kopia lustrzana https://github.com/snarfed/bridgy-fed
HTTP Signature verification: bug fix, use actual HTTP method
rodzic
8f03c0aad3
commit
65bbc6751e
|
@ -162,9 +162,10 @@ def inbox(domain=None):
|
|||
else:
|
||||
key_actor = json_loads(common.get_object(keyId, user=user).as2)
|
||||
key = key_actor.get("publicKey", {}).get('publicKeyPem')
|
||||
logger.info(f'Verifying signature for {request.path} with key {key}')
|
||||
try:
|
||||
if HeaderVerifier(request.headers, key, method='GET', path=request.path,
|
||||
required_headers=common.HTTP_SIG_HEADERS,
|
||||
if HeaderVerifier(request.headers, key, required_headers=['Digest'],
|
||||
method=request.method, path=request.path,
|
||||
sign_header='signature').verify():
|
||||
logger.info('HTTP Signature verified!')
|
||||
else:
|
||||
|
|
|
@ -29,11 +29,8 @@ from models import Follower, Object, Target, User
|
|||
logger = logging.getLogger(__name__)
|
||||
|
||||
DOMAIN_RE = r'[^/:]+\.[^/:]+'
|
||||
ACCT_RE = f'(?:acct:)?([^@]+)@({DOMAIN_RE})'
|
||||
TLD_BLOCKLIST = ('7z', 'asp', 'aspx', 'gif', 'html', 'ico', 'jpg', 'jpeg', 'js',
|
||||
'json', 'php', 'png', 'rar', 'txt', 'yaml', 'yml', 'zip')
|
||||
XML_UTF8 = "<?xml version='1.0' encoding='UTF-8'?>\n"
|
||||
LINK_HEADER_RE = re.compile(r""" *< *([^ >]+) *> *; *rel=['"]([^'"]+)['"] *""")
|
||||
|
||||
CONTENT_TYPE_LD_PLAIN = 'application/ld+json'
|
||||
CONTENT_TYPE_HTML = 'text/html; charset=utf-8'
|
||||
|
|
|
@ -9,7 +9,7 @@ from unittest.mock import ANY, call, patch
|
|||
|
||||
from google.cloud import ndb
|
||||
from granary import as2
|
||||
from httpsig import HeaderSigner, HeaderVerifier
|
||||
from httpsig import HeaderSigner
|
||||
from oauth_dropins.webutil import util
|
||||
from oauth_dropins.webutil.testutil import requests_response
|
||||
from oauth_dropins.webutil.util import json_dumps, json_loads
|
||||
|
@ -726,7 +726,7 @@ class ActivityPubTest(testutil.TestCase):
|
|||
hs = HeaderSigner('http://my/key/id#unused', self.user.private_pem().decode(),
|
||||
algorithm='rsa-sha256', sign_header='signature',
|
||||
headers=('Date', 'Host', 'Digest', '(request-target)'))
|
||||
headers = hs.sign(headers, method='GET', path='/inbox')
|
||||
headers = hs.sign(headers, method='POST', path='/inbox')
|
||||
|
||||
# valid signature
|
||||
resp = self.client.post('/inbox', data=body, headers=headers)
|
||||
|
|
Ładowanie…
Reference in New Issue