Accept hs2019 in signatures (#529)

Fixes part of federation with GoToSocial - this is just a different name for the same algorithm.
jointakahe · Mar 3, 2023 · 78eacf1 · 78eacf1
1 parent 552a150
commit 78eacf1
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/core/signatures.py b/core/signatures.py
@@ -160,7 +160,12 @@ def verify_request(cls, request, public_key, skip_date=False):
             raise VerificationFormatError("No signature header present")
         signature_details = cls.parse_signature(request.headers["signature"])
         # Reject unknown algorithms
-        if signature_details["algorithm"] != "rsa-sha256":
+        # hs2019 is used by some libraries to obfuscate the real algorithm per the spec
+        # https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12
+        if (
+            signature_details["algorithm"] != "rsa-sha256"
+            and signature_details["algorithm"] != "hs2019"
+        ):
             raise VerificationFormatError("Unknown signature algorithm")
         # Create the signature payload
         headers_string = cls.headers_from_request(request, signature_details["headers"])