Verified Commit c63b7f92 authored by Eliot Berriot's avatar Eliot Berriot
Browse files

Use own requests-http-signing to be compatible with Signature header

parent 7191a2a2
......@@ -15,6 +15,7 @@ class SignatureAuthFactory(factory.Factory):
algorithm = 'rsa-sha256'
key = factory.LazyFunction(lambda: keys.get_key_pair()[0])
key_id = factory.Faker('url')
use_auth_header = False
class Meta:
model = requests_http_signature.HTTPSignatureAuth
......
......@@ -5,7 +5,8 @@ import requests_http_signature
def verify(request, public_key):
return requests_http_signature.HTTPSignatureAuth.verify(
request,
key_resolver=lambda **kwargs: public_key
key_resolver=lambda **kwargs: public_key,
use_auth_header=False,
)
......@@ -20,7 +21,7 @@ def verify_django(django_request, public_key):
# with requests_http_signature
headers[h.lower()] = v
try:
signature = headers['authorization']
signature = headers['signature']
except KeyError:
raise exceptions.MissingSignature
......
......@@ -61,4 +61,6 @@ django-cacheops>=4,<4.1
daphne==2.0.4
cryptography>=2,<3
requests-http-signature==0.0.3
# requests-http-signature==0.0.3
# clone until the branch is merged and released upstream
git+https://github.com/EliotBerriot/requests-http-signature.git@signature-header-support
......@@ -7,23 +7,23 @@ from funkwhale_api.federation import signing
from funkwhale_api.federation import keys
def test_can_sign_and_verify_request(factories):
private, public = factories['federation.KeyPair']()
auth = factories['federation.SignatureAuth'](key=private)
request = factories['federation.SignedRequest'](
def test_can_sign_and_verify_request(nodb_factories):
private, public = nodb_factories['federation.KeyPair']()
auth = nodb_factories['federation.SignatureAuth'](key=private)
request = nodb_factories['federation.SignedRequest'](
auth=auth
)
prepared_request = request.prepare()
assert 'date' in prepared_request.headers
assert 'authorization' in prepared_request.headers
assert prepared_request.headers['authorization'].startswith('Signature')
assert signing.verify(prepared_request, public) is None
assert 'signature' in prepared_request.headers
assert signing.verify(
prepared_request, public) is None
def test_can_sign_and_verify_request_digest(factories):
private, public = factories['federation.KeyPair']()
auth = factories['federation.SignatureAuth'](key=private)
request = factories['federation.SignedRequest'](
def test_can_sign_and_verify_request_digest(nodb_factories):
private, public = nodb_factories['federation.KeyPair']()
auth = nodb_factories['federation.SignatureAuth'](key=private)
request = nodb_factories['federation.SignedRequest'](
auth=auth,
method='post',
data=b'hello=world'
......@@ -31,14 +31,13 @@ def test_can_sign_and_verify_request_digest(factories):
prepared_request = request.prepare()
assert 'date' in prepared_request.headers
assert 'digest' in prepared_request.headers
assert 'authorization' in prepared_request.headers
assert prepared_request.headers['authorization'].startswith('Signature')
assert 'signature' in prepared_request.headers
assert signing.verify(prepared_request, public) is None
def test_verify_fails_with_wrong_key(factories):
wrong_private, wrong_public = factories['federation.KeyPair']()
request = factories['federation.SignedRequest']()
def test_verify_fails_with_wrong_key(nodb_factories):
wrong_private, wrong_public = nodb_factories['federation.KeyPair']()
request = nodb_factories['federation.SignedRequest']()
prepared_request = request.prepare()
with pytest.raises(cryptography.exceptions.InvalidSignature):
......@@ -55,7 +54,7 @@ def test_can_verify_django_request(factories, api_request):
'/',
headers={
'Date': prepared.headers['date'],
'Authorization': prepared.headers['authorization'],
'Signature': prepared.headers['signature'],
}
)
assert signing.verify_django(django_request, public_key) is None
......@@ -74,7 +73,7 @@ def test_can_verify_django_request_digest(factories, api_request):
headers={
'Date': prepared.headers['date'],
'Digest': prepared.headers['digest'],
'Authorization': prepared.headers['authorization'],
'Signature': prepared.headers['signature'],
}
)
......@@ -94,7 +93,7 @@ def test_can_verify_django_request_digest_failure(factories, api_request):
headers={
'Date': prepared.headers['date'],
'Digest': prepared.headers['digest'] + 'noop',
'Authorization': prepared.headers['authorization'],
'Signature': prepared.headers['signature'],
}
)
......@@ -112,7 +111,7 @@ def test_can_verify_django_request_failure(factories, api_request):
'/',
headers={
'Date': 'Wrong',
'Authorization': prepared.headers['authorization'],
'Signature': prepared.headers['signature'],
}
)
with pytest.raises(cryptography.exceptions.InvalidSignature):
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment