Fixed inconsistencies between test and prod requests

2025-10-04 15:29:22 +02:00 · 2018-03-31 18:40:41 +02:00 · 2018-03-31 18:40:41 +02:00 · e1ebd4988b
commit e1ebd4988b
parent de777764da
4 changed files with 83 additions and 41 deletions
--- a/api/funkwhale_api/federation/signing.py
+++ b/api/funkwhale_api/federation/signing.py
@ -1,6 +1,12 @@
+import logging
 import requests
 import requests_http_signature

+from . import exceptions
+from . import utils
+
+logger = logging.getLogger(__name__)
+

 def verify(request, public_key):
    return requests_http_signature.HTTPSignatureAuth.verify(
@ -15,21 +21,35 @@ def verify_django(django_request, public_key):
    Given a django WSGI request, create an underlying requests.PreparedRequest
    instance we can verify
    """
-    headers = django_request.META.get('headers', {}).copy()
+    headers = utils.clean_wsgi_headers(django_request.META)
    for h, v in list(headers.items()):
        # we include lower-cased version of the headers for compatibility
        # with requests_http_signature
        headers[h.lower()] = v
    try:
-        signature = headers['signature']
+        signature = headers['Signature']
    except KeyError:
        raise exceptions.MissingSignature
-
+    url = 'http://noop{}'.format(django_request.path)
+    query = django_request.META['QUERY_STRING']
+    if query:
+        url += '?{}'.format(query)
+    signature_headers = signature.split('headers="')[1].split('",')[0]
+    expected = signature_headers.split(' ')
+    logger.debug('Signature expected headers: %s', expected)
+    for header in expected:
+        try:
+            headers[header]
+        except KeyError:
+            logger.debug('Missing header: %s', header)
    request = requests.Request(
        method=django_request.method,
-        url='http://noop',
+        url=url,
        data=django_request.body,
        headers=headers)
-
+    for h in request.headers.keys():
+        v = request.headers[h]
+        if v:
+            request.headers[h] = str(v)
    prepared_request = request.prepare()
    return verify(request, public_key)