Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Philipp Wolfer
funkwhale
Commits
8083f787
Unverified
Commit
8083f787
authored
May 07, 2020
by
Agate
💬
Browse files
Fix #876: use proper http-signature release
parent
2fefe149
Changes
4
Hide whitespace changes
Inline
Side-by-side
api/funkwhale_api/federation/factories.py
View file @
8083f787
...
...
@@ -20,11 +20,10 @@ class SignatureAuthFactory(factory.Factory):
algorithm
=
"rsa-sha256"
key
=
factory
.
LazyFunction
(
lambda
:
keys
.
get_key_pair
()[
0
])
key_id
=
factory
.
Faker
(
"url"
)
use_auth_header
=
False
headers
=
[
"(request-target)"
,
"user-agent"
,
"host"
,
"date"
,
"accept"
]
class
Meta
:
model
=
requests_http_signature
.
HTTPSignatureAuth
model
=
requests_http_signature
.
HTTPSignature
Header
Auth
@
registry
.
register
(
name
=
"federation.SignedRequest"
)
...
...
api/funkwhale_api/federation/signing.py
View file @
8083f787
...
...
@@ -46,7 +46,7 @@ def verify(request, public_key):
verify_date
(
date
)
try
:
return
requests_http_signature
.
HTTPSignatureAuth
.
verify
(
request
,
key_resolver
=
lambda
**
kwargs
:
public_key
,
use_auth_header
=
False
request
,
key_resolver
=
lambda
**
kwargs
:
public_key
,
scheme
=
"Signature"
)
except
cryptography
.
exceptions
.
InvalidSignature
:
logger
.
warning
(
...
...
@@ -98,8 +98,7 @@ def verify_django(django_request, public_key):
def
get_auth
(
private_key
,
private_key_id
):
return
requests_http_signature
.
HTTPSignatureAuth
(
use_auth_header
=
False
,
return
requests_http_signature
.
HTTPSignatureHeaderAuth
(
headers
=
[
"(request-target)"
,
"user-agent"
,
"host"
,
"date"
],
algorithm
=
"rsa-sha256"
,
key
=
private_key
.
encode
(
"utf-8"
),
...
...
api/requirements/base.txt
View file @
8083f787
...
...
@@ -58,7 +58,7 @@ gunicorn>=20.0.4,<20.1
cryptography>=2.8,<3
# requests-http-signature==0.0.3
# clone until the branch is merged and released upstream
git+
https://github.com/
EliotBerriot
/requests-http-signature
.git@signature-header-support
https://github.com/
pyauth
/requests-http-signature
/archive/c0c8fd7255b73001845062f355c2f702bb2903db.zip
django-cleanup>=4,<4.1
requests>=2.22<2.23
pyOpenSSL>=19<20
...
...
changes/changelog.d/876.enhancement
0 → 100644
View file @
8083f787
Replaced forked http-signature dependency with official package (#876)
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment