From 09b1e7a007fed608d387c4dc2a1a8332df7e7d4e Mon Sep 17 00:00:00 2001
From: Georg Krause <mail@georg-krause.net>
Date: Fri, 1 Apr 2022 15:00:54 +0200
Subject: [PATCH] Replace requests-http-signature with
 requests-http-message-signatures

---
 api/funkwhale_api/federation/factories.py |  5 ++---
 api/funkwhale_api/federation/signing.py   | 11 +++++------
 api/requirements/base.txt                 |  4 +---
 3 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/api/funkwhale_api/federation/factories.py b/api/funkwhale_api/federation/factories.py
index 51aef3afd..969392ca2 100644
--- a/api/funkwhale_api/federation/factories.py
+++ b/api/funkwhale_api/federation/factories.py
@@ -2,7 +2,7 @@ import uuid
 
 import factory
 import requests
-import requests_http_signature
+import requests_http_message_signatures
 from django.conf import settings
 from django.utils import timezone
 from django.utils.http import http_date
@@ -20,11 +20,10 @@ class SignatureAuthFactory(factory.Factory):
     algorithm = "rsa-sha256"
     key = factory.LazyFunction(lambda: keys.get_key_pair()[0])
     key_id = factory.Faker("url")
-    use_auth_header = False
     headers = ["(request-target)", "user-agent", "host", "date", "accept"]
 
     class Meta:
-        model = requests_http_signature.HTTPSignatureAuth
+        model = requests_http_message_signatures.HTTPSignatureHeaderAuth
 
 
 @registry.register(name="federation.SignedRequest")
diff --git a/api/funkwhale_api/federation/signing.py b/api/funkwhale_api/federation/signing.py
index b69c48668..42b38d8ff 100644
--- a/api/funkwhale_api/federation/signing.py
+++ b/api/funkwhale_api/federation/signing.py
@@ -8,7 +8,7 @@ from django.utils import timezone
 from django.utils.http import parse_http_date
 
 import requests
-import requests_http_signature
+import requests_http_message_signatures
 
 from . import exceptions, utils
 
@@ -45,8 +45,8 @@ def verify(request, public_key):
     )
     verify_date(date)
     try:
-        return requests_http_signature.HTTPSignatureAuth.verify(
-            request, key_resolver=lambda **kwargs: public_key, use_auth_header=False
+        return requests_http_message_signatures.HTTPSignatureHeaderAuth.verify(
+            request, key_resolver=lambda **kwargs: public_key
         )
     except cryptography.exceptions.InvalidSignature:
         logger.warning(
@@ -65,7 +65,7 @@ def verify_django(django_request, public_key):
     headers = utils.clean_wsgi_headers(django_request.META)
     for h, v in list(headers.items()):
         # we include lower-cased version of the headers for compatibility
-        # with requests_http_signature
+        # with requests_http_message_signatures
         headers[h.lower()] = v
     try:
         signature = headers["Signature"]
@@ -98,8 +98,7 @@ def verify_django(django_request, public_key):
 
 
 def get_auth(private_key, private_key_id):
-    return requests_http_signature.HTTPSignatureAuth(
-        use_auth_header=False,
+    return requests_http_message_signatures.HTTPSignatureHeaderAuth(
         headers=["(request-target)", "user-agent", "host", "date"],
         algorithm="rsa-sha256",
         key=private_key.encode("utf-8"),
diff --git a/api/requirements/base.txt b/api/requirements/base.txt
index adbba0f3a..2891873f0 100644
--- a/api/requirements/base.txt
+++ b/api/requirements/base.txt
@@ -41,9 +41,7 @@ uvicorn[standard]~=0.14.0
 gunicorn~=20.1.0
 
 cryptography>=3.3.2
-# requests-http-signature==0.0.3
-# clone until the branch is merged and released upstream
-git+https://github.com/agateblue/requests-http-signature.git@signature-header-support
+requests-http-message-signature==0.3.1
 django-cleanup~=5.2.0
 requests~=2.26.0
 pyOpenSSL~=20.0.1