Skip to content

Commit

Permalink
Add tests for signature/Host header mismatch
Browse files Browse the repository at this point in the history 
See #65 and #34. This adds a failing test that would be fixed by 8e1417.
  • Loading branch information
@phillipberndt @tedder
phillipberndt authored and tedder committed May 15, 2023
1 parent 046ffd1 commit 9e9e7bf
Showing 1 changed file with 48 additions and 11 deletions.
59 changes: 48 additions & 11 deletions requests_aws4auth/test/test_requests_aws4auth.py
View file
Expand Up @@ -942,36 +942,73 @@ def test_duplicate_headers(self):
self.assertEqual(cano_headers, cano_expected)
self.assertEqual(signed_headers, signed_expected)

def test_netloc_port(self):
def test_netloc_port_is_stripped_for_standard_port(self):
"""
Test that change in d190dcb doesn't regress - strip port from netloc
before generating signature when Host header is not already present in
request.
Test that change in d190dcb doesn't regress: The Host header is not
part of the prepared request, but generated later, and the port is
stripped from that header if it is the standard HTTPS port. This
verifies that if the URL explicitly contains the port the library still
generates a signature with the correct Host header.
"""
req = requests.Request('GET', 'http://amazonaws.com:8443')
req = requests.Request('GET', 'https://amazonaws.com:443')
preq = req.prepare()
self.assertNotIn('host', preq.headers)
result = AWS4Auth.get_canonical_headers(preq, include=['host'])
cano_hdrs, signed_hdrs = result
expected = 'host:amazonaws.com\n'
self.assertEqual(cano_hdrs, expected)

def test_netloc_port_using_httpx(self):
def test_netloc_port_is_kept_for_non_standard_port(self):
"""
Test that change in d190dcb doesn't regress - strip port from netloc
before generating signature when Host header is not already present in
request.
The Host header is not part of the prepared request, but generated
later, and the port is kept in the header if it is not the standard
HTTPS port. d190dcb has a bug that also strips non-standard ports from
the signature, causing signature and host header to mismatch. This is a
regression test for that bug.
"""
req = httpx.Request('GET', 'http://amazonaws.com:8443')
req = requests.Request('GET', 'https://amazonaws.com:8443')
preq = req.prepare()
self.assertNotIn('host', preq.headers)
result = AWS4Auth.get_canonical_headers(preq, include=['host'])
cano_hdrs, signed_hdrs = result
expected = 'host:amazonaws.com:8443\n'
self.assertEqual(cano_hdrs, expected)

def test_netloc_port_is_stripped_for_standard_port_using_httpx(self):
"""
Test that change in d190dcb doesn't regress: The Host header is part of
the prepared request with httpx, and the port is stripped from that
header if it is the standard HTTPS port. This verifies that if the URL
explicitly contains the port the library generates a signature
with the correct Host header.
"""
req = httpx.Request('GET', 'https://amazonaws.com:443')
req._prepare({})
self.assertIn('host', req.headers)
result = AWS4Auth.get_canonical_headers(req, include=['host'])
cano_hdrs, signed_hdrs = result
expected = 'host:amazonaws.com:8443\n'
expected = 'host:amazonaws.com\n'
self.assertEqual(cano_hdrs, expected)

def test_netloc_port_is_kept_for_non_standard_port_using_httpx(self):
"""
Test that change in d190dcb doesn't regress: The Host header is part of
the prepared request with httpx, and the port is kept in the header if
it is not the standard HTTPS port. This verifies that if the URL
explicitly contains the port the library generates a signature with the
correct Host header.
"""
req = httpx.Request('GET', 'https://amazonaws.com:8443')
req._prepare({})
self.assertIn('host', req.headers)
result = AWS4Auth.get_canonical_headers(req, include=['host'])
cano_hdrs, signed_hdrs = result
expected = 'host:amazonaws.com:8443\n'
self.assertEqual(cano_hdrs, expected)


class AWS4Auth_GetCanonicalRequest_Test(unittest.TestCase):
Expand Down

0 comments on commit 9e9e7bf

Please sign in to comment.