0001-signature-verify-nonce-only-if-it-exists-41362.patch
hobo/signature.py | ||
---|---|---|
57 | 57 |
'timestamp' in parsed): |
58 | 58 |
return False |
59 | 59 |
if known_nonce is not None: |
60 |
if ('nonce' not in parsed) or known_nonce(parsed['nonce'][0]): |
|
60 |
nonce = parsed['nonce'][0] if 'nonce' in parsed else None |
|
61 |
if known_nonce(nonce): |
|
61 | 62 |
return False |
62 | 63 |
unsigned_query, signature_content = query.split('&signature=', 1) |
63 | 64 |
if '&' in signature_content: |
tests/test_signature.py | ||
---|---|---|
48 | 48 | |
49 | 49 |
# Test known_nonce |
50 | 50 |
def known_nonce(nonce): |
51 |
return nonce == 'xxx' |
|
51 |
return bool(nonce == 'xxx') |
|
52 |
assert not signature.check_url(signature.sign_url(URL, KEY, nonce='xxx'), KEY, known_nonce=known_nonce) |
|
52 | 53 |
assert signature.check_url(signature.sign_url(URL, KEY), KEY, known_nonce=known_nonce) |
53 | 54 |
assert signature.check_url(signature.sign_url(URL, KEY, nonce='zzz'), KEY, known_nonce=known_nonce) |
55 |
assert signature.check_url(signature.sign_url(URL, KEY, nonce=''), KEY, known_nonce=known_nonce) # no nonce in query string |
|
56 |
def known_nonce(nonce): |
|
57 |
return bool(nonce in ('xxx', None)) # require a nonce |
|
54 | 58 |
assert not signature.check_url(signature.sign_url(URL, KEY, nonce='xxx'), KEY, known_nonce=known_nonce) |
59 |
assert signature.check_url(signature.sign_url(URL, KEY), KEY, known_nonce=known_nonce) |
|
60 |
assert signature.check_url(signature.sign_url(URL, KEY, nonce='zzz'), KEY, known_nonce=known_nonce) |
|
55 | 61 |
assert not signature.check_url(signature.sign_url(URL, KEY, nonce=''), KEY, known_nonce=known_nonce) |
56 | 62 | |
57 | 63 |
# Test timedelta |
58 |
- |