From 44fee798388f93be41041dabdaf0f7bc9dbc037b Mon Sep 17 00:00:00 2001 From: Ryan Barrett Date: Tue, 27 Jun 2023 22:31:48 -0700 Subject: [PATCH] incoming AP: allow missing HTTP Sig when DEBUG is on --- activitypub.py | 5 ++++- tests/test_activitypub.py | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/activitypub.py b/activitypub.py index c6a6cde..4081b41 100644 --- a/activitypub.py +++ b/activitypub.py @@ -11,7 +11,7 @@ from granary import as1, as2 from httpsig import HeaderVerifier from httpsig.requests_auth import HTTPSignatureAuth from httpsig.utils import parse_signature_header -from oauth_dropins.webutil import flask_util, util +from oauth_dropins.webutil import appengine_info, flask_util, util from oauth_dropins.webutil.util import fragmentless, json_dumps, json_loads import requests from werkzeug.exceptions import BadGateway @@ -267,6 +267,9 @@ class ActivityPub(User, Protocol): headers = dict(request.headers) # copy so we can modify below sig = headers.get('Signature') if not sig: + if appengine_info.DEBUG: + logging.info('No HTTP Signature, allowing due to DEBUG=true') + return error('No HTTP Signature', status=401) logger.info('Verifying HTTP Signature') diff --git a/tests/test_activitypub.py b/tests/test_activitypub.py index 8cc17a6..2b46dd7 100644 --- a/tests/test_activitypub.py +++ b/tests/test_activitypub.py @@ -1017,6 +1017,7 @@ class ActivityPubTest(TestCase): @patch('activitypub.logger.info', side_effect=logging.info) @patch('common.logger.info', side_effect=logging.info) + @patch('oauth_dropins.webutil.appengine_info.DEBUG', False) def test_inbox_verify_http_signature(self, mock_common_log, mock_activitypub_log, _, mock_get, ___): # actor with a public key