Exemplo n.º 1
0
 def test_passing_filelike_as_request_object(self):
     req = StringIO.StringIO(TEST_REQ)
     assert not check_signature(req, TEST_KEY, nonces=False)
     req = StringIO.StringIO(TEST_REQ)
     authz = sign_request(req, TEST_ID, TEST_KEY, params=TEST_PARAMS)
     assert TEST_SIG in authz
     req = StringIO.StringIO(TEST_REQ_SIGNED)
     assert check_signature(req, TEST_KEY, nonces=False)
Exemplo n.º 2
0
 def test_passing_filelike_as_request_object(self):
     req = StringIO.StringIO(TEST_REQ)
     assert not check_signature(req, TEST_KEY, nonces=False)
     req = StringIO.StringIO(TEST_REQ)
     authz = sign_request(req, TEST_ID, TEST_KEY, params=TEST_PARAMS)
     assert TEST_SIG in authz
     req = StringIO.StringIO(TEST_REQ_SIGNED)
     assert check_signature(req, TEST_KEY, nonces=False)
Exemplo n.º 3
0
 def test_passing_requests_request_as_request_object(self):
     req = requests.Request(
         url="http://example.com/resource/1",
         method="POST",
         params=[("b", "1"), ("a", "2")],
         data="hello world",
     )
     assert not check_signature(req, TEST_KEY, nonces=False)
     authz = sign_request(req, TEST_ID, TEST_KEY, params=TEST_PARAMS)
     assert TEST_SIG in authz
     assert check_signature(req, TEST_KEY, nonces=False)
Exemplo n.º 4
0
 def test_passing_requests_request_as_request_object(self):
     req = requests.Request(
         url="http://example.com/resource/1",
         method="POST",
         params=[("b", "1"), ("a", "2")],
         data="hello world",
     )
     assert not check_signature(req, TEST_KEY, nonces=False)
     authz = sign_request(req, TEST_ID, TEST_KEY, params=TEST_PARAMS)
     assert TEST_SIG in authz
     assert check_signature(req, TEST_KEY, nonces=False)
 def test_check_signature_fails_with_reused_nonce(self):
     # First request with that nonce should succeed.
     req = Request.blank("/")
     req.authorization = ("MAC", {"nonce": "PEPPER"})
     sign_request(req, "myid", "mykey")
     self.assertTrue(check_signature(req, "mykey"))
     # Second request with that nonce should fail.
     req = Request.blank("/")
     req.authorization = ("MAC", {"nonce": "PEPPER"})
     sign_request(req, "myid", "mykey")
     self.assertFalse(check_signature(req, "mykey"))
     # But it will succeed if using a different nonce cache.
     self.assertTrue(check_signature(req, "mykey", nonces=NonceCache()))
 def test_check_signature_fails_with_far_future_timestamp(self):
     req = Request.blank("/")
     # Do an initial request so that the server can
     # calculate and cache our clock skew.
     ts = str(int(time.time()))
     req.authorization = ("MAC", {"ts": ts})
     sign_request(req, "myid", "mykey")
     self.assertTrue(check_signature(req, "mykey"))
     # Now do one with a far future timestamp.
     ts = str(int(time.time() + 1000))
     req.authorization = ("MAC", {"ts": ts})
     sign_request(req, "myid", "mykey")
     self.assertFalse(check_signature(req, "mykey"))
Exemplo n.º 7
0
 def test_check_signature_fails_with_far_future_timestamp(self):
     req = Request.blank("/")
     # Do an initial request so that the server can
     # calculate and cache our clock skew.
     ts = str(int(time.time()))
     req.authorization = ("MAC", {"ts": ts})
     sign_request(req, "myid", "mykey")
     self.assertTrue(check_signature(req, "mykey"))
     # Now do one with a far future timestamp.
     ts = str(int(time.time() + 1000))
     req.authorization = ("MAC", {"ts": ts})
     sign_request(req, "myid", "mykey")
     self.assertFalse(check_signature(req, "mykey"))
Exemplo n.º 8
0
 def test_check_signature_fails_with_reused_nonce(self):
     # First request with that nonce should succeed.
     req = Request.blank("/")
     req.authorization = ("MAC", {"nonce": "PEPPER"})
     sign_request(req, "myid", "mykey")
     self.assertTrue(check_signature(req, "mykey"))
     # Second request with that nonce should fail.
     req = Request.blank("/")
     req.authorization = ("MAC", {"nonce": "PEPPER"})
     sign_request(req, "myid", "mykey")
     self.assertFalse(check_signature(req, "mykey"))
     # But it will succeed if using a different nonce cache.
     self.assertTrue(check_signature(req, "mykey", nonces=NonceCache()))
Exemplo n.º 9
0
 def test_passing_environ_dict_as_request_object(self):
     req = {
         "wsgi.url_scheme": "http",
         "REQUEST_METHOD": "POST",
         "HTTP_HOST": "example.com",
         "HTTP_CONTENT_LENGTH": "11",
         "PATH_INFO": "/resource/1",
         "QUERY_STRING": "b=1&a=2",
         "wsgi.input": StringIO.StringIO("hello world")
     }
     assert not check_signature(req, TEST_KEY, nonces=False)
     authz = sign_request(req, TEST_ID, TEST_KEY, params=TEST_PARAMS)
     assert TEST_SIG in authz
     assert check_signature(req, TEST_KEY, nonces=False)
Exemplo n.º 10
0
 def test_passing_environ_dict_as_request_object(self):
     req = {
         "wsgi.url_scheme": "http",
         "REQUEST_METHOD": "POST",
         "HTTP_HOST": "example.com",
         "HTTP_CONTENT_LENGTH": "11",
         "PATH_INFO": "/resource/1",
         "QUERY_STRING": "b=1&a=2",
         "wsgi.input": StringIO.StringIO("hello world")
     }
     assert not check_signature(req, TEST_KEY, nonces=False)
     authz = sign_request(req, TEST_ID, TEST_KEY, params=TEST_PARAMS)
     assert TEST_SIG in authz
     assert check_signature(req, TEST_KEY, nonces=False)
    def _check_signature(self, request, key):
        """Check the MACAuth signaure on the request.

        This method checks the MAC signature on the request against the
        supplied signing key.  If missing or invalid then HTTPUnauthorized
        is raised.
        """
        # See if we've already checked the signature on this request.
        # This is important because pyramid doesn't cache the results
        # of authenticating the request, but we mark the nonce as stale
        # after the first check.
        if request.environ.get("macauth.signature_is_valid", False):
            return True
        # Grab the (hopefully cached) params from the request.
        params = self._get_params(request)
        if params is None:
            msg = "missing MAC signature"
            raise self.challenge(request, msg)
        # Validate the signature with the given key.
        sig_valid = macauthlib.check_signature(request, key, params=params,
                                               nonces=self.nonce_cache)
        if not sig_valid:
            msg = "invalid MAC signature"
            raise self.challenge(request, msg)
        # Mark this request as having a valid signature.
        request.environ["macauth.signature_is_valid"] = True
        return True
Exemplo n.º 12
0
    def _check_signature(self, request, key):
        """Check the MACAuth signaure on the request.

        This method checks the MAC signature on the request against the
        supplied signing key.  If missing or invalid then HTTPUnauthorized
        is raised.
        """
        # See if we've already checked the signature on this request.
        # This is important because pyramid doesn't cache the results
        # of authenticating the request, but we mark the nonce as stale
        # after the first check.
        if request.environ.get("macauth.signature_is_valid", False):
            return True
        # Grab the (hopefully cached) params from the request.
        params = self._get_params(request)
        if params is None:
            msg = "missing MAC signature"
            raise self.challenge(request, msg)
        # Validate the signature with the given key.
        sig_valid = macauthlib.check_signature(request, key, params=params,
                                               nonces=self.nonce_cache)
        if not sig_valid:
            msg = "invalid MAC signature"
            raise self.challenge(request, msg)
        # Mark this request as having a valid signature.
        request.environ["macauth.signature_is_valid"] = True
        return True
Exemplo n.º 13
0
 def test_check_signature_fails_with_busted_signature(self):
     req = Request.blank("/")
     sign_request(req, "myid", "mykey")
     signature = parse_authz_header(req)["mac"]
     authz = req.environ["HTTP_AUTHORIZATION"]
     authz = authz.replace(signature, "XXX" + signature)
     req.environ["HTTP_AUTHORIZATION"] = authz
     self.assertFalse(check_signature(req, "mykey"))
Exemplo n.º 14
0
 def test_check_signature_fails_with_busted_signature(self):
     req = Request.blank("/")
     sign_request(req, "myid", "mykey")
     signature = parse_authz_header(req)["mac"]
     authz = req.environ["HTTP_AUTHORIZATION"]
     authz = authz.replace(signature, "XXX" + signature)
     req.environ["HTTP_AUTHORIZATION"] = authz
     self.assertFalse(check_signature(req, "mykey"))
Exemplo n.º 15
0
 def test_passing_webob_request_as_request_object(self):
     req = webob.Request.from_bytes(TEST_REQ)
     assert not check_signature(req, TEST_KEY, nonces=False)
     authz = sign_request(req, TEST_ID, TEST_KEY, params=TEST_PARAMS)
     assert TEST_SIG in authz
     assert check_signature(req, TEST_KEY, nonces=False)
Exemplo n.º 16
0
 def test_check_signature_errors_when_missing_id(self):
     req = b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
     req = Request.from_bytes(req)
     req.authorization = ("MAC", {"ts": "1", "nonce": "2"})
     self.assertFalse(check_signature(req, "secretkeyohsecretkey"))
Exemplo n.º 17
0
 def pre_request_hook(req):
     sign_request(req, TEST_ID, TEST_KEY)
     assert check_signature(req, TEST_KEY, nonces=False)
     raise RuntimeError("aborting the request")
Exemplo n.º 18
0
 def _check_signature(self, request, secret, params=None):
     """Check the request signature, using our local nonce cache."""
     return macauthlib.check_signature(request, secret, params=params,
                                       nonces=self.nonce_cache)
Exemplo n.º 19
0
 def test_check_signature_fails_with_non_mac_scheme(self):
     req = b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
     req = Request.from_bytes(req)
     sign_request(req, "myid", "mykey")
     req.authorization = ("OAuth", req.authorization[1])
     self.assertFalse(check_signature(req, "mykey"))
Exemplo n.º 20
0
 def test_check_signature_fails_with_non_mac_scheme(self):
     req = b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
     req = Request.from_bytes(req)
     sign_request(req, "myid", "mykey")
     req.authorization = ("OAuth", req.authorization[1])
     self.assertFalse(check_signature(req, "mykey"))
Exemplo n.º 21
0
 def __call__(self, req):
     sign_request(req, TEST_ID, TEST_KEY, params=TEST_PARAMS)
     assert check_signature(req, TEST_KEY, nonces=False)
     assert TEST_SIG in req.headers['Authorization']
     raise RuntimeError("aborting the request")
Exemplo n.º 22
0
 def test_passing_bytestring_as_request_object(self):
     assert not check_signature(TEST_REQ, TEST_KEY, nonces=False)
     authz = sign_request(TEST_REQ, TEST_ID, TEST_KEY, params=TEST_PARAMS)
     assert TEST_SIG in authz
     assert check_signature(TEST_REQ_SIGNED, TEST_KEY, nonces=False)
Exemplo n.º 23
0
 def test_passing_bytestring_as_request_object(self):
     assert not check_signature(TEST_REQ, TEST_KEY, nonces=False)
     authz = sign_request(TEST_REQ, TEST_ID, TEST_KEY, params=TEST_PARAMS)
     assert TEST_SIG in authz
     assert check_signature(TEST_REQ_SIGNED, TEST_KEY, nonces=False)
Exemplo n.º 24
0
 def test_check_signature_errors_when_missing_id(self):
     req = b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
     req = Request.from_bytes(req)
     req.authorization = ("MAC", {"ts": "1", "nonce": "2"})
     self.assertFalse(check_signature(req, "secretkeyohsecretkey"))
Exemplo n.º 25
0
 def test_passing_webob_request_as_request_object(self):
     req = webob.Request.from_bytes(TEST_REQ)
     assert not check_signature(req, TEST_KEY, nonces=False)
     authz = sign_request(req, TEST_ID, TEST_KEY, params=TEST_PARAMS)
     assert TEST_SIG in authz
     assert check_signature(req, TEST_KEY, nonces=False)
Exemplo n.º 26
0
 def pre_request_hook(req):
     sign_request(req, TEST_ID, TEST_KEY)
     assert check_signature(req, TEST_KEY, nonces=False)
     raise RuntimeError("aborting the request")