0001-fix-key-type-in-request-signing-7866.patch
passerelle/base/signature.py | ||
---|---|---|
33 | 33 | |
34 | 34 |
def sign_string(s, key, algo='sha256', timedelta=30): |
35 | 35 |
digestmod = getattr(hashlib, algo) |
36 |
if isinstance(key, unicode): |
|
37 |
key = key.encode('utf-8') |
|
36 | 38 |
hash = hmac.HMAC(key, digestmod=digestmod, msg=s) |
37 | 39 |
return hash.digest() |
38 | 40 |
tests/test_api_access.py | ||
---|---|---|
1 |
import re |
|
2 |
import sys |
|
3 | ||
4 |
from django.contrib.auth.models import User |
|
5 |
from django.core.wsgi import get_wsgi_application |
|
6 |
from django.contrib.contenttypes.models import ContentType |
|
7 |
from django.core.urlresolvers import reverse |
|
8 | ||
9 |
import pytest |
|
10 |
from webtest import TestApp |
|
11 | ||
12 |
from passerelle.base import signature |
|
13 |
from passerelle.base.models import ApiUser, AccessRight |
|
14 |
from oxyd.models import OxydSMSGateway |
|
15 | ||
16 |
pytestmark = pytest.mark.django_db |
|
17 | ||
18 |
@pytest.fixture |
|
19 |
def setup(): |
|
20 |
app = TestApp(get_wsgi_application()) |
|
21 |
oxyd = OxydSMSGateway.objects.create(title='eservices', |
|
22 |
slug='eservices', |
|
23 |
username='user', |
|
24 |
description='oxyd', |
|
25 |
password='secret') |
|
26 |
return app, oxyd |
|
27 | ||
28 |
def test_anonymous_access(setup): |
|
29 |
app, oxyd = setup |
|
30 |
resp = app.post_json(reverse('oxyd-send', kwargs={'slug': oxyd.slug})+'?raise=1', |
|
31 |
{}, status=403) |
|
32 | ||
33 |
def test_access_with_good_signature(setup): |
|
34 |
app, oxyd = setup |
|
35 |
api = ApiUser.objects.create(username='eservices', |
|
36 |
fullname='Eservices User', |
|
37 |
description='eservices', |
|
38 |
keytype='SIGN', |
|
39 |
key='12345') |
|
40 |
obj_type = ContentType.objects.get_for_model(OxydSMSGateway) |
|
41 | ||
42 |
AccessRight.objects.create(codename='can_send_messages', |
|
43 |
apiuser=api, |
|
44 |
resource_type=obj_type, |
|
45 |
resource_pk=oxyd.pk, |
|
46 |
) |
|
47 |
url = signature.sign_url(reverse('oxyd-send', kwargs={'slug': oxyd.slug}) + '?orig=eservices', '12345') |
|
48 |
# for empty payload the connector returns 500 with |
|
49 |
# {"err_desc": "missing \"message\" in JSON payload"} |
|
50 |
resp = app.post_json(url, {}, status=500) |
|
51 |
assert resp.json['err_desc'] == 'missing "message" in JSON payload' |
|
0 |
- |