def test_callback(self):
trade_id, fee = self.new_trade()
query_params = {
"app_id": config.ali_app_id,
"auth_app_id": config.ali_app_id,
"charset": "utf-8",
"method": "alipay.trade.wap.pay.return",
"out_trade_no": trade_id,
"seller_id": config.ali_seller_id,
"timestamp": "2017-04-03 02:00:09",
"total_amount": fee,
"trade_no": "2017040321001004890200292043",
"version": "1.0"
}
items = sorted([(k, v) for k, v in query_params.items()])
message = "&".join(["{}={}".format(k, v) for k, v in items])
signature = RSA(config.private_key_path).sign(message)
query_string = "&".join(
["{}={}".format(k, quote_plus(v)) for k, v in items])
url = "/trade/wap/pay/callback?" + query_string + "&sign={}".format(
quote_plus(signature))
signer = RSA(config.public_key_path).gen_signer()
with mock.patch.object(RSA, "gen_signer", return_value=signer):
response = self.get(url)
self.assertEqual(response.code, 200)
self.assertIn("html", response.body)
def _sign(self, data):
"""Sign message with private key."""
unsigned_items = self._ordered_data(data)
unsigned_message = "&".join("{}={}".format(k, v)
for k, v in unsigned_items)
return RSA(self._private_key_path).sign(unsigned_message,
self._charset)
def test_validate_user_wrong_username(self):
data = {
'username': "******", # O NOEZ
'password': "******", # WHOOOPS, A TYPO!
}
data['password'] = RSA().encrypt(data['password']).encode('base64')
response = self.client.post('/api/1/users/auth/', data, **self.extra)
self.assertFalse(simplejson.loads(response.content))
def test_validate_user_success(self):
data = {
'username': "******",
'password': "******",
}
data['password'] = RSA().encrypt(data['password']).encode('base64')
response = self.client.post('/api/1/users/auth/', data, **self.extra)
self.assertTrue(simplejson.loads(response.content))
def test_rsa(client):
# We simulate the communication between client/server
server = RSA("tests/resources/test_server.pem",
"tests/resources/test_client.pub")
client = RSA("tests/resources/test_client.pem",
"tests/resources/test_server.pub")
assert client.decrypt(server.encrypt(b"Allo mon beau monsieur!")).decode(
"utf-8") == "Allo mon beau monsieur!"
assert server.decrypt(
client.encrypt(b"T Lette")).decode("utf-8") == "T Lette"
def wrapper(*args, **kwargs):
handler = args[0]
arguments = handler.request.arguments
# Remove `sign` and `sign_type`
items = sorted([(k, v[0]) for k, v in arguments.items()
if "sign" not in k])
message = "&".join(
["{}={}".format(k, v.decode("utf-8")) for k, v in items])
signature = handler.get_argument("sign", "")
charset = handler.get_argument("charset", "utf-8")
sign_type = handler.get_argument("sign_type", "RSA2")
rsa = RSA(config.ali_public_key_path, sign_type=sign_type)
verification = rsa.verify(message, signature, charset)
if not verification:
raise HTTPError(403,
"Verify signature faild",
reason="Invalid signature")
function(*args, **kwargs)
def test_rsa2_sign_and_verify(self):
rsa = RSA(config.private_key_path, "RSA2")
message = "123"
signature = rsa.sign(message)
rsa = RSA(config.public_key_path, "RSA2")
verification = rsa.verify(message, signature)
self.assertTrue(verification)
def test_notify(self):
trade_id, fee = self.new_trade()
params = {
"trade_no": trade_id,
"out_trade_no": trade_id,
"trade_status": "TRADE_SUCCESS",
"total_amount": fee,
"seller_id": config.ali_seller_id,
}
items = sorted([(k, v) for k, v in params.items()])
message = "&".join(["{}={}".format(k, v) for k, v in items])
signature = RSA(config.private_key_path).sign(message)
body = "&".join(["{}={}".format(k, quote_plus(v)) for k, v in items])
body = body + "&sign={}".format(quote_plus(signature))
signer = RSA(config.public_key_path).gen_signer()
with mock.patch.object(RSA, "gen_signer", return_value=signer):
response = self.post("/trade/wap/pay/notify",
body,
force_dumps=False)
self.assertEqual(response.code, 200)
self.assertEqual(response.body, "success")
def handle(self, *args, **options):
msg = ("You are about to (re)generate public/private RSA keys,\n"
"which means that CURRENTLY USED KEYS WILL EXPIRE.\n\n"
"Are you sure you want to proceed? (yes/no): ")
confirm = raw_input(msg)
while 1:
if confirm not in ('yes', 'no'):
confirm = raw_input('Please enter either "yes" or "no": ')
continue
if confirm == 'yes':
RSA(no_import=True).generate_keys()
self.stdout.write("Successfully generated RSA keys.\n"
"You may want to share public_key.pem file"
" with gameserver maintainers.\n")
sys.exit(0)
break
self.stdout.write("Aborted.\n")