minor PEP 8 fixes, expired signature check (#26)
parent
606fd8f891
commit
8d615eac2a
|
@ -166,6 +166,9 @@ class HTTPSignatureAuth(requests.auth.AuthBase):
|
|||
sts = self.get_string_to_sign(request, headers, created_timestamp, expires_timestamp=expires_timestamp)
|
||||
key = key_resolver(key_id=sig_struct["keyId"], algorithm=sig_struct["algorithm"])
|
||||
Crypto(sig_struct["algorithm"]).verify(sig, sts, key)
|
||||
if expires_timestamp is not None:
|
||||
assert expires_timestamp > int(time.time())
|
||||
|
||||
|
||||
class HTTPSignatureHeaderAuth(HTTPSignatureAuth):
|
||||
"""
|
||||
|
|
24
test/test.py
24
test/test.py
|
@ -2,9 +2,11 @@
|
|||
|
||||
from __future__ import absolute_import, division, print_function, unicode_literals
|
||||
|
||||
import os, sys, unittest, json, logging, base64
|
||||
import os, sys, unittest, logging, base64
|
||||
from datetime import timedelta
|
||||
|
||||
import requests
|
||||
from cryptography.fernet import Fernet
|
||||
from requests.adapters import HTTPAdapter
|
||||
|
||||
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))) # noqa
|
||||
|
@ -13,8 +15,10 @@ from requests_http_signature import HTTPSignatureAuth, HTTPSignatureHeaderAuth,
|
|||
hmac_secret = b"monorail_cat"
|
||||
passphrase = b"passw0rd"
|
||||
|
||||
|
||||
class TestAdapter(HTTPAdapter):
|
||||
def __init__(self, testcase):
|
||||
super(TestAdapter, self).__init__()
|
||||
self.testcase = testcase
|
||||
|
||||
def send(self, request, *args, **kwargs):
|
||||
|
@ -33,10 +37,12 @@ class TestAdapter(HTTPAdapter):
|
|||
response.url = request.url
|
||||
return response
|
||||
|
||||
|
||||
class DigestlessSignatureAuth(HTTPSignatureAuth):
|
||||
def add_digest(self, request):
|
||||
pass
|
||||
|
||||
|
||||
class TestRequestsHTTPSignature(unittest.TestCase):
|
||||
def setUp(self):
|
||||
logging.basicConfig(level="DEBUG")
|
||||
|
@ -59,6 +65,22 @@ class TestRequestsHTTPSignature(unittest.TestCase):
|
|||
self.session.get(url,
|
||||
auth=HTTPSignatureAuth(key=hmac_secret[::-1], key_id="sekret", headers=["date", "digest"]))
|
||||
|
||||
def test_expired_signature(self):
|
||||
with self.assertRaises(AssertionError):
|
||||
preshared_key_id = 'squirrel'
|
||||
key = Fernet.generate_key()
|
||||
one_month = timedelta(days=-30)
|
||||
headers = ["(expires)"]
|
||||
auth = HTTPSignatureAuth(key=key, key_id=preshared_key_id,
|
||||
expires_in=one_month, headers=headers)
|
||||
|
||||
def key_resolver(key_id, algorithm):
|
||||
return key
|
||||
|
||||
url = 'http://example.com/path'
|
||||
response = requests.get(url, auth=auth)
|
||||
HTTPSignatureAuth.verify(response.request, key_resolver=key_resolver)
|
||||
|
||||
def test_rfc_examples(self):
|
||||
# The date in the RFC is wrong (2014 instead of 2012).
|
||||
# See https://github.com/joyent/node-http-signature/issues/54
|
||||
|
|
Loading…
Reference in New Issue