Compare commits
6 Commits
69f17689f5
...
c39ce5114a
Author | SHA1 | Date |
---|---|---|
Andrey Kislyuk | c39ce5114a | |
Andrey Kislyuk | c242bb4a8d | |
Andrey Kislyuk | 2aa9ca0bf2 | |
Andrey Kislyuk | 1d7413b890 | |
Andrey Kislyuk | 617f6265f0 | |
Andrey Kislyuk | ab8b01c9ae |
|
@ -2,7 +2,7 @@ requests-http-signature: A Requests auth module for HTTP Signature
|
|||
==================================================================
|
||||
**requests-http-signature** is a `Requests <https://github.com/requests/requests>`_ `authentication plugin
|
||||
<http://docs.python-requests.org/en/master/user/authentication/>`_ (``requests.auth.AuthBase`` subclass) implementing
|
||||
the `IETF HTTP Message Signatures draft RFC <https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/>`_.
|
||||
the `IETF HTTP Message Signatures draft standard <https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/>`_.
|
||||
|
||||
Installation
|
||||
------------
|
||||
|
@ -31,7 +31,7 @@ By default, only the ``Date`` header and the ``@method``, ``@authority``, and ``
|
|||
identifiers are signed for body-less requests such as GET. The ``Date`` header is set if it is absent. In addition,
|
||||
the ``Authorization`` header is signed if it is present, and for requests with bodies (such as POST), the
|
||||
``Content-Digest`` header is set to the SHA256 of the request body using the format described in the
|
||||
`IETF Digest Fields draft RFC <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-digest-headers>`_ and signed.
|
||||
`IETF Digest Fields draft <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-digest-headers>`_ and signed.
|
||||
To add other headers to the signature, pass an array of header names in the ``covered_component_ids`` keyword argument.
|
||||
See the `API documentation <https://pyauth.github.io/requests-http-signature/#id3>`_ for the full list of options and
|
||||
details.
|
||||
|
@ -51,7 +51,6 @@ The class method ``HTTPSignatureAuth.verify()`` can be used to verify responses
|
|||
verify_result = HTTPSignatureAuth.verify(response,
|
||||
signature_algorithm=algorithms.HMAC_SHA256,
|
||||
key_resolver=MyKeyResolver())
|
||||
# To avoid substitution attacks, only trust response data referenced by verify_result
|
||||
|
||||
More generally, you can reconstruct an arbitrary request using the
|
||||
`Requests API <https://docs.python-requests.org/en/latest/api/#requests.Request>`_ and pass it to ``verify()``:
|
||||
|
@ -77,7 +76,7 @@ To verify incoming requests and sign responses in the context of an HTTP server,
|
|||
In requests-http-signature, you can ensure that the information signed is what you expect to be signed by only trusting
|
||||
the data returned by the ``verify()`` method::
|
||||
|
||||
verify_result = HTTPSignatureAuth.verify(request, ...)
|
||||
verify_result = HTTPSignatureAuth.verify(message, ...)
|
||||
|
||||
See the `API documentation <https://pyauth.github.io/requests-http-signature/#id3>`_ for full details.
|
||||
|
||||
|
@ -117,7 +116,7 @@ To generate a Content-Digest header using SHA-512 instead of the default SHA-256
|
|||
follows::
|
||||
|
||||
class MySigner(HTTPSignatureAuth):
|
||||
signing_content_digest_hasher = "sha-512"
|
||||
signing_content_digest_algorithm = "sha-512"
|
||||
|
||||
Links
|
||||
-----
|
||||
|
|
|
@ -78,7 +78,7 @@ class HTTPSignatureAuth(requests.auth.AuthBase):
|
|||
"""
|
||||
|
||||
_content_digest_hashers = {"sha-256": hashlib.sha256, "sha-512": hashlib.sha512}
|
||||
signing_content_digest_hasher = "sha-256"
|
||||
signing_content_digest_algorithm = "sha-256"
|
||||
"The hash algorithm to use to generate the Content-Digest header field (either ``sha-256`` or ``sha-512``)."
|
||||
|
||||
_auto_cover_header_fields = {"authorization", "content-digest", "date"}
|
||||
|
@ -119,9 +119,9 @@ class HTTPSignatureAuth(requests.auth.AuthBase):
|
|||
raise RequestsHttpSignatureException("Could not compute digest header for request without a body")
|
||||
if request.body is not None:
|
||||
if "Content-Digest" not in request.headers:
|
||||
hasher = self._content_digest_hashers[self.signing_content_digest_hasher]
|
||||
hasher = self._content_digest_hashers[self.signing_content_digest_algorithm]
|
||||
digest = hasher(request.body).digest()
|
||||
digest_node = http_sfv.Dictionary({self.signing_content_digest_hasher: digest})
|
||||
digest_node = http_sfv.Dictionary({self.signing_content_digest_algorithm: digest})
|
||||
request.headers["Content-Digest"] = str(digest_node)
|
||||
|
||||
def get_nonce(self, request):
|
||||
|
|
3
setup.py
3
setup.py
|
@ -4,7 +4,6 @@ from setuptools import setup, find_packages
|
|||
|
||||
setup(
|
||||
name='requests-http-signature',
|
||||
version='0.2.0',
|
||||
url='https://github.com/pyauth/requests-http-signature',
|
||||
license='Apache Software License',
|
||||
author='Andrey Kislyuk',
|
||||
|
@ -18,7 +17,7 @@ setup(
|
|||
install_requires=[
|
||||
"http-message-signatures >= 0.4.0",
|
||||
"http-sfv >= 0.9.3",
|
||||
"requests >= 2.27.1"
|
||||
"requests >= 2.25.1"
|
||||
],
|
||||
extras_require={
|
||||
"tests": [
|
||||
|
|
Loading…
Reference in New Issue