Fix #1038: Federated reports

2025-10-04 20:09:17 +02:00 · 2020-03-11 11:39:55 +01:00 · 2020-03-11 11:39:55 +01:00 · d9afed5067
commit d9afed5067
parent 40720328d7
34 changed files with 985 additions and 76 deletions
--- a/api/funkwhale_api/federation/signing.py
+++ b/api/funkwhale_api/federation/signing.py
@ -1,3 +1,4 @@
+import cryptography.exceptions
 import datetime
 import logging
 import pytz
@ -31,18 +32,29 @@ def verify_date(raw_date):
    now = timezone.now()
    if dt < now - delta or dt > now + delta:
        raise forms.ValidationError(
-            "Request Date is too far in the future or in the past"
+            "Request Date {} is too far in the future or in the past".format(raw_date)
        )

    return dt


 def verify(request, public_key):
-    verify_date(request.headers.get("Date"))
-
-    return requests_http_signature.HTTPSignatureAuth.verify(
-        request, key_resolver=lambda **kwargs: public_key, use_auth_header=False
+    date = request.headers.get("Date")
+    logger.debug(
+        "Verifying request with date %s and headers %s", date, str(request.headers)
    )
+    verify_date(date)
+    try:
+        return requests_http_signature.HTTPSignatureAuth.verify(
+            request, key_resolver=lambda **kwargs: public_key, use_auth_header=False
+        )
+    except cryptography.exceptions.InvalidSignature:
+        logger.warning(
+            "Could not verify request with date %s and headers %s",
+            date,
+            str(request.headers),
+        )
+        raise


 def verify_django(django_request, public_key):