Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
zeppelin-no
zeppelin-no / rest-framework-hmac python
Repository URL to install this package:
|
Version:
1.0 ▾
|
# -*- encoding: utf-8 -*-
from __future__ import unicode_literals
from datetime import datetime, timedelta
from django.contrib.auth import get_user_model
from django.test import RequestFactory, TestCase
from rest_framework.exceptions import AuthenticationFailed
from rest_framework_hmac.authentication import SignatureAuthentication
from . import settings
from .models import ApiKey
from hashlib import sha1
import hmac
class HMACTest(TestCase):
def setUp(self):
user_model = get_user_model()
self.client = RequestFactory()
self.user = user_model(
username='robert',
email='robert.kolner@gmail.com',
)
self.user.set_password('pass')
self.user.save()
key = ApiKey(name='Test Key', user=self.user)
key.save()
self.api_key = str(key.key)
self.secret_key = str(key.secret)
def test_post_form_passing_hmac_auth(self):
"""Ensure POSTing json over hmac auth with correct credentials passes"""
data = {
'uid': self.user.id,
'email': 'not_testesen@test.com',
'full_name': 'Leonidas'
}
self._send_request('put', '/', data)
def test_send_expired(self):
self._send_request('get', '/', send_expired=True)
def _send_request(self, method, url, data=None, send_expired=False):
timestamp = datetime.utcnow()
if send_expired:
timestamp -= timedelta(seconds=settings.EXPIRATION_TIME + 1)
timestamp_string = timestamp.isoformat() + 'Z'
signature_value = '(request-target): {0} {1}\nx-auth-timestamp: {2}\nx-auth-api-key: {3}'.format(
method.lower(), url, timestamp_string, self.api_key
)
signature = hmac.new(self.secret_key, signature_value, sha1).hexdigest()
headers = {
settings.TIMESTAMP_HEADER: timestamp_string,
settings.API_KEY_HEADER: self.api_key,
settings.SIGNATURE_HEADER: 'signature {}'.format(signature)
}
request_data = self.client._encode_data(data, 'json')
request = self.client.generic(
method=method.upper(),
path=url,
data=request_data,
content_type='application/json',
**headers
)
authentication = SignatureAuthentication()
try:
user, token = authentication.authenticate(request)
exc = None
except AuthenticationFailed as e:
user, token = None, None
exc = e
if send_expired:
self.assertIsNone(user, "Expired token was accepted with for the user '{}' and key '{}'!".format(self.user, self.api_key))
else:
self.assertIsNotNone(user, "The user hasn't been authenticated! Error: " + str(exc))
self.assertIsNotNone(token, "The user has been authenticated, but token wasn't returned! Error: " + str(exc))