kopia lustrzana https://gitlab.com/jaywink/federation
Merge branch 'local-signing' into 'master'
Make sure AP post requests are signed by a local user when forwarding. See merge request jaywink/federation!172cache-control
commit
0051cee3eb
|
@ -55,6 +55,8 @@
|
|||
|
||||
* Signatures are not verified and the corresponding payload is dropped if no public key is found.
|
||||
|
||||
* Sign forwarded AP replies and shares with the target content author's private key.
|
||||
|
||||
### Internal changes
|
||||
|
||||
* Dropped python 3.6 support.
|
||||
|
|
|
@ -132,7 +132,10 @@ def handle_send(
|
|||
]
|
||||
:arg parent_user: (Optional) User object of the parent object, if there is one. This must be given for the
|
||||
Diaspora protocol if a parent object exists, so that a proper ``parent_author_signature`` can
|
||||
be generated. If given, the payload will be sent as this user.
|
||||
be generated. If given, the payload will be sent as this user. For Activitypub, the
|
||||
parent_user's private key will be used to generate the http signature if the author_user
|
||||
is not a local user.
|
||||
|
||||
:arg payload_logger: (Optional) Function to log the payloads with.
|
||||
"""
|
||||
payloads = []
|
||||
|
@ -221,8 +224,10 @@ def handle_send(
|
|||
}
|
||||
)
|
||||
continue
|
||||
# The parent_user MUST be local
|
||||
local_user = author_user if author_user.rsa_private_key else parent_user
|
||||
payloads.append({
|
||||
"auth": get_http_authentication(author_user.rsa_private_key, f"{author_user.id}#main-key"),
|
||||
"auth": get_http_authentication(local_user.rsa_private_key, f"{local_user.id}#main-key"),
|
||||
"headers": {
|
||||
"Content-Type": 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
|
||||
},
|
||||
|
|
|
@ -23,7 +23,7 @@ def get_configuration():
|
|||
}
|
||||
try:
|
||||
configuration.update(settings.FEDERATION)
|
||||
except ImproperlyConfigured:
|
||||
except (ModuleNotFoundError, ImproperlyConfigured):
|
||||
# Django is not properly configured, return defaults
|
||||
return configuration
|
||||
if not all([
|
||||
|
|
Ładowanie…
Reference in New Issue