funkwhale/api/tests/federation/test_signing.py

import cryptography.exceptions
import io
import pytest
import requests_http_signature

from funkwhale_api.federation import signing
from funkwhale_api.federation import keys


def test_can_sign_and_verify_request(nodb_factories):
    private, public = nodb_factories['federation.KeyPair']()
    auth = nodb_factories['federation.SignatureAuth'](key=private)
    request = nodb_factories['federation.SignedRequest'](
        auth=auth
    )
    prepared_request = request.prepare()
    assert 'date' in prepared_request.headers
    assert 'signature' in prepared_request.headers
    assert signing.verify(
        prepared_request, public) is None


def test_can_sign_and_verify_request_digest(nodb_factories):
    private, public = nodb_factories['federation.KeyPair']()
    auth = nodb_factories['federation.SignatureAuth'](key=private)
    request = nodb_factories['federation.SignedRequest'](
        auth=auth,
        method='post',
        data=b'hello=world'
    )
    prepared_request = request.prepare()
    assert 'date' in prepared_request.headers
    assert 'digest' in prepared_request.headers
    assert 'signature' in prepared_request.headers
    assert signing.verify(prepared_request, public) is None


def test_verify_fails_with_wrong_key(nodb_factories):
    wrong_private, wrong_public = nodb_factories['federation.KeyPair']()
    request = nodb_factories['federation.SignedRequest']()
    prepared_request = request.prepare()

    with pytest.raises(cryptography.exceptions.InvalidSignature):
        signing.verify(prepared_request, wrong_public)


def test_can_verify_django_request(factories, fake_request):
    private_key, public_key = keys.get_key_pair()
    signed_request = factories['federation.SignedRequest'](
        auth__key=private_key,
        auth__headers=[
            'date',
        ]
    )
    prepared = signed_request.prepare()
    django_request = fake_request.get(
        '/',
        **{
            'HTTP_DATE': prepared.headers['date'],
            'HTTP_SIGNATURE': prepared.headers['signature'],
        }
    )
    assert signing.verify_django(django_request, public_key) is None


def test_can_verify_django_request_digest(factories, fake_request):
    private_key, public_key = keys.get_key_pair()
    signed_request = factories['federation.SignedRequest'](
        auth__key=private_key,
        method='post',
        data=b'hello=world',
        auth__headers=[
            'date',
            'digest',
        ]
    )
    prepared = signed_request.prepare()
    django_request = fake_request.post(
        '/',
        **{
            'HTTP_DATE': prepared.headers['date'],
            'HTTP_DIGEST': prepared.headers['digest'],
            'HTTP_SIGNATURE': prepared.headers['signature'],
        }
    )

    assert signing.verify_django(django_request, public_key) is None


def test_can_verify_django_request_digest_failure(factories, fake_request):
    private_key, public_key = keys.get_key_pair()
    signed_request = factories['federation.SignedRequest'](
        auth__key=private_key,
        method='post',
        data=b'hello=world',
        auth__headers=[
            'date',
            'digest',
        ]
    )
    prepared = signed_request.prepare()
    django_request = fake_request.post(
        '/',
        **{
            'HTTP_DATE': prepared.headers['date'],
            'HTTP_DIGEST': prepared.headers['digest'] + 'noop',
            'HTTP_SIGNATURE': prepared.headers['signature'],
        }
    )

    with pytest.raises(cryptography.exceptions.InvalidSignature):
        signing.verify_django(django_request, public_key)


def test_can_verify_django_request_failure(factories, fake_request):
    private_key, public_key = keys.get_key_pair()
    signed_request = factories['federation.SignedRequest'](
        auth__key=private_key,
        auth__headers=[
            'date',
        ]
    )
    prepared = signed_request.prepare()
    django_request = fake_request.get(
        '/',
        **{
            'HTTP_DATE': 'Wrong',
            'HTTP_SIGNATURE': prepared.headers['signature'],
        }
    )
    with pytest.raises(cryptography.exceptions.InvalidSignature):
        signing.verify_django(django_request, public_key)
Basic logic for signing/verifying requests 2018-03-24 14:20:15 +00:00			`import cryptography.exceptions`
			`import io`
			`import pytest`
			`import requests_http_signature`

			`from funkwhale_api.federation import signing`
Can now fetch public key from actor url 2018-03-28 16:04:21 +00:00			`from funkwhale_api.federation import keys`
Basic logic for signing/verifying requests 2018-03-24 14:20:15 +00:00

Use own requests-http-signing to be compatible with Signature header 2018-03-30 19:59:58 +00:00			`def test_can_sign_and_verify_request(nodb_factories):`
			`private, public = nodb_factories['federation.KeyPair']()`
			`auth = nodb_factories['federation.SignatureAuth'](key=private)`
			`request = nodb_factories['federation.SignedRequest'](`
Basic logic for signing/verifying requests 2018-03-24 14:20:15 +00:00			`auth=auth`
			`)`
			`prepared_request = request.prepare()`
			`assert 'date' in prepared_request.headers`
Use own requests-http-signing to be compatible with Signature header 2018-03-30 19:59:58 +00:00			`assert 'signature' in prepared_request.headers`
			`assert signing.verify(`
			`prepared_request, public) is None`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00

Use own requests-http-signing to be compatible with Signature header 2018-03-30 19:59:58 +00:00			`def test_can_sign_and_verify_request_digest(nodb_factories):`
			`private, public = nodb_factories['federation.KeyPair']()`
			`auth = nodb_factories['federation.SignatureAuth'](key=private)`
			`request = nodb_factories['federation.SignedRequest'](`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`auth=auth,`
			`method='post',`
			`data=b'hello=world'`
			`)`
			`prepared_request = request.prepare()`
			`assert 'date' in prepared_request.headers`
			`assert 'digest' in prepared_request.headers`
Use own requests-http-signing to be compatible with Signature header 2018-03-30 19:59:58 +00:00			`assert 'signature' in prepared_request.headers`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`assert signing.verify(prepared_request, public) is None`
Basic logic for signing/verifying requests 2018-03-24 14:20:15 +00:00

Use own requests-http-signing to be compatible with Signature header 2018-03-30 19:59:58 +00:00			`def test_verify_fails_with_wrong_key(nodb_factories):`
			`wrong_private, wrong_public = nodb_factories['federation.KeyPair']()`
			`request = nodb_factories['federation.SignedRequest']()`
Basic logic for signing/verifying requests 2018-03-24 14:20:15 +00:00			`prepared_request = request.prepare()`

			`with pytest.raises(cryptography.exceptions.InvalidSignature):`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`signing.verify(prepared_request, wrong_public)`


Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`def test_can_verify_django_request(factories, fake_request):`
Can now fetch public key from actor url 2018-03-28 16:04:21 +00:00			`private_key, public_key = keys.get_key_pair()`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`signed_request = factories['federation.SignedRequest'](`
Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`auth__key=private_key,`
			`auth__headers=[`
			`'date',`
			`]`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`)`
			`prepared = signed_request.prepare()`
Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`django_request = fake_request.get(`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`'/',`
Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`**{`
			`'HTTP_DATE': prepared.headers['date'],`
			`'HTTP_SIGNATURE': prepared.headers['signature'],`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`}`
			`)`
			`assert signing.verify_django(django_request, public_key) is None`


Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`def test_can_verify_django_request_digest(factories, fake_request):`
Can now fetch public key from actor url 2018-03-28 16:04:21 +00:00			`private_key, public_key = keys.get_key_pair()`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`signed_request = factories['federation.SignedRequest'](`
			`auth__key=private_key,`
			`method='post',`
Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`data=b'hello=world',`
			`auth__headers=[`
			`'date',`
			`'digest',`
			`]`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`)`
			`prepared = signed_request.prepare()`
Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`django_request = fake_request.post(`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`'/',`
Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`**{`
			`'HTTP_DATE': prepared.headers['date'],`
			`'HTTP_DIGEST': prepared.headers['digest'],`
			`'HTTP_SIGNATURE': prepared.headers['signature'],`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`}`
			`)`

			`assert signing.verify_django(django_request, public_key) is None`


Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`def test_can_verify_django_request_digest_failure(factories, fake_request):`
Can now fetch public key from actor url 2018-03-28 16:04:21 +00:00			`private_key, public_key = keys.get_key_pair()`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`signed_request = factories['federation.SignedRequest'](`
			`auth__key=private_key,`
			`method='post',`
Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`data=b'hello=world',`
			`auth__headers=[`
			`'date',`
			`'digest',`
			`]`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`)`
			`prepared = signed_request.prepare()`
Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`django_request = fake_request.post(`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`'/',`
Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`**{`
			`'HTTP_DATE': prepared.headers['date'],`
			`'HTTP_DIGEST': prepared.headers['digest'] + 'noop',`
			`'HTTP_SIGNATURE': prepared.headers['signature'],`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`}`
			`)`

			`with pytest.raises(cryptography.exceptions.InvalidSignature):`
			`signing.verify_django(django_request, public_key)`


Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`def test_can_verify_django_request_failure(factories, fake_request):`
Can now fetch public key from actor url 2018-03-28 16:04:21 +00:00			`private_key, public_key = keys.get_key_pair()`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`signed_request = factories['federation.SignedRequest'](`
Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`auth__key=private_key,`
			`auth__headers=[`
			`'date',`
			`]`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`)`
			`prepared = signed_request.prepare()`
Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`django_request = fake_request.get(`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`'/',`
Fixed inconsistencies between test and prod requests 2018-03-31 16:40:41 +00:00			`**{`
			`'HTTP_DATE': 'Wrong',`
			`'HTTP_SIGNATURE': prepared.headers['signature'],`
More test cases for request signing and added helpers to verify signature 2018-03-24 15:24:10 +00:00			`}`
			`)`
			`with pytest.raises(cryptography.exceptions.InvalidSignature):`
			`signing.verify_django(django_request, public_key)`