kopia lustrzana https://github.com/snarfed/bridgy-fed
HTTP Signatures: add special (request-target) header
for #40, special synthetic HTTP header for HTTP Signatures, required by Peertube. https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12#section-2.3pull/373/head
rodzic
5182bb92f3
commit
2c9850c576
11
common.py
11
common.py
|
@ -140,9 +140,14 @@ def signed_request(fn, url, data=None, user=None, headers=None, **kwargs):
|
|||
domain = user.key.id()
|
||||
logger.info(f"Signing with {domain}'s key")
|
||||
key_id = host_url(domain)
|
||||
auth = HTTPSignatureAuth(secret=user.private_pem(), key_id=key_id,
|
||||
algorithm='rsa-sha256', sign_header='signature',
|
||||
headers=('Date', 'Host', 'Digest'))
|
||||
# (request-target) is a special HTTP Signatures header that some fediverse
|
||||
# implementations require, eg Peertube.
|
||||
# https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12#section-2.3
|
||||
# https://github.com/snarfed/bridgy-fed/issues/40
|
||||
auth = HTTPSignatureAuth(
|
||||
secret=user.private_pem(), key_id=key_id, algorithm='rsa-sha256',
|
||||
sign_header='signature',
|
||||
headers=('Date', 'Host', 'Digest', '(request-target)'))
|
||||
|
||||
# make HTTP request
|
||||
kwargs.setdefault('gateway', True)
|
||||
|
|
|
@ -180,5 +180,6 @@ class CommonTest(testutil.TestCase):
|
|||
first = mock_get.call_args_list[0][1]
|
||||
second = mock_get.call_args_list[1][1]
|
||||
self.assertNotEqual(first['headers'], second['headers'])
|
||||
self.assertNotEqual(first['auth'].header_signer.sign(first['headers']),
|
||||
second['auth'].header_signer.sign(second['headers']))
|
||||
self.assertNotEqual(
|
||||
first['auth'].header_signer.sign(first['headers'], method='GET', path='/'),
|
||||
second['auth'].header_signer.sign(second['headers'], method='GET', path='/'))
|
||||
|
|
Ładowanie…
Reference in New Issue