minor PEP 8 fixes, expired signature check (#26)
parent
606fd8f891
commit
8d615eac2a
|
@ -166,6 +166,9 @@ class HTTPSignatureAuth(requests.auth.AuthBase):
|
||||||
sts = self.get_string_to_sign(request, headers, created_timestamp, expires_timestamp=expires_timestamp)
|
sts = self.get_string_to_sign(request, headers, created_timestamp, expires_timestamp=expires_timestamp)
|
||||||
key = key_resolver(key_id=sig_struct["keyId"], algorithm=sig_struct["algorithm"])
|
key = key_resolver(key_id=sig_struct["keyId"], algorithm=sig_struct["algorithm"])
|
||||||
Crypto(sig_struct["algorithm"]).verify(sig, sts, key)
|
Crypto(sig_struct["algorithm"]).verify(sig, sts, key)
|
||||||
|
if expires_timestamp is not None:
|
||||||
|
assert expires_timestamp > int(time.time())
|
||||||
|
|
||||||
|
|
||||||
class HTTPSignatureHeaderAuth(HTTPSignatureAuth):
|
class HTTPSignatureHeaderAuth(HTTPSignatureAuth):
|
||||||
"""
|
"""
|
||||||
|
|
24
test/test.py
24
test/test.py
|
@ -2,9 +2,11 @@
|
||||||
|
|
||||||
from __future__ import absolute_import, division, print_function, unicode_literals
|
from __future__ import absolute_import, division, print_function, unicode_literals
|
||||||
|
|
||||||
import os, sys, unittest, json, logging, base64
|
import os, sys, unittest, logging, base64
|
||||||
|
from datetime import timedelta
|
||||||
|
|
||||||
import requests
|
import requests
|
||||||
|
from cryptography.fernet import Fernet
|
||||||
from requests.adapters import HTTPAdapter
|
from requests.adapters import HTTPAdapter
|
||||||
|
|
||||||
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))) # noqa
|
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))) # noqa
|
||||||
|
@ -13,8 +15,10 @@ from requests_http_signature import HTTPSignatureAuth, HTTPSignatureHeaderAuth,
|
||||||
hmac_secret = b"monorail_cat"
|
hmac_secret = b"monorail_cat"
|
||||||
passphrase = b"passw0rd"
|
passphrase = b"passw0rd"
|
||||||
|
|
||||||
|
|
||||||
class TestAdapter(HTTPAdapter):
|
class TestAdapter(HTTPAdapter):
|
||||||
def __init__(self, testcase):
|
def __init__(self, testcase):
|
||||||
|
super(TestAdapter, self).__init__()
|
||||||
self.testcase = testcase
|
self.testcase = testcase
|
||||||
|
|
||||||
def send(self, request, *args, **kwargs):
|
def send(self, request, *args, **kwargs):
|
||||||
|
@ -33,10 +37,12 @@ class TestAdapter(HTTPAdapter):
|
||||||
response.url = request.url
|
response.url = request.url
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
||||||
class DigestlessSignatureAuth(HTTPSignatureAuth):
|
class DigestlessSignatureAuth(HTTPSignatureAuth):
|
||||||
def add_digest(self, request):
|
def add_digest(self, request):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
class TestRequestsHTTPSignature(unittest.TestCase):
|
class TestRequestsHTTPSignature(unittest.TestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
logging.basicConfig(level="DEBUG")
|
logging.basicConfig(level="DEBUG")
|
||||||
|
@ -59,6 +65,22 @@ class TestRequestsHTTPSignature(unittest.TestCase):
|
||||||
self.session.get(url,
|
self.session.get(url,
|
||||||
auth=HTTPSignatureAuth(key=hmac_secret[::-1], key_id="sekret", headers=["date", "digest"]))
|
auth=HTTPSignatureAuth(key=hmac_secret[::-1], key_id="sekret", headers=["date", "digest"]))
|
||||||
|
|
||||||
|
def test_expired_signature(self):
|
||||||
|
with self.assertRaises(AssertionError):
|
||||||
|
preshared_key_id = 'squirrel'
|
||||||
|
key = Fernet.generate_key()
|
||||||
|
one_month = timedelta(days=-30)
|
||||||
|
headers = ["(expires)"]
|
||||||
|
auth = HTTPSignatureAuth(key=key, key_id=preshared_key_id,
|
||||||
|
expires_in=one_month, headers=headers)
|
||||||
|
|
||||||
|
def key_resolver(key_id, algorithm):
|
||||||
|
return key
|
||||||
|
|
||||||
|
url = 'http://example.com/path'
|
||||||
|
response = requests.get(url, auth=auth)
|
||||||
|
HTTPSignatureAuth.verify(response.request, key_resolver=key_resolver)
|
||||||
|
|
||||||
def test_rfc_examples(self):
|
def test_rfc_examples(self):
|
||||||
# The date in the RFC is wrong (2014 instead of 2012).
|
# The date in the RFC is wrong (2014 instead of 2012).
|
||||||
# See https://github.com/joyent/node-http-signature/issues/54
|
# See https://github.com/joyent/node-http-signature/issues/54
|
||||||
|
|
Loading…
Reference in New Issue