Skip to content
Snippets Groups Projects
Select Git revision
  • develop default protected
  • 284-browse-redesign
  • 334-don-t-display-an-empty-page-browser
  • 316-ultrasonic
  • ButterflyOfFire/funkwhale-patch-1
  • master
  • 303-json-ld
  • 278-search-browse
  • 0.15
  • 0.14.2
  • 0.14.1
  • 0.14
  • 0.13
  • 0.12
  • 0.11
  • 0.10
  • 0.9.1
  • 0.9
  • 0.8
  • 0.7
  • 0.6.1
  • 0.6
  • 0.5.4
  • 0.5.3
  • 0.5.2
  • 0.5.1
  • 0.5
  • 0.4
28 results
Blame Permalink
Forked from funkwhale / funkwhale
7434 commits behind the upstream repository.
signing.py 1.66 KiB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56 






import logging
import requests
import requests_http_signature

from . import exceptions
from . import utils

logger = logging.getLogger(__name__)


def verify(request, public_key):
    return requests_http_signature.HTTPSignatureAuth.verify(
        request,
        key_resolver=lambda **kwargs: public_key,
        use_auth_header=False,
    )


def verify_django(django_request, public_key):
    """
    Given a django WSGI request, create an underlying requests.PreparedRequest
    instance we can verify
    """
    headers = utils.clean_wsgi_headers(django_request.META)
    for h, v in list(headers.items()):
        # we include lower-cased version of the headers for compatibility
        # with requests_http_signature
        headers[h.lower()] = v
    try:
        signature = headers['Signature']
    except KeyError:
        raise exceptions.MissingSignature
    url = 'http://noop{}'.format(django_request.path)
    query = django_request.META['QUERY_STRING']
    if query:
        url += '?{}'.format(query)
    signature_headers = signature.split('headers="')[1].split('",')[0]
    expected = signature_headers.split(' ')
    logger.debug('Signature expected headers: %s', expected)
    for header in expected:
        try:
            headers[header]
        except KeyError:
            logger.debug('Missing header: %s', header)
    request = requests.Request(
        method=django_request.method,
        url=url,
        data=django_request.body,
        headers=headers)
    for h in request.headers.keys():
        v = request.headers[h]
        if v:
            request.headers[h] = str(v)
    prepared_request = request.prepare()
    return verify(request, public_key)