yetangitu/funkwhale
1
0
Fork 0
mirror of https://code.eliotberriot.com/funkwhale/funkwhale.git synced 2025-10-06 02:49:56 +02:00
Code Issues Releases Wiki Activity

Fix #876: use proper http-signature release

Browse source
This commit is contained in:
Agate 2020-05-07 15:26:05 +02:00 committed by Georg Krause
parent b91c48a6ce
commit 7f80a86bc5
No known key found for this signature in database
GPG key ID: FD479B9A4D48E632
4 changed files with 5 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

3
api/funkwhale_api/federation/factories.py
View file

@ -20,11 +20,10 @@ class SignatureAuthFactory(factory.Factory):
algorithm = "rsa-sha256"
key = factory.LazyFunction(lambda: keys.get_key_pair()[0])
key_id = factory.Faker("url")
use_auth_header = False
headers = ["(request-target)", "user-agent", "host", "date", "accept"]
class Meta:
model = requests_http_signature.HTTPSignatureAuth
model = requests_http_signature.HTTPSignatureHeaderAuth
@registry.register(name="federation.SignedRequest")

5
api/funkwhale_api/federation/signing.py
View file

@ -46,7 +46,7 @@ def verify(request, public_key):
verify_date(date)
try:
return requests_http_signature.HTTPSignatureAuth.verify(
request, key_resolver=lambda **kwargs: public_key, use_auth_header=False
request, key_resolver=lambda **kwargs: public_key, scheme="Signature"
)
except cryptography.exceptions.InvalidSignature:
logger.warning(
@ -98,8 +98,7 @@ def verify_django(django_request, public_key):
def get_auth(private_key, private_key_id):
return requests_http_signature.HTTPSignatureAuth(
use_auth_header=False,
return requests_http_signature.HTTPSignatureHeaderAuth(
headers=["(request-target)", "user-agent", "host", "date"],
algorithm="rsa-sha256",
key=private_key.encode("utf-8"),