mirror of
https://github.com/jointakahe/takahe.git
synced 2024-11-26 01:01:00 +00:00
Fixed #615: Nicely reject malformatted http signatures
This commit is contained in:
parent
d6cdcb1d83
commit
1dd076ff7d
2 changed files with 33 additions and 6 deletions
|
@ -103,12 +103,18 @@ class HttpSignature:
|
||||||
name, value = item.split("=", 1)
|
name, value = item.split("=", 1)
|
||||||
value = value.strip('"')
|
value = value.strip('"')
|
||||||
bits[name.lower()] = value
|
bits[name.lower()] = value
|
||||||
|
try:
|
||||||
signature_details: HttpSignatureDetails = {
|
signature_details: HttpSignatureDetails = {
|
||||||
"headers": bits["headers"].split(),
|
"headers": bits["headers"].split(),
|
||||||
"signature": base64.b64decode(bits["signature"]),
|
"signature": base64.b64decode(bits["signature"]),
|
||||||
"algorithm": bits["algorithm"],
|
"algorithm": bits["algorithm"],
|
||||||
"keyid": bits["keyid"],
|
"keyid": bits["keyid"],
|
||||||
}
|
}
|
||||||
|
except KeyError as e:
|
||||||
|
key_names = " ".join(bits.keys())
|
||||||
|
raise VerificationError(
|
||||||
|
f"Missing item from details (have: {key_names}, error: {e})"
|
||||||
|
)
|
||||||
return signature_details
|
return signature_details
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
|
|
|
@ -111,3 +111,24 @@ def test_verify_http(keypair):
|
||||||
)
|
)
|
||||||
# Verify that
|
# Verify that
|
||||||
HttpSignature.verify_request(fake_request, keypair["public_key"], skip_date=True)
|
HttpSignature.verify_request(fake_request, keypair["public_key"], skip_date=True)
|
||||||
|
|
||||||
|
|
||||||
|
def test_verify_http_bad_signature(keypair):
|
||||||
|
"""
|
||||||
|
Tests that a signature missing the algorithm does not work
|
||||||
|
"""
|
||||||
|
# Make our predictable request
|
||||||
|
fake_request = RequestFactory().post(
|
||||||
|
path="/test-actor",
|
||||||
|
data=b'{"id": "https://example.com/test-create", "type": "Create", "actor": "https://example.com/test-actor", "object": {"id": "https://example.com/test-object", "type": "Note"}}',
|
||||||
|
content_type="application/json",
|
||||||
|
HTTP_HOST="example.com",
|
||||||
|
HTTP_DATE="Sat, 12 Nov 2022 21:57:18 GMT",
|
||||||
|
HTTP_SIGNATURE='keyId="https://example.com/test-actor#test-key",headers="(request-target) host date digest content-type",signature="IRduYoDJIh90mprjUgOIdxY1iaBWHs5ou9vsDlcmSekg6DXMZTiXjmZxbNIrnpEbNFu3wTcqz1nv9H97Gp7orbYMuHm6j2ecxsvzSr37T9jxBbt3Ov3xSfuYWwhv6PuTWNxHtUQWNuAIc3wHDAQt8Flnak/uHe7swoAq4uHq2kt18iMW6CEV9XA5ESFho2HSUgRaifoNxJlIWbHYPJiP0t9aktgGBkpQoZ8ulOj3Ew4RwC1lwk9kzWiLIjU4tSAie8RbIy2g0aUvA1tQh9Uge1by3o7+349SL5iooj+B6WSCEvvjEl52wo3xoEQmv0ptYuSPLUgB9tP8q7DoHEc8Dw=="',
|
||||||
|
HTTP_DIGEST="SHA-256=07sIbQ3GlOHWMbFMNajtPNtmUQXXu20UuvrIYLlI3kc=",
|
||||||
|
)
|
||||||
|
# Verify that
|
||||||
|
with pytest.raises(VerificationError):
|
||||||
|
HttpSignature.verify_request(
|
||||||
|
fake_request, keypair["public_key"], skip_date=True
|
||||||
|
)
|
||||||
|
|
Loading…
Reference in a new issue