def test_validate_signature(self): params = {"key1": "val1", "key2": "val2"} sig = utils.generate_signature(params, self.secret) params["signature"] = sig self.assertTrue(utils.signature_valid(params, self.secret)) params["signature"] = "123482494523435" self.assertFalse(utils.signature_valid(params, self.secret))
def confirm_resource(self, params): """Confirm a payment This send a post request to the confirmation URI for a payment. params should contain these elements from the request - resource_uri - resource_id - resource_type - signature - state (if any) """ keys = ["resource_uri", "resource_id", "resource_type", "state"] to_check = dict([[k, v] for k, v in six.iteritems(params) if k in keys]) signature = generate_signature(to_check, self._app_secret) if not signature == params["signature"]: raise SignatureError("Invalid signature when confirming resource") auth_string = base64.b64encode( six.b("{0}:{1}".format(self._app_id, self._app_secret))) to_post = { "resource_id": params["resource_id"], "resource_type": params["resource_type"], } auth_details = (self._app_id, self._app_secret) return self.api_post("/confirm", to_post, auth=auth_details)
def test_hmac(self): # make sure our signature function # works correctly sig = utils.generate_signature({ "foo": "bar", "example": [1, "a"] }, self.secret) self.assertEqual( sig, '5a9447aef2ebd0e12d80d80c836858c6f9c13219f615ef5d135da408bcad453d')
def verify_signature(self, request): data = self.get_payload(request) if not data: logger.warning('No payload or request data found') return False pms = data.copy() pms.pop('signature') signature = generate_signature(pms, settings.GOCARDLESS_APP_SECRET) if signature == data['signature']: return True return False
def test_resource_posts(self): self.params["signature"] = utils.generate_signature(self.params, mock_account_details["app_secret"]) with patch.object(self.client, 'api_post') as mock_post: expected_data = { "resource_type":self.params["resource_type"], "resource_id":self.params["resource_id"] } expected_auth = (mock_account_details["app_id"], mock_account_details["app_secret"]) self.client.confirm_resource(self.params) expected_path = "/confirm" mock_post.assert_called_with(expected_path, expected_data, auth=expected_auth)
def confirm_resource(self, params): """Confirm a payment This send a post request to the confirmation URI for a payment. params should contain these elements from the request - resource_uri - resource_id - resource_type - signature - state (if any) """ keys = ["resource_uri", "resource_id", "resource_type", "state"] to_check = dict([[k, v] for k, v in params.items() if k in keys]) signature = generate_signature(to_check, self._app_secret) if not signature == params["signature"]: raise SignatureError("Invalid signature when confirming resource") auth_string = base64.b64encode("{0}:{1}".format(self._app_id, self._app_secret)) to_post = {"resource_id": params["resource_id"], "resource_type": params["resource_type"]} auth_details = (self._app_id, self._app_secret) self.api_post("/confirm", to_post, auth=auth_details)
def test_hmac(self): # make sure our signature function # works correctly sig = utils.generate_signature({"foo": "bar", "example": [1, "a"]}, self.secret) self.assertEqual(sig, "5a9447aef2ebd0e12d80d80c836858c6f9c13219f615ef5d135da408bcad453d")
'BBYKKNKEK4WKN9YVK0BRARGS4QHDRVJB' '8JWYM84XTR9XQ591RGFSEFQ82B0ZKKYM') js = """ { "payload": { "resource_type": "bill", "action": "refunded", "bills": [ { "id": "AKJ398H8KA", "status": "refunded", "source_type": "subscription", "source_id": "KKJ398H8K8", "amount": "20.0", "amount_minus_fees": "19.8", "paid_at": "2011-12-01T12:00:00Z", "uri": "https://gocardless.com/api/v1/bills/AKJ398H8KA" } ], "signature": "7b2bc20d10ef8322e580205fea0056524e22a862f90ffdd14ab069affd680f3e" } } """ payload = json.loads(js)['payload'] pms = payload.copy() pms.pop('signature') print generate_signature(pms, GOCARDLESS_APP_SECRET)