!1120
parents 0e825c3c 1ea47094
No related branches found
No related tags found
No related merge requests found
......@@ -20,11 +20,10 @@ class SignatureAuthFactory(factory.Factory):
algorithm = "rsa-sha256"
key = factory.LazyFunction(lambda: keys.get_key_pair()[0])
key_id = factory.Faker("url")
use_auth_header = False
headers = ["(request-target)", "user-agent", "host", "date", "accept"]
class Meta:
model = requests_http_signature.HTTPSignatureAuth
model = requests_http_signature.HTTPSignatureHeaderAuth
@registry.register(name="federation.SignedRequest")
......
......@@ -46,7 +46,7 @@ def verify(request, public_key):
verify_date(date)
try:
return requests_http_signature.HTTPSignatureAuth.verify(
request, key_resolver=lambda **kwargs: public_key, use_auth_header=False
request, key_resolver=lambda **kwargs: public_key, scheme="Signature"
)
except cryptography.exceptions.InvalidSignature:
logger.warning(
......@@ -98,8 +98,7 @@ def verify_django(django_request, public_key):
def get_auth(private_key, private_key_id):
return requests_http_signature.HTTPSignatureAuth(
use_auth_header=False,
return requests_http_signature.HTTPSignatureHeaderAuth(
headers=["(request-target)", "user-agent", "host", "date"],
algorithm="rsa-sha256",
key=private_key.encode("utf-8"),
......
......@@ -45,9 +45,7 @@ uvicorn[standard]~=0.12.0
gunicorn~=20.0.0
cryptography~=2.9.0
# requests-http-signature==0.0.3
# clone until the branch is merged and released upstream
git+https://github.com/EliotBerriot/requests-http-signature.git@signature-header-support
requests-http-signature==0.2.0
django-cleanup~=5.0.0
requests~=2.24.0
pyOpenSSL~=19.1.0
......
Replaced forked http-signature dependency with official package (#876)
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment