j3d1/toolshed
1
0
Fork 0
Code Issues 9 Pull requests 1 Projects Releases Packages Wiki Activity
toolshed/backend/authentication/signature_auth.py
jedi 12191369b7 add authentication app
2023-06-16 19:28:36 +02:00

68 lines
2.4 KiB
Python
Raw Blame History

from rest_framework import authentication
from authentication.models import ToolshedUser
def split_userhandle_or_throw(userhandle):
if '@' not in userhandle:
raise ValueError('Userhandle must be in the format username@domain')
username, domain = userhandle.split('@')
if not username:
raise ValueError('Username cannot be empty')
if not domain:
raise ValueError('Domain cannot be empty')
return username, domain
def verify_request(request, raw_request_body):
authentication_header = request.META.get('HTTP_AUTHORIZATION')
if not authentication_header:
raise ValueError('No authentication header provided')
if not authentication_header.startswith('Signature '):
raise ValueError('Authorization header must be in the format "Signature author@domain:signature_hex[128]"')
signature = authentication_header.split('Signature ')[1]
if ':' not in signature:
raise ValueError('Authorization header must be in the format "Signature author@domain:signature_hex[128]"')
author = signature.split(':')[0]
signature_bytes_hex = signature.split(':')[1]
if not author or not signature_bytes_hex or len(signature_bytes_hex) != 128:
raise ValueError('Authorization header must be in the format "Signature author@domain:signature_hex[128]"')
username, domain = split_userhandle_or_throw(author)
signed_data = request.build_absolute_uri()
if request.method == 'POST':
signed_data += raw_request_body
elif request.method == 'PUT':
signed_data += raw_request_body
elif request.method == 'PATCH':
signed_data += raw_request_body
return username, domain, signed_data, signature_bytes_hex
def authenticate_request_against_local_users(request, raw_request_body):
try:
username, domain, signed_data, signature_bytes_hex = verify_request(request, raw_request_body)
except ValueError:
return None
try:
author_user = ToolshedUser.objects.get(username=username, domain=domain)
except ToolshedUser.DoesNotExist:
return None
if author_user.public_identity.verify(signed_data, signature_bytes_hex):
return author_user
else:
return None
class SignatureAuthenticationLocal(authentication.BaseAuthentication):
def authenticate(self, request):
return authenticate_request_against_local_users(
request, request.body.decode('utf-8')), None
Reference in a new issue View git blame Copy permalink