Update README.rst

Remove duplicative content
2022-04-15 12:19:21 -07:00 · 2022-04-15 12:02:27 -07:00 · 2022-04-15 12:01:47 -07:00 · 2022-04-15 11:02:07 -07:00 · 2022-04-15 10:56:42 -07:00 · 2022-04-15 10:34:49 -07:00
3 changed files with 8 additions and 10 deletions
--- a/README.rst
+++ b/README.rst
@ -2,7 +2,7 @@ requests-http-signature: A Requests auth module for HTTP Signature
 ==================================================================
 **requests-http-signature** is a `Requests <https://github.com/requests/requests>`_ `authentication plugin
 <http://docs.python-requests.org/en/master/user/authentication/>`_ (``requests.auth.AuthBase`` subclass) implementing
-the `IETF HTTP Message Signatures draft RFC <https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/>`_.
+the `IETF HTTP Message Signatures draft standard <https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/>`_.

 Installation
 ------------
@ -31,7 +31,7 @@ By default, only the ``Date`` header and the ``@method``, ``@authority``, and ``
 identifiers are signed for body-less requests such as GET. The ``Date`` header is set if it is absent. In addition,
 the ``Authorization`` header is signed if it is present, and for requests with bodies (such as POST), the
 ``Content-Digest`` header is set to the SHA256 of the request body using the format described in the
-`IETF Digest Fields draft RFC <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-digest-headers>`_ and signed.
+`IETF Digest Fields draft <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-digest-headers>`_ and signed.
 To add other headers to the signature, pass an array of header names in the ``covered_component_ids`` keyword argument.
 See the `API documentation <https://pyauth.github.io/requests-http-signature/#id3>`_ for the full list of options and
 details.
@ -51,7 +51,6 @@ The class method ``HTTPSignatureAuth.verify()`` can be used to verify responses
  verify_result = HTTPSignatureAuth.verify(response,
                                           signature_algorithm=algorithms.HMAC_SHA256,
                                           key_resolver=MyKeyResolver())
-  # To avoid substitution attacks, only trust response data referenced by verify_result

 More generally, you can reconstruct an arbitrary request using the
 `Requests API <https://docs.python-requests.org/en/latest/api/#requests.Request>`_ and pass it to ``verify()``:
@ -77,7 +76,7 @@ To verify incoming requests and sign responses in the context of an HTTP server,
 In requests-http-signature, you can ensure that the information signed is what you expect to be signed by only trusting
 the data returned by the ``verify()`` method::

-   verify_result = HTTPSignatureAuth.verify(request, ...)
+   verify_result = HTTPSignatureAuth.verify(message, ...)

 See the `API documentation <https://pyauth.github.io/requests-http-signature/#id3>`_ for full details.

@ -117,7 +116,7 @@ To generate a Content-Digest header using SHA-512 instead of the default SHA-256
 follows::

  class MySigner(HTTPSignatureAuth):
-      signing_content_digest_hasher = "sha-512"
+      signing_content_digest_algorithm = "sha-512"

 Links
 -----
--- a/requests_http_signature/init.py
+++ b/requests_http_signature/init.py
@ -78,7 +78,7 @@ class HTTPSignatureAuth(requests.auth.AuthBase):
    """

    _content_digest_hashers = {"sha-256": hashlib.sha256, "sha-512": hashlib.sha512}
-    signing_content_digest_hasher = "sha-256"
+    signing_content_digest_algorithm = "sha-256"
    "The hash algorithm to use to generate the Content-Digest header field (either ``sha-256`` or ``sha-512``)."

    _auto_cover_header_fields = {"authorization", "content-digest", "date"}
@ -119,9 +119,9 @@ class HTTPSignatureAuth(requests.auth.AuthBase):
            raise RequestsHttpSignatureException("Could not compute digest header for request without a body")
        if request.body is not None:
            if "Content-Digest" not in request.headers:
-                hasher = self._content_digest_hashers[self.signing_content_digest_hasher]
+                hasher = self._content_digest_hashers[self.signing_content_digest_algorithm]
                digest = hasher(request.body).digest()
-                digest_node = http_sfv.Dictionary({self.signing_content_digest_hasher: digest})
+                digest_node = http_sfv.Dictionary({self.signing_content_digest_algorithm: digest})
                request.headers["Content-Digest"] = str(digest_node)

    def get_nonce(self, request):
--- a/setup.py
+++ b/setup.py
@ -4,7 +4,6 @@ from setuptools import setup, find_packages

 setup(
    name='requests-http-signature',
-    version='0.2.0',
    url='https://github.com/pyauth/requests-http-signature',
    license='Apache Software License',
    author='Andrey Kislyuk',
@ -18,7 +17,7 @@ setup(
    install_requires=[
        "http-message-signatures >= 0.4.0",
        "http-sfv >= 0.9.3",
-        "requests >= 2.27.1"
+        "requests >= 2.25.1"
    ],
    extras_require={
        "tests": [
Author	SHA1	Message	Date
Andrey Kislyuk	c39ce5114a	Update README.rst	2022-04-15 12:19:21 -07:00
Andrey Kislyuk	c242bb4a8d	Update README.rst	2022-04-15 12:02:27 -07:00
Andrey Kislyuk	2aa9ca0bf2	Remove duplicative content	2022-04-15 12:01:47 -07:00
Andrey Kislyuk	1d7413b890	Relax requests version range to use LTS	2022-04-15 11:02:07 -07:00
Andrey Kislyuk	617f6265f0	Remove version since it is set by scm	2022-04-15 10:56:42 -07:00
Andrey Kislyuk	ab8b01c9ae	Clarify naming	2022-04-15 10:34:49 -07:00