def _calculate_signature(authn_name, method, url, body, username):
"""Do the signed request calculation.
"""
# We need all arguments and all locals
# pylint: disable=R0913
# pylint: disable=R0914
to_sign = {}
if username:
to_sign['X-FOST-User'] = username.encode('utf-7')
if not isinstance(body, basestring):
if method in ['POST', 'PUT']:
logging.info("Encoding POST/PUT data %s", body or {})
data = encode_multipart(BOUNDARY, body or {})
else:
logging.info("Encoding query string %s", body or {})
data = urlencode(body or {}, doseq=True)
else:
data = body or ''
now = datetime.utcnow().isoformat() + 'Z'
_, signature = fost_hmac_request_signature(settings.SECRET_KEY, method,
url, now, to_sign, data)
headers = {}
headers['Authorization'] = 'FOST %s:%s' % \
(authn_name.encode('utf-7'), signature)
headers['X-FOST-Timestamp'] = now
headers['X-FOST-Headers'] = ' '.join(['X-FOST-Headers'] + to_sign.keys())
for key, value in to_sign.items():
headers[key] = value
logging.debug("_calculate_signature %s adding headers: %s", method,
headers)
return headers
def _calculate_signature(authn_name, method, url, body,
username, for_fake_client):
"""Do the signed request calculation.
"""
# We need all arguments and all locals
# pylint: disable=R0913
# pylint: disable=R0914
to_sign = {}
if username:
to_sign['X-FOST-User'] = username
if not isinstance(body, basestring):
if method in ['POST', 'PUT']:
logging.info("Encoding POST/PUT data %s", body or {})
data = encode_multipart(BOUNDARY, body or {})
else:
logging.info("Encoding query string %s", body or {})
data = urlencode(body or {}, doseq=True)
else:
data = body or ''
now = datetime.utcnow().isoformat() + 'Z'
_, signature = fost_hmac_request_signature(
settings.SECRET_KEY, method, url, now, to_sign, data)
headers = {}
headers['Authorization'] = 'FOST %s:%s' % (authn_name, signature)
headers['X-FOST-Timestamp'] = now
headers['X-FOST-Headers'] = ' '.join(['X-FOST-Headers'] + to_sign.keys())
for key, value in to_sign.items():
headers[key] = value
logging.debug("_calculate_signature %s adding headers: %s", method, headers)
if for_fake_client:
return dict([('HTTP_' + k.upper().replace('-', '_'), v)
for k, v in headers.items()])
else:
return headers
def _calculate_signature(authn_name, method, url, body, username):
"""Do the signed request calculation.
"""
# We need all arguments and all locals
# pylint: disable=R0913
# pylint: disable=R0914
to_sign = {}
if username:
to_sign["X-FOST-User"] = username.encode("utf-7")
if not isinstance(body, basestring):
if method in ["POST", "PUT"]:
logging.info("Encoding POST/PUT data %s", body or {})
data = encode_multipart(BOUNDARY, body or {})
else:
logging.info("Encoding query string %s", body or {})
data = urlencode(body or {}, doseq=True)
else:
data = body or ""
now = datetime.utcnow().isoformat() + "Z"
_, signature = fost_hmac_request_signature(settings.SECRET_KEY, method, url, now, to_sign, data)
headers = {}
headers["Authorization"] = "FOST %s:%s" % (authn_name.encode("utf-7"), signature)
headers["X-FOST-Timestamp"] = now
headers["X-FOST-Headers"] = " ".join(["X-FOST-Headers"] + to_sign.keys())
for key, value in to_sign.items():
headers[key] = value
logging.debug("_calculate_signature %s adding headers: %s", method, headers)
return headers
def test_get_with_user(self):
document, signature = \
fost_hmac_request_signature('secret-value', 'GET', '/', '2011-04-27 03:26:37.625618', {
'X-FOST-User': '******'})
self.assertEquals(
document,
"""GET /\n2011-04-27 03:26:37.625618\nX-FOST-Headers X-FOST-User\nadmin\n"""
)
def sign_request(self, key, secret, headers = {}):
if not self.META.has_key('HTTP_X_FOST_TIMESTAMP'):
self.META['HTTP_X_FOST_TIMESTAMP'] = str(datetime.utcnow())
if not self.META.has_key('HTTP_X_FOST_HEADERS'):
self.META['HTTP_X_FOST_HEADERS'] = 'X-FOST-Headers'
for key, value in headers.items():
self.META['HTTP_%s' % key.upper().replace('-', '_')] = value
self.META['HTTP_X_FOST_HEADERS'] += ' %s' % key
query = self.META.get('QUERY_STRING', '')
document, signature = \
fost_hmac_request_signature(secret, self.method, self.path,
self.META['HTTP_X_FOST_TIMESTAMP'], headers, self.raw_post_data or query)
self.META['HTTP_AUTHORIZATION'] = 'FOST %s:%s' % (quote(key), signature)
def sign_request(self, key, secret, headers={}):
if not self.META.has_key('HTTP_X_FOST_TIMESTAMP'):
self.META['HTTP_X_FOST_TIMESTAMP'] = str(datetime.utcnow())
if not self.META.has_key('HTTP_X_FOST_HEADERS'):
self.META['HTTP_X_FOST_HEADERS'] = 'X-FOST-Headers'
for key, value in headers.items():
self.META['HTTP_%s' % key.upper().replace('-', '_')] = value
self.META['HTTP_X_FOST_HEADERS'] += ' %s' % key
query = self.META.get('QUERY_STRING', '')
document, signature = \
fost_hmac_request_signature(secret, self.method, self.path,
self.META['HTTP_X_FOST_TIMESTAMP'], headers, self.raw_post_data or query)
self.META['HTTP_AUTHORIZATION'] = 'FOST %s:%s' % (quote(key),
signature)
def _root_signed(self, method, body_to_sign, *body_for_ua, **extra_heads):
document, signature = fost_hmac_request_signature(
self.secret, method.upper(), self.url, self.now,
headers = extra_heads, body=body_to_sign)
headers = dict(HTTP_X_FOST_TIMESTAMP = self.now,
HTTP_X_FOST_HEADERS = 'X-FOST-Headers',
HTTP_AUTHORIZATION = 'FOST key-value:%s' % signature)
for key, value in extra_heads.items():
headers['HTTP_%s' % key.upper().replace('-', '_')] = value
headers['HTTP_X_FOST_HEADERS'] += ' %s' % key
try:
settings.FOST_AUTHN_GET_SECRET = self.get_secret
with mock.patch('fost_authn.authentication._forbid', self.fail):
response = getattr(self.ua, method)(self.url, *body_for_ua, **headers)
finally:
delattr(settings, 'FOST_AUTHN_GET_SECRET')
self.assertEquals(response.status_code, 200)
return response
def _root_signed(self, method, body_to_sign, *body_for_ua, **extra_heads):
document, signature = fost_hmac_request_signature(self.secret,
method.upper(),
self.url,
self.now,
headers=extra_heads,
body=body_to_sign)
headers = dict(HTTP_X_FOST_TIMESTAMP=self.now,
HTTP_X_FOST_HEADERS='X-FOST-Headers',
HTTP_AUTHORIZATION='FOST key-value:%s' % signature)
for key, value in extra_heads.items():
headers['HTTP_%s' % key.upper().replace('-', '_')] = value
headers['HTTP_X_FOST_HEADERS'] += ' %s' % key
try:
settings.FOST_AUTHN_GET_SECRET = self.get_secret
with mock.patch('fost_authn.authentication._forbid', self.fail):
response = getattr(self.ua, method)(self.url, *body_for_ua,
**headers)
finally:
delattr(settings, 'FOST_AUTHN_GET_SECRET')
self.assertEquals(response.status_code, 200)
return response
def test_get(self):
document, signature = \
fost_hmac_request_signature('secret-value', 'GET', '/', '2011-04-27 03:26:37.625618')
self.assertEquals(document, self.document)
self.assertEquals(signature, 'Ttq8K3g/jm7sOAVzCN+3k4FVAso=')
def test_get_with_user(self):
document, signature = \
fost_hmac_request_signature('secret-value', 'GET', '/', '2011-04-27 03:26:37.625618', {
'X-FOST-User': '******'})
self.assertEquals(document,
"""GET /\n2011-04-27 03:26:37.625618\nX-FOST-Headers X-FOST-User\nadmin\n""")
def test_get(self):
document, signature = \
fost_hmac_request_signature('secret-value', 'GET', '/', '2011-04-27 03:26:37.625618')
self.assertEquals(document, self.document)
self.assertEquals(signature, 'Ttq8K3g/jm7sOAVzCN+3k4FVAso=')
