def test_verify_not_strict(key, value, monkeypatch): result = sign_http_request(alg=ALG, **TEST_DATA) monkeypatch.setitem(TEST_DATA, key, value) verify_http_request(signature=result, strict_query_param_verification=False, strict_headers_verification=False, **TEST_DATA)
def test_verify_strict(key, value, monkeypatch): result = sign_http_request(alg=ALG, **TEST_DATA) monkeypatch.setitem(TEST_DATA, key, value) with pytest.raises(ValidationError): verify_http_request(signature=result, strict_query_param_verification=True, strict_headers_verification=True, **TEST_DATA)
def userinfo_endpoint(self, request, **kwargs): access_token = self._parse_access_token(request) key = self._get_client_public_key(access_token) http_signature = self._parse_signature(request) try: verify_http_request(key, http_signature, method=request["method"], host=request["host"], path=request["path"], query_params=request["query"], headers=request["headers"], body=request["body"], strict_query_param_verification=True, strict_headers_verification=False) except ValidationError: return self._error_response("access_denied", descr="Could not verify proof of possession") return self._do_user_info(self.access_tokens[access_token], **kwargs)
def test_verify_fail(key, value, monkeypatch): result = sign_http_request(alg=ALG, **TEST_DATA) monkeypatch.setitem(TEST_DATA, key, value) with pytest.raises(ValidationError): verify_http_request(signature=result, **TEST_DATA)
def test_verify(): timestamp = 12347456 result = sign_http_request(alg=ALG, time_stamp=12347456, **TEST_DATA) signature = verify_http_request(signature=result, **TEST_DATA) assert signature["ts"] == timestamp