From 8083f787d1bd9d933557ebe647c17faaaa936dec Mon Sep 17 00:00:00 2001
From: Agate <me@agate.blue>
Date: Thu, 7 May 2020 15:26:05 +0200
Subject: [PATCH] Fix #876: use proper http-signature release

---
 api/funkwhale_api/federation/factories.py | 3 +--
 api/funkwhale_api/federation/signing.py   | 5 ++---
 api/requirements/base.txt                 | 2 +-
 changes/changelog.d/876.enhancement       | 1 +
 4 files changed, 5 insertions(+), 6 deletions(-)
 create mode 100644 changes/changelog.d/876.enhancement

diff --git a/api/funkwhale_api/federation/factories.py b/api/funkwhale_api/federation/factories.py
index 574560f0df..971c774a7a 100644
--- a/api/funkwhale_api/federation/factories.py
+++ b/api/funkwhale_api/federation/factories.py
@@ -20,11 +20,10 @@ class SignatureAuthFactory(factory.Factory):
     algorithm = "rsa-sha256"
     key = factory.LazyFunction(lambda: keys.get_key_pair()[0])
     key_id = factory.Faker("url")
-    use_auth_header = False
     headers = ["(request-target)", "user-agent", "host", "date", "accept"]
 
     class Meta:
-        model = requests_http_signature.HTTPSignatureAuth
+        model = requests_http_signature.HTTPSignatureHeaderAuth
 
 
 @registry.register(name="federation.SignedRequest")
diff --git a/api/funkwhale_api/federation/signing.py b/api/funkwhale_api/federation/signing.py
index b69c486682..17a0228a4b 100644
--- a/api/funkwhale_api/federation/signing.py
+++ b/api/funkwhale_api/federation/signing.py
@@ -46,7 +46,7 @@ def verify(request, public_key):
     verify_date(date)
     try:
         return requests_http_signature.HTTPSignatureAuth.verify(
-            request, key_resolver=lambda **kwargs: public_key, use_auth_header=False
+            request, key_resolver=lambda **kwargs: public_key, scheme="Signature"
         )
     except cryptography.exceptions.InvalidSignature:
         logger.warning(
@@ -98,8 +98,7 @@ def verify_django(django_request, public_key):
 
 
 def get_auth(private_key, private_key_id):
-    return requests_http_signature.HTTPSignatureAuth(
-        use_auth_header=False,
+    return requests_http_signature.HTTPSignatureHeaderAuth(
         headers=["(request-target)", "user-agent", "host", "date"],
         algorithm="rsa-sha256",
         key=private_key.encode("utf-8"),
diff --git a/api/requirements/base.txt b/api/requirements/base.txt
index 6e31f857e6..2878d2e7df 100644
--- a/api/requirements/base.txt
+++ b/api/requirements/base.txt
@@ -58,7 +58,7 @@ gunicorn>=20.0.4,<20.1
 cryptography>=2.8,<3
 # requests-http-signature==0.0.3
 # clone until the branch is merged and released upstream
-git+https://github.com/EliotBerriot/requests-http-signature.git@signature-header-support
+https://github.com/pyauth/requests-http-signature/archive/c0c8fd7255b73001845062f355c2f702bb2903db.zip
 django-cleanup>=4,<4.1
 requests>=2.22<2.23
 pyOpenSSL>=19<20
diff --git a/changes/changelog.d/876.enhancement b/changes/changelog.d/876.enhancement
new file mode 100644
index 0000000000..d567c5e576
--- /dev/null
+++ b/changes/changelog.d/876.enhancement
@@ -0,0 +1 @@
+Replaced forked http-signature dependency with official package (#876)
-- 
GitLab