Initial Python3 support

Fix tests for using python3
Phillipmartin · Nov 15, 2015 · 83dfbed · 83dfbed
1 parent 4899ba2
commit 83dfbed
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 44 deletions.
diff --git a/flask_hmacauth.py b/flask_hmacauth.py
@@ -13,7 +13,10 @@
 import hmac
 import hashlib
 import datetime
-import urllib.parse as urlparse
+try:
+    import urlparse
+except ImportError:
+    import urllib.parse as urlparse
 
 #  simple macros where x is a request object
 GET_TIMESTAMP = lambda x: x.values.get('TIMESTAMP')
@@ -97,11 +100,11 @@ def is_authorized(self, request_obj, required_rights):
             return False
 
         # hash the request URL and Body
-        hasher = hmac.new(secret, digestmod=self._digest)
+        hasher = hmac.new(secret.encode(), digestmod=self._digest)
         # TODO: do we need encode() here?
         url = urlparse.urlparse(request.url.encode(request.charset or 'utf-8'))
         # TODO: hacky.  what about POSTs without a query string?
-        hasher.update(url.path + "?" + url.query)
+        hasher.update(url.path + b"?" + url.query)
         if request.method == "POST":
             # TODO: check request length before calling get_data()
             # to avoid memory exaustion issues

diff --git a/flask_hmacauth_test.py b/flask_hmacauth_test.py
@@ -1,6 +1,7 @@
 
 from flask import Flask
-from flask.ext.hmacauth import DictAccountBroker, HmacManager, hmac_auth, StaticAccountBroker
+from flask.ext.hmacauth import (DictAccountBroker, HmacManager,
+                                hmac_auth, StaticAccountBroker)
 import pytest
 from flask.ext.testing import TestCase
 import time
@@ -13,17 +14,17 @@ def mkdictapp():
     app.config['TESTING'] = True
     accountmgr = DictAccountBroker(
         accounts={
-            #well formed account
+            # well formed account
             "test1": {"secret": "test1secret", "rights": ["role1", "role2"]},
-            #no rights, but still well formed
+            # no rights, but still well formed
             "test2": {"secret": "test2secret", "rights": []},
-            #empty secret, still well formed (but silly)
+            # empty secret, still well formed (but silly)
             "test3": {"secret": "", "rights": ["role1", "role2"]},
-            #None secret
+            # None secret
             "test4": {"secret": None, "rights": ["role1", "role2"]},
-            #missing secret
+            # missing secret
             "test5": {"rights": ["role1", "role2"]},
-            #missing rights
+            # missing rights
             "test6": {"secret": "foo"}
         })
     hmacmgr = HmacManager(accountmgr, app)
@@ -59,11 +60,13 @@ def test5():
 
     return app
 
+
 def mkstaticapp():
     app = Flask(__name__)
     app.config['TESTING'] = True
     accountmgr = StaticAccountBroker(secret="supersecret")
-    hmacmgr = HmacManager(accountmgr, app, account_id=lambda x: "foo", valid_time=20)
+    hmacmgr = HmacManager(accountmgr, app, account_id=lambda x: "foo",
+                          valid_time=20)
 
     @app.route("/test")
     @hmac_auth()
@@ -76,6 +79,7 @@ def test1():
 
     return app
 
+
 class StaticAuthTest(TestCase):
     def create_app(self):
         return mkstaticapp()
@@ -84,18 +88,22 @@ def test_no_auth(self):
         url = "/test1"
         req = self.client.open(url)
         self.assert_200(req)
-        self.assertEquals(req.data,  'test1')
+        self.assertEqual(req.data.decode(),  'test1')
 
     def test_auth(self):
         url = "/test?TIMESTAMP="+str(int(time.time()))+"&foo=bar"
-        sig = hmac.new("supersecret", msg=url, digestmod=hashlib.sha1).hexdigest()
+        sig = hmac.new(
+            'supersecret'.encode(),
+            msg=url.encode(), digestmod=hashlib.sha1).hexdigest()
         req = self.client.open(url, headers={'X-Auth-Signature': sig})
         self.assert_200(req)
-        self.assertEquals(req.data,  'test')
+        self.assertEqual(req.data,  b'test')
 
     def test_bad_auth(self):
         url = "/test?TIMESTAMP="+str(int(time.time()))+"&foo=bar"
-        sig = hmac.new("notsupersecret", msg=url, digestmod=hashlib.sha1).hexdigest()
+        sig = hmac.new(
+            'notsupersecret'.encode(), msg=url.encode(),
+            digestmod=hashlib.sha1).hexdigest()
         req = self.client.open(url, headers={'X-Auth-Signature': sig})
         self.assert_403(req)
 
@@ -104,83 +112,90 @@ class DictAuthTest(TestCase):
     def create_app(self):
         return mkdictapp()
 
-    #endpoint with no auth
+    # endpoint with no auth
     def test_no_auth(self):
         url = "/test5"
         req = self.client.open(url)
         self.assert_200(req)
-        self.assertEquals(req.data,  'test5')
+        self.assertEqual(req.data,  b'test5')
 
-    #rights tests
+    # rights tests
     def test_rights_string(self):
         url = "/test?TIMESTAMP="+str(int(time.time()))+"&ACCOUNT_ID=test1&foo=bar"
-        sig = hmac.new("test1secret", msg=url, digestmod=hashlib.sha1).hexdigest()
+        sig = hmac.new('test1secret'.encode(), msg=url.encode(), digestmod=hashlib.sha1).hexdigest()
         req = self.client.open(url, headers={'X-Auth-Signature': sig})
         self.assert_200(req)
-        self.assertEquals(req.data,  'test')
+        self.assertEqual(req.data,  b'test')
 
     def test_rights_list(self):
         url = "/test1?TIMESTAMP="+str(int(time.time()))+"&ACCOUNT_ID=test1&foo=bar"
-        sig = hmac.new("test1secret", msg=url, digestmod=hashlib.sha1).hexdigest()
+        sig = hmac.new('test1secret'.encode(), msg=url.encode(), digestmod=hashlib.sha1).hexdigest()
         req = self.client.open(url, headers={'X-Auth-Signature': sig})
-        #req = self.client.open(url, headers={'X-Auth-Signature': sig})
+        # req = self.client.open(url, headers={'X-Auth-Signature': sig})
         self.assert_200(req)
-        self.assertEquals(req.data,  'test1')
+        self.assertEqual(req.data,  b'test1')
 
     def test_multi_rights_list(self):
         url = "/test2?TIMESTAMP="+str(int(time.time()))+"&ACCOUNT_ID=test1&foo=bar"
-        sig = hmac.new("test1secret", msg=url, digestmod=hashlib.sha1).hexdigest()
+        sig = hmac.new('test1secret'.encode(), msg=url.encode(), digestmod=hashlib.sha1).hexdigest()
         req = self.client.open(url, headers={'X-Auth-Signature': sig})
         self.assert_200(req)
-        self.assertEquals(req.data,  'test2')
+        self.assertEqual(req.data,  b'test2')
 
     def test_lacking_right(self):
         url = "/test3?TIMESTAMP="+str(int(time.time()))+"&ACCOUNT_ID=test1&foo=bar"
-        sig = hmac.new("test1secret", msg=url, digestmod=hashlib.sha1).hexdigest()
+        sig = hmac.new('test1secret'.encode(), msg=url.encode(),
+                       digestmod=hashlib.sha1).hexdigest()
         req = self.client.open(url, headers={'X-Auth-Signature': sig})
         self.assert_403(req)
 
     def test_missing_rights_key(self):
         url = "/test4?TIMESTAMP="+str(int(time.time()))+"&ACCOUNT_ID=test2&foo=bar"
-        sig = hmac.new("test2secret", msg=url, digestmod=hashlib.sha1).hexdigest()
+        sig = hmac.new('test2secret'.encode(), msg=url.encode(),
+                       digestmod=hashlib.sha1).hexdigest()
         req = self.client.get(url, headers={'X-Auth-Signature': sig})
-        self.assertEquals(req.data,  'test4')
+        self.assertEqual(req.data,  b'test4')
 
     def test_empty_acct_rights(self):
         url = "/test2?TIMESTAMP="+str(int(time.time()))+"&ACCOUNT_ID=test2&foo=bar"
-        sig = hmac.new("test2secret", msg=url, digestmod=hashlib.sha1).hexdigest()
+        sig = hmac.new('test2secret'.encode(), msg=url.encode(),
+                       digestmod=hashlib.sha1).hexdigest()
         req = self.client.open(url, headers={'X-Auth-Signature': sig})
         self.assert_403(req)
 
     def test_no_acct_rights(self):
         url = "/test2?TIMESTAMP="+str(int(time.time()))+"&ACCOUNT_ID=test6&foo=bar"
-        sig = hmac.new("foo", msg=url, digestmod=hashlib.sha1).hexdigest()
+        sig = hmac.new('foo'.encode(), msg=url.encode(),
+                       digestmod=hashlib.sha1).hexdigest()
         req = self.client.open(url, headers={'X-Auth-Signature': sig})
         self.assert_403(req)
 
-    #Time tests
+    # Time tests
     def test_time_expired(self):
         url = "/test1?TIMESTAMP="+str(int(time.time())-30)+"&ACCOUNT_ID=test1&foo=bar"
-        sig = hmac.new("test1secret", msg=url, digestmod=hashlib.sha1).hexdigest()
+        sig = hmac.new('test1secret'.encode(), msg=url.encode(),
+                       digestmod=hashlib.sha1).hexdigest()
         req = self.client.open(url, headers={'X-Auth-Signature': sig})
         self.assert_403(req)
 
     def test_time_in_future(self):
         url = "/test1?TIMESTAMP="+str(int(time.time())+60)+"&ACCOUNT_ID=test1&foo=bar"
-        sig = hmac.new("test1secret", msg=url, digestmod=hashlib.sha1).hexdigest()
+        sig = hmac.new('test1secret'.encode(), msg=url.encode(),
+                       digestmod=hashlib.sha1).hexdigest()
         req = self.client.open(url, headers={'X-Auth-Signature': sig})
         self.assert_403(req)
 
     def test_missing_time(self):
         url = "/test1?ACCOUNT_ID=test1&foo=bar"
-        sig = hmac.new("test1secret", msg=url, digestmod=hashlib.sha1).hexdigest()
+        sig = hmac.new('test1secret'.encode(), msg=url.encode(),
+                       digestmod=hashlib.sha1).hexdigest()
         req = self.client.open(url, headers={'X-Auth-Signature': sig})
         self.assert_403(req)
 
-    #key tests
+    # key tests
     def test_bad_account(self):
         url = "/test1?TIMESTAMP="+str(int(time.time()))+"&ACCOUNT_ID=test7&foo=bar"
-        sig = hmac.new("test1secret", msg=url, digestmod=hashlib.sha1).hexdigest()
+        sig = hmac.new('test1secret'.encode(), msg=url.encode(), digestmod=hashlib.sha1).hexdigest()
         req = self.client.open(url, headers={'X-Auth-Signature': sig})
         self.assert_403(req)
 
@@ -191,38 +206,45 @@ def test_missing_sig(self):
 
     def test_missing_account(self):
         url = "/test1?TIMESTAMP="+str(int(time.time()))+"&foo=bar"
-        sig = hmac.new("test1secret", msg=url, digestmod=hashlib.sha1).hexdigest()
+        sig = hmac.new('test1secret'.encode(), msg=url.encode(),
+                       digestmod=hashlib.sha1).hexdigest()
         req = self.client.open(url, headers={'X-Auth-Signature': sig})
         self.assert_403(req)
 
     def test_bad_sig(self):
         url = "/test1?TIMESTAMP="+str(int(time.time()))+"&ACCOUNT_ID=test1&foo=bar"
-        sig = hmac.new("test1secret", msg=url, digestmod=hashlib.sha1).hexdigest()
+        sig = hmac.new('test1secret'.encode(), msg=url.encode(),
+                       digestmod=hashlib.sha1).hexdigest()
         url += "&bar=baz"
         req = self.client.open(url, headers={'X-Auth-Signature': sig})
         self.assert_403(req)
 
     def test_post_success(self):
         url = "/test1?TIMESTAMP="+str(int(time.time()))+"&ACCOUNT_ID=test1"
         post_body="test=test1&test2=test3"
-        sig = hmac.new("test1secret", msg=url+post_body, digestmod=hashlib.sha1).hexdigest()
-        req = self.client.open(url, headers={'X-Auth-Signature': sig}, method="POST", data=post_body)
+        sig = hmac.new('test1secret'.encode(), msg=(url+post_body).encode(),
+                       digestmod=hashlib.sha1).hexdigest()
+        req = self.client.open(url, headers={'X-Auth-Signature': sig},
+                               method="POST", data=post_body)
         self.assert_200(req)
 
 
     def test_post_sig_fail(self):
         url = "/test1?TIMESTAMP="+str(int(time.time()))+"&ACCOUNT_ID=test1"
         post_body="test=test1&test2=test3"
-        sig = hmac.new("test1secret", msg=url+post_body, digestmod=hashlib.sha1).hexdigest()
-        req = self.client.open(url, headers={'X-Auth-Signature': sig}, method="POST", data=post_body+"&test3=test4")
+        sig = hmac.new('test1secret'.encode(), msg=(url+post_body).encode(),
+                       digestmod=hashlib.sha1).hexdigest()
+        req = self.client.open(url, headers={'X-Auth-Signature': sig},
+                               method="POST", data=post_body+"&test3=test4")
         self.assert_403(req)
 
     def test_post_missing_sig(self):
         url = "/test1?TIMESTAMP="+str(int(time.time()))+"&ACCOUNT_ID=test1"
         post_body="test=test1&test2=test3"
-        sig = hmac.new("test1secret", msg=url+post_body, digestmod=hashlib.sha1).hexdigest()
+        sig = hmac.new('test1secret'.encode(), msg=(url+post_body).encode(),
+                       digestmod=hashlib.sha1).hexdigest()
         req = self.client.open(url, method="POST", data=post_body)
         self.assert_403(req)
 
 if __name__ == '__main__':
-    pytest.main()
+    pytest.main()