minor PEP 8 fixes, expired signature check (#26)

2021-04-27 17:47:50 +04:00 · 2021-04-27 17:47:50 +04:00 · 8d615eac2a
parent 606fd8f891
commit 8d615eac2a
2 changed files with 26 additions and 1 deletions
--- a/requests_http_signature/init.py
+++ b/requests_http_signature/init.py
@ -166,6 +166,9 @@ class HTTPSignatureAuth(requests.auth.AuthBase):
        sts = self.get_string_to_sign(request, headers, created_timestamp, expires_timestamp=expires_timestamp)
        key = key_resolver(key_id=sig_struct["keyId"], algorithm=sig_struct["algorithm"])
        Crypto(sig_struct["algorithm"]).verify(sig, sts, key)
+        if expires_timestamp is not None:
+            assert expires_timestamp > int(time.time())
+

 class HTTPSignatureHeaderAuth(HTTPSignatureAuth):
    """
--- a/test/test.py
+++ b/test/test.py
@ -2,9 +2,11 @@

 from __future__ import absolute_import, division, print_function, unicode_literals

-import os, sys, unittest, json, logging, base64
+import os, sys, unittest, logging, base64
+from datetime import timedelta

 import requests
+from cryptography.fernet import Fernet
 from requests.adapters import HTTPAdapter

 sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))) # noqa
@ -13,8 +15,10 @@ from requests_http_signature import HTTPSignatureAuth, HTTPSignatureHeaderAuth,
 hmac_secret = b"monorail_cat"
 passphrase = b"passw0rd"

+
 class TestAdapter(HTTPAdapter):
    def __init__(self, testcase):
+        super(TestAdapter, self).__init__()
        self.testcase = testcase

    def send(self, request, *args, **kwargs):
@ -33,10 +37,12 @@ class TestAdapter(HTTPAdapter):
        response.url = request.url
        return response

+
 class DigestlessSignatureAuth(HTTPSignatureAuth):
    def add_digest(self, request):
        pass

+
 class TestRequestsHTTPSignature(unittest.TestCase):
    def setUp(self):
        logging.basicConfig(level="DEBUG")
@ -59,6 +65,22 @@ class TestRequestsHTTPSignature(unittest.TestCase):
            self.session.get(url,
                             auth=HTTPSignatureAuth(key=hmac_secret[::-1], key_id="sekret", headers=["date", "digest"]))

+    def test_expired_signature(self):
+        with self.assertRaises(AssertionError):
+            preshared_key_id = 'squirrel'
+            key = Fernet.generate_key()
+            one_month = timedelta(days=-30)
+            headers = ["(expires)"]
+            auth = HTTPSignatureAuth(key=key, key_id=preshared_key_id,
+                                     expires_in=one_month, headers=headers)
+
+            def key_resolver(key_id, algorithm):
+                return key
+
+            url = 'http://example.com/path'
+            response = requests.get(url, auth=auth)
+            HTTPSignatureAuth.verify(response.request, key_resolver=key_resolver)
+
    def test_rfc_examples(self):
        # The date in the RFC is wrong (2014 instead of 2012).
        # See https://github.com/joyent/node-http-signature/issues/54