Add tests for signature/Host header mismatch

See tedder#65 and tedder#34. This adds a failing test that would be fixed by 8e1417.
phillipberndt · May 15, 2023 · c189603 · c189603
1 parent 046ffd1
commit c189603
Showing 1 changed file with 30 additions and 12 deletions.
diff --git a/requests_aws4auth/test/test_requests_aws4auth.py b/requests_aws4auth/test/test_requests_aws4auth.py
@@ -942,38 +942,56 @@ def test_duplicate_headers(self):
         self.assertEqual(cano_headers, cano_expected)
         self.assertEqual(signed_headers, signed_expected)
 
-    def test_netloc_port(self):
+    def test_netloc_port_is_stripped_for_standard_port(self):
         """
-        Test that change in d190dcb doesn't regress - strip port from netloc
-        before generating signature when Host header is not already present in
-        request.
+        Test that change in d190dcb doesn't regress: When urllib3 is used,
+        the Host header is not part of the prepared request, but generated later,
+        and the port is stripped from that header if it is the standard HTTPS port.
+        This verifies that if the URL explicitly contains the port the library
+        still generates a signature with the correct Host header.
 
         """
-        req = requests.Request('GET', 'http://amazonaws.com:8443')
+        req = requests.Request('GET', 'https://amazonaws.com:443')
         preq = req.prepare()
         self.assertNotIn('host', preq.headers)
         result = AWS4Auth.get_canonical_headers(preq, include=['host'])
         cano_hdrs, signed_hdrs = result
         expected = 'host:amazonaws.com\n'
         self.assertEqual(cano_hdrs, expected)
 
-    def test_netloc_port_using_httpx(self):
+    def test_netloc_port_is_kept_for_non_standard_port(self):
         """
-        Test that change in d190dcb doesn't regress - strip port from netloc
-        before generating signature when Host header is not already present in
-        request.
+        When urllib3 is used, the Host header is not part of the prepared request,
+        but generated later, and the port is kept in the header if it is not the
+        standard HTTPS port. d190dcb has a bug that also strips non-standard ports
+        from the signature, causing signature and host header to mismatch. This is
+        a regression test for that bug.
 
         """
-        req = httpx.Request('GET', 'http://amazonaws.com:8443')
+        req = requests.Request('GET', 'https://amazonaws.com:8443')
+        preq = req.prepare()
+        self.assertNotIn('host', preq.headers)
+        result = AWS4Auth.get_canonical_headers(preq, include=['host'])
+        cano_hdrs, signed_hdrs = result
+        expected = 'host:amazonaws.com:8443\n'
+        self.assertEqual(cano_hdrs, expected)
+
+    def test_netloc_port_is_kept_for_standard_port_using_httpx(self):
+        """
+        httpx is not affected by the issue d190dcb tries to fix, since it includes
+        the Host header in the prepared request. This test verifies that the
+        correct signature is generated.
+
+        """
+        req = httpx.Request('GET', 'http://amazonaws.com:443')
         req._prepare({})
         self.assertIn('host', req.headers)
         result = AWS4Auth.get_canonical_headers(req, include=['host'])
         cano_hdrs, signed_hdrs = result
-        expected = 'host:amazonaws.com:8443\n'
+        expected = 'host:amazonaws.com:443\n'
         self.assertEqual(cano_hdrs, expected)
 
 
-
 class AWS4Auth_GetCanonicalRequest_Test(unittest.TestCase):
 
     def test_amz1(self):