Accept hs2019 in signatures (#529)

Fixes part of federation with GoToSocial - this is just a different name for the same algorithm.
2023-03-03 08:18:11 -08:00 · 2023-03-03 08:18:11 -08:00 · 78eacf165e
parent 552a150e57
commit 78eacf165e
1 changed files with 6 additions and 1 deletions
--- a/core/signatures.py
+++ b/core/signatures.py
@ -160,7 +160,12 @@ class HttpSignature:
            raise VerificationFormatError("No signature header present")
        signature_details = cls.parse_signature(request.headers["signature"])
        # Reject unknown algorithms
-        if signature_details["algorithm"] != "rsa-sha256":
+        # hs2019 is used by some libraries to obfuscate the real algorithm per the spec
+        # https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12
+        if (
+            signature_details["algorithm"] != "rsa-sha256"
+            and signature_details["algorithm"] != "hs2019"
+        ):
            raise VerificationFormatError("Unknown signature algorithm")
        # Create the signature payload
        headers_string = cls.headers_from_request(request, signature_details["headers"])