2018-03-31 16:40:41 +00:00
|
|
|
import logging
|
2018-03-24 15:24:10 +00:00
|
|
|
import requests
|
|
|
|
import requests_http_signature
|
|
|
|
|
2018-03-31 16:40:41 +00:00
|
|
|
from . import exceptions
|
|
|
|
from . import utils
|
|
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
2018-03-24 15:24:10 +00:00
|
|
|
|
|
|
|
def verify(request, public_key):
|
|
|
|
return requests_http_signature.HTTPSignatureAuth.verify(
|
|
|
|
request,
|
2018-03-30 19:59:58 +00:00
|
|
|
key_resolver=lambda **kwargs: public_key,
|
|
|
|
use_auth_header=False,
|
2018-03-24 15:24:10 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
def verify_django(django_request, public_key):
|
|
|
|
"""
|
|
|
|
Given a django WSGI request, create an underlying requests.PreparedRequest
|
|
|
|
instance we can verify
|
|
|
|
"""
|
2018-03-31 16:40:41 +00:00
|
|
|
headers = utils.clean_wsgi_headers(django_request.META)
|
2018-03-24 15:24:10 +00:00
|
|
|
for h, v in list(headers.items()):
|
|
|
|
# we include lower-cased version of the headers for compatibility
|
|
|
|
# with requests_http_signature
|
|
|
|
headers[h.lower()] = v
|
|
|
|
try:
|
2018-03-31 16:40:41 +00:00
|
|
|
signature = headers['Signature']
|
2018-03-24 15:24:10 +00:00
|
|
|
except KeyError:
|
|
|
|
raise exceptions.MissingSignature
|
2018-03-31 16:40:41 +00:00
|
|
|
url = 'http://noop{}'.format(django_request.path)
|
|
|
|
query = django_request.META['QUERY_STRING']
|
|
|
|
if query:
|
|
|
|
url += '?{}'.format(query)
|
|
|
|
signature_headers = signature.split('headers="')[1].split('",')[0]
|
|
|
|
expected = signature_headers.split(' ')
|
|
|
|
logger.debug('Signature expected headers: %s', expected)
|
|
|
|
for header in expected:
|
|
|
|
try:
|
|
|
|
headers[header]
|
|
|
|
except KeyError:
|
|
|
|
logger.debug('Missing header: %s', header)
|
2018-03-24 15:24:10 +00:00
|
|
|
request = requests.Request(
|
|
|
|
method=django_request.method,
|
2018-03-31 16:40:41 +00:00
|
|
|
url=url,
|
2018-03-24 15:24:10 +00:00
|
|
|
data=django_request.body,
|
|
|
|
headers=headers)
|
2018-03-31 16:40:41 +00:00
|
|
|
for h in request.headers.keys():
|
|
|
|
v = request.headers[h]
|
|
|
|
if v:
|
|
|
|
request.headers[h] = str(v)
|
2018-03-24 15:24:10 +00:00
|
|
|
prepared_request = request.prepare()
|
|
|
|
return verify(request, public_key)
|
2018-04-07 13:34:35 +00:00
|
|
|
|
|
|
|
|
|
|
|
def get_auth(private_key, private_key_id):
|
|
|
|
return requests_http_signature.HTTPSignatureAuth(
|
|
|
|
use_auth_header=False,
|
|
|
|
headers=[
|
|
|
|
'(request-target)',
|
|
|
|
'user-agent',
|
|
|
|
'host',
|
|
|
|
'date',
|
|
|
|
'content-type'],
|
|
|
|
algorithm='rsa-sha256',
|
|
|
|
key=private_key.encode('utf-8'),
|
|
|
|
key_id=private_key_id,
|
|
|
|
)
|