kopia lustrzana https://github.com/snarfed/bridgy-fed
ActivityPub.signed_request: handle redirects to relative URLs
fixes https://console.cloud.google.com/errors/detail/COLi8YPesYOztwE;time=P30D?project=bridgy-federatedcircle
rodzic
58a8e28040
commit
80d1ec745e
|
@ -3,7 +3,7 @@ from base64 import b64encode
|
|||
from hashlib import sha256
|
||||
import itertools
|
||||
import logging
|
||||
from urllib.parse import quote_plus
|
||||
from urllib.parse import quote_plus, urljoin
|
||||
|
||||
from flask import abort, g, request
|
||||
from google.cloud import ndb
|
||||
|
@ -435,8 +435,9 @@ def signed_request(fn, url, data=None, log_data=True, headers=None, **kwargs):
|
|||
|
||||
# handle GET redirects manually so that we generate a new HTTP signature
|
||||
if resp.is_redirect and fn == util.requests_get:
|
||||
return signed_request(fn, resp.headers['Location'], data=data,
|
||||
headers=headers, log_data=log_data, **kwargs)
|
||||
new_url = urljoin(url, resp.headers['Location'])
|
||||
return signed_request(fn, new_url, data=data, headers=headers,
|
||||
log_data=log_data, **kwargs)
|
||||
|
||||
type = common.content_type(resp)
|
||||
if (type and type != 'text/html' and
|
||||
|
|
|
@ -1682,7 +1682,25 @@ class ActivityPubUtilsTest(TestCase):
|
|||
first = mock_get.call_args_list[0][1]
|
||||
second = mock_get.call_args_list[1][1]
|
||||
self.assertNotEqual(first['headers'], second['headers'])
|
||||
self.assertNotEqual(
|
||||
|
||||
@patch('requests.get')
|
||||
def test_signed_get_redirects_to_relative_url(self, mock_get):
|
||||
mock_get.side_effect = [
|
||||
# redirected URL is relative, we have to resolve it
|
||||
requests_response(status=302, redirected_url='/second',
|
||||
allow_redirects=False),
|
||||
requests_response(status=200, allow_redirects=False),
|
||||
]
|
||||
activitypub.signed_get('https://first')
|
||||
|
||||
self.assertEqual(('https://first/second',), mock_get.call_args_list[1][0])
|
||||
|
||||
first = mock_get.call_args_list[0][1]
|
||||
second = mock_get.call_args_list[1][1]
|
||||
|
||||
# headers are equal because host is the same
|
||||
self.assertEqual(first['headers'], second['headers'])
|
||||
self.assertEqual(
|
||||
first['auth'].header_signer.sign(first['headers'], method='GET', path='/'),
|
||||
second['auth'].header_signer.sign(second['headers'], method='GET', path='/'))
|
||||
|
||||
|
|
Ładowanie…
Reference in New Issue