Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for latest HTTP Signatures spec draft #14556

Merged
merged 8 commits into from
Aug 24, 2020
Merged

Add support for latest HTTP Signatures spec draft #14556

Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
99da98e
Add support for latest HTTP Signatures spec draft
ClearlyClaire Aug 10, 2020
daa39a1
Add additional signature requirements
ClearlyClaire Aug 11, 2020
3615e31
Rewrite signature params parsing using Parslet
ClearlyClaire Aug 12, 2020
51c26fc
Make apparent which signature algorithm Mastodon on verification failure
ClearlyClaire Aug 12, 2020
bdd6f6a
Add workaround for PeerTube's invalid signature header
ClearlyClaire Aug 13, 2020
0553801
Fix `signature_key_id` raising an exception
ClearlyClaire Aug 14, 2020
24a8e3c
Move extra HTTP signature helper methods to private methods
ClearlyClaire Aug 14, 2020
4bd6ef4
Relax (request-target) requirement to (request-target) || digest
ClearlyClaire Aug 14, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Move extra HTTP signature helper methods to private methods
  • Loading branch information
@ClearlyClaire
ClearlyClaire committed Aug 14, 2020
commit 24a8e3cbe16a505fba03c318baf6b477ac239f8c
36 changes: 18 additions & 18 deletions app/controllers/concerns/signature_verification.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,24 +67,6 @@ def signature_key_id
nil
end

def signature_algorithm
signature_params.fetch('algorithm', 'hs2019')
end

def signed_headers
signature_params.fetch('headers', signature_algorithm == 'hs2019' ? '(created)' : 'date').downcase.split(' ')
end

def signature_params
@signature_params ||= begin
raw_signature = request.headers['Signature']
tree = SignatureParamsParser.new.parse(raw_signature)
SignatureParamsTransformer.new.apply(tree)
end
rescue Parslet::ParseFailed
raise SignatureVerificationError, 'Error parsing signature parameters'
end

def signed_request_account
return @signed_request_account if defined?(@signed_request_account)

Expand Down Expand Up @@ -123,6 +105,24 @@ def request_body

private

def signature_params
@signature_params ||= begin
raw_signature = request.headers['Signature']
tree = SignatureParamsParser.new.parse(raw_signature)
SignatureParamsTransformer.new.apply(tree)
end
rescue Parslet::ParseFailed
raise SignatureVerificationError, 'Error parsing signature parameters'
end

def signature_algorithm
signature_params.fetch('algorithm', 'hs2019')
end

def signed_headers
signature_params.fetch('headers', signature_algorithm == 'hs2019' ? '(created)' : 'date').downcase.split(' ')
end

def verify_signature_strength!
raise SignatureVerificationError, 'Mastodon requires the Date header or (created) pseudo-header to be signed' unless signed_headers.include?('date') || signed_headers.include?('(created)')
raise SignatureVerificationError, 'Mastodon requires the (request-target) pseudo-header to be signed' unless signed_headers.include?(Request::REQUEST_TARGET)
Expand Down