funkwhale/api/funkwhale_api/federation/authentication.py

import cryptography
from django.contrib.auth.models import AnonymousUser
from rest_framework import authentication, exceptions

from . import actors, keys, signing, utils


class SignatureAuthentication(authentication.BaseAuthentication):
    def authenticate_actor(self, request):
        headers = utils.clean_wsgi_headers(request.META)
        try:
            signature = headers["Signature"]
            key_id = keys.get_key_id_from_signature_header(signature)
        except KeyError:
            return
        except ValueError as e:
            raise exceptions.AuthenticationFailed(str(e))

        try:
            actor = actors.get_actor(key_id.split("#")[0])
        except Exception as e:
            raise exceptions.AuthenticationFailed(str(e))

        if not actor.public_key:
            raise exceptions.AuthenticationFailed("No public key found")

        try:
            signing.verify_django(request, actor.public_key.encode("utf-8"))
        except cryptography.exceptions.InvalidSignature:
            raise exceptions.AuthenticationFailed("Invalid signature")

        return actor

    def authenticate(self, request):
        setattr(request, "actor", None)
        actor = self.authenticate_actor(request)
        if not actor:
            return
        user = AnonymousUser()
        setattr(request, "actor", actor)
        return (user, None)
Can now have multiple system actors We also handle webfinger/activity serialization properly 2018-03-31 13:47:21 +00:00			`import cryptography`
			`from django.contrib.auth.models import AnonymousUser`
See #297: sorted imports 2018-06-10 08:55:16 +00:00			`from rest_framework import authentication, exceptions`
Can now have multiple system actors We also handle webfinger/activity serialization properly 2018-03-31 13:47:21 +00:00
See #297: sorted imports 2018-06-10 08:55:16 +00:00			`from . import actors, keys, signing, utils`
Can now have multiple system actors We also handle webfinger/activity serialization properly 2018-03-31 13:47:21 +00:00

			`class SignatureAuthentication(authentication.BaseAuthentication):`
Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`def authenticate_actor(self, request):`
			`headers = utils.clean_wsgi_headers(request.META)`
Can now have multiple system actors We also handle webfinger/activity serialization properly 2018-03-31 13:47:21 +00:00			`try:`
Blacked the code 2018-06-09 13:36:16 +00:00			`signature = headers["Signature"]`
Can now have multiple system actors We also handle webfinger/activity serialization properly 2018-03-31 13:47:21 +00:00			`key_id = keys.get_key_id_from_signature_header(signature)`
			`except KeyError:`
Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`return`
Can now have multiple system actors We also handle webfinger/activity serialization properly 2018-03-31 13:47:21 +00:00			`except ValueError as e:`
			`raise exceptions.AuthenticationFailed(str(e))`

			`try:`
Blacked the code 2018-06-09 13:36:16 +00:00			`actor = actors.get_actor(key_id.split("#")[0])`
Can now have multiple system actors We also handle webfinger/activity serialization properly 2018-03-31 13:47:21 +00:00			`except Exception as e:`
			`raise exceptions.AuthenticationFailed(str(e))`

Avoid fetching Actor object on every request authentication 2018-04-27 22:25:47 +00:00			`if not actor.public_key:`
Blacked the code 2018-06-09 13:36:16 +00:00			`raise exceptions.AuthenticationFailed("No public key found")`
Can now have multiple system actors We also handle webfinger/activity serialization properly 2018-03-31 13:47:21 +00:00
			`try:`
Blacked the code 2018-06-09 13:36:16 +00:00			`signing.verify_django(request, actor.public_key.encode("utf-8"))`
Can now have multiple system actors We also handle webfinger/activity serialization properly 2018-03-31 13:47:21 +00:00			`except cryptography.exceptions.InvalidSignature:`
Blacked the code 2018-06-09 13:36:16 +00:00			`raise exceptions.AuthenticationFailed("Invalid signature")`
Can now have multiple system actors We also handle webfinger/activity serialization properly 2018-03-31 13:47:21 +00:00
Avoid fetching Actor object on every request authentication 2018-04-27 22:25:47 +00:00			`return actor`
Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00
			`def authenticate(self, request):`
Blacked the code 2018-06-09 13:36:16 +00:00			`setattr(request, "actor", None)`
Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`actor = self.authenticate_actor(request)`
Can now serve track from remote library 2018-04-07 13:34:35 +00:00			`if not actor:`
			`return`
Can now have multiple system actors We also handle webfinger/activity serialization properly 2018-03-31 13:47:21 +00:00			`user = AnonymousUser()`
Blacked the code 2018-06-09 13:36:16 +00:00			`setattr(request, "actor", actor)`
Can now have multiple system actors We also handle webfinger/activity serialization properly 2018-03-31 13:47:21 +00:00			`return (user, None)`