Accept hs2019 in signatures (#529)

Fixes part of federation with GoToSocial - this is just a different name for the same algorithm.
This commit is contained in:
Kelson Vibber 2023-03-03 08:18:11 -08:00 committed by GitHub
parent 552a150e57
commit 78eacf165e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions

View File

@ -160,7 +160,12 @@ class HttpSignature:
raise VerificationFormatError("No signature header present") raise VerificationFormatError("No signature header present")
signature_details = cls.parse_signature(request.headers["signature"]) signature_details = cls.parse_signature(request.headers["signature"])
# Reject unknown algorithms # Reject unknown algorithms
if signature_details["algorithm"] != "rsa-sha256": # hs2019 is used by some libraries to obfuscate the real algorithm per the spec
# https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12
if (
signature_details["algorithm"] != "rsa-sha256"
and signature_details["algorithm"] != "hs2019"
):
raise VerificationFormatError("Unknown signature algorithm") raise VerificationFormatError("Unknown signature algorithm")
# Create the signature payload # Create the signature payload
headers_string = cls.headers_from_request(request, signature_details["headers"]) headers_string = cls.headers_from_request(request, signature_details["headers"])