Verified Commit c63b7f92 authored by Eliot Berriot's avatar Eliot Berriot
Browse files

Use own requests-http-signing to be compatible with Signature header

parent 7191a2a2
...@@ -15,6 +15,7 @@ class SignatureAuthFactory(factory.Factory): ...@@ -15,6 +15,7 @@ class SignatureAuthFactory(factory.Factory):
algorithm = 'rsa-sha256' algorithm = 'rsa-sha256'
key = factory.LazyFunction(lambda: keys.get_key_pair()[0]) key = factory.LazyFunction(lambda: keys.get_key_pair()[0])
key_id = factory.Faker('url') key_id = factory.Faker('url')
use_auth_header = False
class Meta: class Meta:
model = requests_http_signature.HTTPSignatureAuth model = requests_http_signature.HTTPSignatureAuth
......
...@@ -5,7 +5,8 @@ import requests_http_signature ...@@ -5,7 +5,8 @@ import requests_http_signature
def verify(request, public_key): def verify(request, public_key):
return requests_http_signature.HTTPSignatureAuth.verify( return requests_http_signature.HTTPSignatureAuth.verify(
request, request,
key_resolver=lambda **kwargs: public_key key_resolver=lambda **kwargs: public_key,
use_auth_header=False,
) )
...@@ -20,7 +21,7 @@ def verify_django(django_request, public_key): ...@@ -20,7 +21,7 @@ def verify_django(django_request, public_key):
# with requests_http_signature # with requests_http_signature
headers[h.lower()] = v headers[h.lower()] = v
try: try:
signature = headers['authorization'] signature = headers['signature']
except KeyError: except KeyError:
raise exceptions.MissingSignature raise exceptions.MissingSignature
......
...@@ -61,4 +61,6 @@ django-cacheops>=4,<4.1 ...@@ -61,4 +61,6 @@ django-cacheops>=4,<4.1
daphne==2.0.4 daphne==2.0.4
cryptography>=2,<3 cryptography>=2,<3
requests-http-signature==0.0.3 # requests-http-signature==0.0.3
# clone until the branch is merged and released upstream
git+https://github.com/EliotBerriot/requests-http-signature.git@signature-header-support
...@@ -7,23 +7,23 @@ from funkwhale_api.federation import signing ...@@ -7,23 +7,23 @@ from funkwhale_api.federation import signing
from funkwhale_api.federation import keys from funkwhale_api.federation import keys
def test_can_sign_and_verify_request(factories): def test_can_sign_and_verify_request(nodb_factories):
private, public = factories['federation.KeyPair']() private, public = nodb_factories['federation.KeyPair']()
auth = factories['federation.SignatureAuth'](key=private) auth = nodb_factories['federation.SignatureAuth'](key=private)
request = factories['federation.SignedRequest']( request = nodb_factories['federation.SignedRequest'](
auth=auth auth=auth
) )
prepared_request = request.prepare() prepared_request = request.prepare()
assert 'date' in prepared_request.headers assert 'date' in prepared_request.headers
assert 'authorization' in prepared_request.headers assert 'signature' in prepared_request.headers
assert prepared_request.headers['authorization'].startswith('Signature') assert signing.verify(
assert signing.verify(prepared_request, public) is None prepared_request, public) is None
def test_can_sign_and_verify_request_digest(factories): def test_can_sign_and_verify_request_digest(nodb_factories):
private, public = factories['federation.KeyPair']() private, public = nodb_factories['federation.KeyPair']()
auth = factories['federation.SignatureAuth'](key=private) auth = nodb_factories['federation.SignatureAuth'](key=private)
request = factories['federation.SignedRequest']( request = nodb_factories['federation.SignedRequest'](
auth=auth, auth=auth,
method='post', method='post',
data=b'hello=world' data=b'hello=world'
...@@ -31,14 +31,13 @@ def test_can_sign_and_verify_request_digest(factories): ...@@ -31,14 +31,13 @@ def test_can_sign_and_verify_request_digest(factories):
prepared_request = request.prepare() prepared_request = request.prepare()
assert 'date' in prepared_request.headers assert 'date' in prepared_request.headers
assert 'digest' in prepared_request.headers assert 'digest' in prepared_request.headers
assert 'authorization' in prepared_request.headers assert 'signature' in prepared_request.headers
assert prepared_request.headers['authorization'].startswith('Signature')
assert signing.verify(prepared_request, public) is None assert signing.verify(prepared_request, public) is None
def test_verify_fails_with_wrong_key(factories): def test_verify_fails_with_wrong_key(nodb_factories):
wrong_private, wrong_public = factories['federation.KeyPair']() wrong_private, wrong_public = nodb_factories['federation.KeyPair']()
request = factories['federation.SignedRequest']() request = nodb_factories['federation.SignedRequest']()
prepared_request = request.prepare() prepared_request = request.prepare()
with pytest.raises(cryptography.exceptions.InvalidSignature): with pytest.raises(cryptography.exceptions.InvalidSignature):
...@@ -55,7 +54,7 @@ def test_can_verify_django_request(factories, api_request): ...@@ -55,7 +54,7 @@ def test_can_verify_django_request(factories, api_request):
'/', '/',
headers={ headers={
'Date': prepared.headers['date'], 'Date': prepared.headers['date'],
'Authorization': prepared.headers['authorization'], 'Signature': prepared.headers['signature'],
} }
) )
assert signing.verify_django(django_request, public_key) is None assert signing.verify_django(django_request, public_key) is None
...@@ -74,7 +73,7 @@ def test_can_verify_django_request_digest(factories, api_request): ...@@ -74,7 +73,7 @@ def test_can_verify_django_request_digest(factories, api_request):
headers={ headers={
'Date': prepared.headers['date'], 'Date': prepared.headers['date'],
'Digest': prepared.headers['digest'], 'Digest': prepared.headers['digest'],
'Authorization': prepared.headers['authorization'], 'Signature': prepared.headers['signature'],
} }
) )
...@@ -94,7 +93,7 @@ def test_can_verify_django_request_digest_failure(factories, api_request): ...@@ -94,7 +93,7 @@ def test_can_verify_django_request_digest_failure(factories, api_request):
headers={ headers={
'Date': prepared.headers['date'], 'Date': prepared.headers['date'],
'Digest': prepared.headers['digest'] + 'noop', 'Digest': prepared.headers['digest'] + 'noop',
'Authorization': prepared.headers['authorization'], 'Signature': prepared.headers['signature'],
} }
) )
...@@ -112,7 +111,7 @@ def test_can_verify_django_request_failure(factories, api_request): ...@@ -112,7 +111,7 @@ def test_can_verify_django_request_failure(factories, api_request):
'/', '/',
headers={ headers={
'Date': 'Wrong', 'Date': 'Wrong',
'Authorization': prepared.headers['authorization'], 'Signature': prepared.headers['signature'],
} }
) )
with pytest.raises(cryptography.exceptions.InvalidSignature): with pytest.raises(cryptography.exceptions.InvalidSignature):
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment