Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
jovuit
funkwhale
Commits
c63b7f92
Verified
Commit
c63b7f92
authored
Mar 30, 2018
by
Eliot Berriot
Browse files
Use own requests-http-signing to be compatible with Signature header
parent
7191a2a2
Changes
4
Hide whitespace changes
Inline
Side-by-side
api/funkwhale_api/federation/factories.py
View file @
c63b7f92
...
...
@@ -15,6 +15,7 @@ class SignatureAuthFactory(factory.Factory):
algorithm
=
'rsa-sha256'
key
=
factory
.
LazyFunction
(
lambda
:
keys
.
get_key_pair
()[
0
])
key_id
=
factory
.
Faker
(
'url'
)
use_auth_header
=
False
class
Meta
:
model
=
requests_http_signature
.
HTTPSignatureAuth
...
...
api/funkwhale_api/federation/signing.py
View file @
c63b7f92
...
...
@@ -5,7 +5,8 @@ import requests_http_signature
def
verify
(
request
,
public_key
):
return
requests_http_signature
.
HTTPSignatureAuth
.
verify
(
request
,
key_resolver
=
lambda
**
kwargs
:
public_key
key_resolver
=
lambda
**
kwargs
:
public_key
,
use_auth_header
=
False
,
)
...
...
@@ -20,7 +21,7 @@ def verify_django(django_request, public_key):
# with requests_http_signature
headers
[
h
.
lower
()]
=
v
try
:
signature
=
headers
[
'
authorization
'
]
signature
=
headers
[
'
signature
'
]
except
KeyError
:
raise
exceptions
.
MissingSignature
...
...
api/requirements/base.txt
View file @
c63b7f92
...
...
@@ -61,4 +61,6 @@ django-cacheops>=4,<4.1
daphne==2.0.4
cryptography>=2,<3
requests-http-signature==0.0.3
# requests-http-signature==0.0.3
# clone until the branch is merged and released upstream
git+https://github.com/EliotBerriot/requests-http-signature.git@signature-header-support
api/tests/federation/test_signing.py
View file @
c63b7f92
...
...
@@ -7,23 +7,23 @@ from funkwhale_api.federation import signing
from
funkwhale_api.federation
import
keys
def
test_can_sign_and_verify_request
(
factories
):
private
,
public
=
factories
[
'federation.KeyPair'
]()
auth
=
factories
[
'federation.SignatureAuth'
](
key
=
private
)
request
=
factories
[
'federation.SignedRequest'
](
def
test_can_sign_and_verify_request
(
nodb_
factories
):
private
,
public
=
nodb_
factories
[
'federation.KeyPair'
]()
auth
=
nodb_
factories
[
'federation.SignatureAuth'
](
key
=
private
)
request
=
nodb_
factories
[
'federation.SignedRequest'
](
auth
=
auth
)
prepared_request
=
request
.
prepare
()
assert
'date'
in
prepared_request
.
headers
assert
'
authorization
'
in
prepared_request
.
headers
assert
prepared_request
.
headers
[
'authorization'
].
startswith
(
'Signature'
)
assert
signing
.
verify
(
prepared_request
,
public
)
is
None
assert
'
signature
'
in
prepared_request
.
headers
assert
signing
.
verify
(
prepared_request
,
public
)
is
None
def
test_can_sign_and_verify_request_digest
(
factories
):
private
,
public
=
factories
[
'federation.KeyPair'
]()
auth
=
factories
[
'federation.SignatureAuth'
](
key
=
private
)
request
=
factories
[
'federation.SignedRequest'
](
def
test_can_sign_and_verify_request_digest
(
nodb_
factories
):
private
,
public
=
nodb_
factories
[
'federation.KeyPair'
]()
auth
=
nodb_
factories
[
'federation.SignatureAuth'
](
key
=
private
)
request
=
nodb_
factories
[
'federation.SignedRequest'
](
auth
=
auth
,
method
=
'post'
,
data
=
b
'hello=world'
...
...
@@ -31,14 +31,13 @@ def test_can_sign_and_verify_request_digest(factories):
prepared_request
=
request
.
prepare
()
assert
'date'
in
prepared_request
.
headers
assert
'digest'
in
prepared_request
.
headers
assert
'authorization'
in
prepared_request
.
headers
assert
prepared_request
.
headers
[
'authorization'
].
startswith
(
'Signature'
)
assert
'signature'
in
prepared_request
.
headers
assert
signing
.
verify
(
prepared_request
,
public
)
is
None
def
test_verify_fails_with_wrong_key
(
factories
):
wrong_private
,
wrong_public
=
factories
[
'federation.KeyPair'
]()
request
=
factories
[
'federation.SignedRequest'
]()
def
test_verify_fails_with_wrong_key
(
nodb_
factories
):
wrong_private
,
wrong_public
=
nodb_
factories
[
'federation.KeyPair'
]()
request
=
nodb_
factories
[
'federation.SignedRequest'
]()
prepared_request
=
request
.
prepare
()
with
pytest
.
raises
(
cryptography
.
exceptions
.
InvalidSignature
):
...
...
@@ -55,7 +54,7 @@ def test_can_verify_django_request(factories, api_request):
'/'
,
headers
=
{
'Date'
:
prepared
.
headers
[
'date'
],
'
Authorization
'
:
prepared
.
headers
[
'
authorization
'
],
'
Signature
'
:
prepared
.
headers
[
'
signature
'
],
}
)
assert
signing
.
verify_django
(
django_request
,
public_key
)
is
None
...
...
@@ -74,7 +73,7 @@ def test_can_verify_django_request_digest(factories, api_request):
headers
=
{
'Date'
:
prepared
.
headers
[
'date'
],
'Digest'
:
prepared
.
headers
[
'digest'
],
'
Authorization
'
:
prepared
.
headers
[
'
authorization
'
],
'
Signature
'
:
prepared
.
headers
[
'
signature
'
],
}
)
...
...
@@ -94,7 +93,7 @@ def test_can_verify_django_request_digest_failure(factories, api_request):
headers
=
{
'Date'
:
prepared
.
headers
[
'date'
],
'Digest'
:
prepared
.
headers
[
'digest'
]
+
'noop'
,
'
Authorization
'
:
prepared
.
headers
[
'
authorization
'
],
'
Signature
'
:
prepared
.
headers
[
'
signature
'
],
}
)
...
...
@@ -112,7 +111,7 @@ def test_can_verify_django_request_failure(factories, api_request):
'/'
,
headers
=
{
'Date'
:
'Wrong'
,
'
Authorization
'
:
prepared
.
headers
[
'
authorization
'
],
'
Signature
'
:
prepared
.
headers
[
'
signature
'
],
}
)
with
pytest
.
raises
(
cryptography
.
exceptions
.
InvalidSignature
):
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment