0001-signature-verify-nonce-only-if-it-exists-41362.patch
| hobo/signature.py | ||
|---|---|---|
| 57 | 57 |
'timestamp' in parsed): |
| 58 | 58 |
return False |
| 59 | 59 |
if known_nonce is not None: |
| 60 |
if ('nonce' not in parsed) or known_nonce(parsed['nonce'][0]):
|
|
| 60 |
nonce = parsed['nonce'][0] if 'nonce' in parsed else None |
|
| 61 |
if known_nonce(nonce): |
|
| 61 | 62 |
return False |
| 62 | 63 |
unsigned_query, signature_content = query.split('&signature=', 1)
|
| 63 | 64 |
if '&' in signature_content: |
| tests/test_signature.py | ||
|---|---|---|
| 48 | 48 | |
| 49 | 49 |
# Test known_nonce |
| 50 | 50 |
def known_nonce(nonce): |
| 51 |
return nonce == 'xxx' |
|
| 51 |
return bool(nonce == 'xxx') |
|
| 52 |
assert not signature.check_url(signature.sign_url(URL, KEY, nonce='xxx'), KEY, known_nonce=known_nonce) |
|
| 52 | 53 |
assert signature.check_url(signature.sign_url(URL, KEY), KEY, known_nonce=known_nonce) |
| 53 | 54 |
assert signature.check_url(signature.sign_url(URL, KEY, nonce='zzz'), KEY, known_nonce=known_nonce) |
| 55 |
assert signature.check_url(signature.sign_url(URL, KEY, nonce=''), KEY, known_nonce=known_nonce) # no nonce in query string |
|
| 56 |
def known_nonce(nonce): |
|
| 57 |
return bool(nonce in ('xxx', None)) # require a nonce
|
|
| 54 | 58 |
assert not signature.check_url(signature.sign_url(URL, KEY, nonce='xxx'), KEY, known_nonce=known_nonce) |
| 59 |
assert signature.check_url(signature.sign_url(URL, KEY), KEY, known_nonce=known_nonce) |
|
| 60 |
assert signature.check_url(signature.sign_url(URL, KEY, nonce='zzz'), KEY, known_nonce=known_nonce) |
|
| 55 | 61 |
assert not signature.check_url(signature.sign_url(URL, KEY, nonce=''), KEY, known_nonce=known_nonce) |
| 56 | 62 | |
| 57 | 63 |
# Test timedelta |
| 58 |
- |
|