gcrkrause
/
requests-http-signature
mirror of https://github.com/pyauth/requests-http-signature
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

minor PEP 8 fixes, expired signature check (#26)

pull/27/head
Jean-Hugues de Raigniac 2021-04-27 17:47:50 +04:00 committed by GitHub
parent 606fd8f891
commit 8d615eac2a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
requests_http_signature/__init__.py
View File

@ -166,6 +166,9 @@ class HTTPSignatureAuth(requests.auth.AuthBase):
sts = self.get_string_to_sign(request, headers, created_timestamp, expires_timestamp=expires_timestamp) sts = self.get_string_to_sign(request, headers, created_timestamp, expires_timestamp=expires_timestamp)
key = key_resolver(key_id=sig_struct["keyId"], algorithm=sig_struct["algorithm"]) key = key_resolver(key_id=sig_struct["keyId"], algorithm=sig_struct["algorithm"])
Crypto(sig_struct["algorithm"]).verify(sig, sts, key) Crypto(sig_struct["algorithm"]).verify(sig, sts, key)
if expires_timestamp is not None:
assert expires_timestamp > int(time.time())
class HTTPSignatureHeaderAuth(HTTPSignatureAuth): class HTTPSignatureHeaderAuth(HTTPSignatureAuth):
""" """

24
test/test.py
View File

@ -2,9 +2,11 @@
from __future__ import absolute_import, division, print_function, unicode_literals from __future__ import absolute_import, division, print_function, unicode_literals
import os, sys, unittest, json, logging, base64 import os, sys, unittest, logging, base64
from datetime import timedelta
import requests import requests
from cryptography.fernet import Fernet
from requests.adapters import HTTPAdapter from requests.adapters import HTTPAdapter
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))) # noqa sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))) # noqa
@ -13,8 +15,10 @@ from requests_http_signature import HTTPSignatureAuth, HTTPSignatureHeaderAuth,
hmac_secret = b"monorail_cat" hmac_secret = b"monorail_cat"
passphrase = b"passw0rd" passphrase = b"passw0rd"
class TestAdapter(HTTPAdapter): class TestAdapter(HTTPAdapter):
def __init__(self, testcase): def __init__(self, testcase):
super(TestAdapter, self).__init__()
self.testcase = testcase self.testcase = testcase
def send(self, request, *args, **kwargs): def send(self, request, *args, **kwargs):
@ -33,10 +37,12 @@ class TestAdapter(HTTPAdapter):
response.url = request.url response.url = request.url
return response return response
class DigestlessSignatureAuth(HTTPSignatureAuth): class DigestlessSignatureAuth(HTTPSignatureAuth):
def add_digest(self, request): def add_digest(self, request):
pass pass
class TestRequestsHTTPSignature(unittest.TestCase): class TestRequestsHTTPSignature(unittest.TestCase):
def setUp(self): def setUp(self):
logging.basicConfig(level="DEBUG") logging.basicConfig(level="DEBUG")
@ -59,6 +65,22 @@ class TestRequestsHTTPSignature(unittest.TestCase):
self.session.get(url, self.session.get(url,
auth=HTTPSignatureAuth(key=hmac_secret[::-1], key_id="sekret", headers=["date", "digest"])) auth=HTTPSignatureAuth(key=hmac_secret[::-1], key_id="sekret", headers=["date", "digest"]))
def test_expired_signature(self):
with self.assertRaises(AssertionError):
preshared_key_id = 'squirrel'
key = Fernet.generate_key()
one_month = timedelta(days=-30)
headers = ["(expires)"]
auth = HTTPSignatureAuth(key=key, key_id=preshared_key_id,
expires_in=one_month, headers=headers)
def key_resolver(key_id, algorithm):
return key
url = 'http://example.com/path'
response = requests.get(url, auth=auth)
HTTPSignatureAuth.verify(response.request, key_resolver=key_resolver)
def test_rfc_examples(self): def test_rfc_examples(self):
# The date in the RFC is wrong (2014 instead of 2012). # The date in the RFC is wrong (2014 instead of 2012).
# See https://github.com/joyent/node-http-signature/issues/54 # See https://github.com/joyent/node-http-signature/issues/54