Example #1
0
    def sign(self, request):
        qs = request.META.get('QUERY_STRING')
        # The API request will come in with an invalid signature, lets
        # strip that out before resigning.
        qs = dict((k, v[0]) for k, v in urlparse.parse_qs(qs).items())
        qs['merchant-id'] = settings.BOKU_MERCHANT_ID
        # Sign the request.
        qs['sig'] = get_boku_request_signature(settings.BOKU_SECRET_KEY, qs)

        # Now put the URL back together, along with the query string.
        self.url = qs_join(url=self.url.split('?')[0],
                           query=urllib.urlencode(qs))
Example #2
0
    def sign(self, request):
        qs = request.META.get('QUERY_STRING')
        # The API request will come in with an invalid signature, lets
        # strip that out before resigning.
        qs = dict((k, v[0]) for k, v in urlparse.parse_qs(qs).items())
        qs['merchant-id'] = settings.BOKU_MERCHANT_ID
        # Sign the request.
        qs['sig'] = get_boku_request_signature(settings.BOKU_SECRET_KEY, qs)

        # Now put the URL back together, along with the query string.
        self.url = qs_join(url=self.url.split('?')[0],
                           query=urllib.urlencode(qs))
Example #3
0
def check_sig(request):
    """
    Override the check_sig call, Boku doesn't actually implement this,
    the proxy does because it has access to that data. Rather than
    send the data on, or try overriding the client, just grab this request,
    parse it and send back a 204 or 400.
    """
    data = request.GET.copy()
    external_sig = data.pop('sig')[0]
    calculated_sig = get_boku_request_signature(settings.BOKU_SECRET_KEY, data)
    is_valid = external_sig == calculated_sig

    log.info('Boku check_sig: {0}'.format('PASS' if is_valid else 'FAIL'))
    return http.HttpResponse(status=204 if is_valid else 400)
Example #4
0
    def test_client_uses_signed_request(self):
        params = {
            'merchant-id': self.merchant_id,
            'param': 'value',
            'timestamp': int(time.time()),
        }
        signature = get_boku_request_signature(self.secret_key, params)

        try:
            self.client.api_call('/path', params)
        except:
            pass

        call_url = self.mock_get.call_args[0][0]
        sig_param = 'sig={signature}'.format(signature=signature)
        ok_(sig_param in call_url)
Example #5
0
    def test_client_uses_signed_request(self):
        params = {
            'merchant-id': self.merchant_id,
            'param': 'value',
            'timestamp': int(time.time()),
        }
        signature = get_boku_request_signature(self.secret_key, params)

        try:
            self.client.api_call('/path', params)
        except:
            pass

        call_url = self.mock_get.call_args[0][0]
        sig_param = 'sig={signature}'.format(signature=signature)
        ok_(sig_param in call_url)
Example #6
0
 def test_good_sig(self):
     sig = get_boku_request_signature(settings.BOKU_SECRET_KEY, {'f': 'b'})
     eq_(self.client.get(self.sig.format(sig)).status_code, 204)
Example #7
0
 def test_sig(self):
     sig = get_boku_request_signature(settings.BOKU_SECRET_KEY, {'f': 'b'})
     self.client.check_sig({'f': 'b', 'sig': sig})
Example #8
0
 def test_no_key(self):
     get_boku_request_signature('', {'f': 'b'})