Basic logic for signing/verifying requests

2018-03-24 15:20:15 +01:00 · 2018-03-24 15:20:15 +01:00 · aa7365b71f
commit aa7365b71f
parent ae65190364
7 changed files with 98 additions and 2 deletions
--- a/api/tests/conftest.py
+++ b/api/tests/conftest.py
@ -31,7 +31,11 @@ def cache():
 def factories(db):
    from funkwhale_api import factories
    for v in factories.registry.values():
-        v._meta.strategy = factory.CREATE_STRATEGY
+        try:
+            v._meta.strategy = factory.CREATE_STRATEGY
+        except AttributeError:
+            # probably not a class based factory
+            pass
    yield factories.registry


@ -39,7 +43,11 @@ def factories(db):
 def nodb_factories():
    from funkwhale_api import factories
    for v in factories.registry.values():
-        v._meta.strategy = factory.BUILD_STRATEGY
+        try:
+            v._meta.strategy = factory.BUILD_STRATEGY
+        except AttributeError:
+            # probably not a class based factory
+            pass
    yield factories.registry


--- a/api/tests/federation/test_signing.py
+++ b/api/tests/federation/test_signing.py
@ -0,0 +1,34 @@
+import cryptography.exceptions
+import io
+import pytest
+import requests_http_signature
+
+from funkwhale_api.federation import signing
+
+
+def test_can_sign_and_verify_request(factories):
+    private, public = factories['federation.KeyPair']()
+    auth = factories['federation.SignatureAuth'](key=private)
+    request = factories['federation.SignedRequest'](
+        auth=auth
+    )
+    prepared_request = request.prepare()
+    assert 'date' in prepared_request.headers
+    assert 'authorization' in prepared_request.headers
+    assert prepared_request.headers['authorization'].startswith('Signature')
+    assert requests_http_signature.HTTPSignatureAuth.verify(
+        prepared_request,
+        key_resolver=lambda **kwargs: public
+    ) is None
+
+
+def test_verify_fails_with_wrong_key(factories):
+    wrong_private, wrong_public = factories['federation.KeyPair']()
+    request = factories['federation.SignedRequest']()
+    prepared_request = request.prepare()
+
+    with pytest.raises(cryptography.exceptions.InvalidSignature):
+        requests_http_signature.HTTPSignatureAuth.verify(
+            prepared_request,
+            key_resolver=lambda **kwargs: wrong_public
+        )