python/aiogram
1
0
Fork 0
mirror of https://github.com/aiogram/aiogram.git synced 2025-12-08 17:13:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Refactor aiogram/utils/auth_widget.py

Browse source 
+ fix check auth widget token in BaseBot, fix tests
This commit is contained in:
Suren Khorenyan 2019-08-16 22:33:19 +03:00
parent 9b2971a525
commit 7863f052d9
6 changed files with 103 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

4
aiogram/bot/base.py
View file

@ -13,7 +13,7 @@ from aiohttp.helpers import sentinel
from . import api from . import api
from ..types import ParseMode, base from ..types import ParseMode, base
from ..utils import json from ..utils import json
from ..utils.auth_widget import check_token from ..utils.auth_widget import check_integrity
class BaseBot: class BaseBot:
@ -266,4 +266,4 @@ class BaseBot:
self.parse_mode = None self.parse_mode = None
def check_auth_widget(self, data): def check_auth_widget(self, data):
return check_token(data, self.__token) return check_integrity(self.__token, data)

33
aiogram/utils/auth_widget.py
View file

@ -8,7 +8,10 @@ import collections
import hashlib import hashlib
import hmac import hmac
from aiogram.utils.deprecated import deprecated
@deprecated('`generate_hash` is outdated, please use `check_signature` or `check_integrity`')
def generate_hash(data: dict, token: str) -> str: def generate_hash(data: dict, token: str) -> str:
""" """
Generate secret hash Generate secret hash
@ -24,6 +27,7 @@ def generate_hash(data: dict, token: str) -> str:
return hmac.new(secret.digest(), msg.encode('utf-8'), digestmod=hashlib.sha256).hexdigest() return hmac.new(secret.digest(), msg.encode('utf-8'), digestmod=hashlib.sha256).hexdigest()
@deprecated('`check_token` helper was renamed to `check_integrity`')
def check_token(data: dict, token: str) -> bool: def check_token(data: dict, token: str) -> bool:
""" """
Validate auth token Validate auth token
@ -34,3 +38,32 @@ def check_token(data: dict, token: str) -> bool:
""" """
param_hash = data.get('hash', '') or '' param_hash = data.get('hash', '') or ''
return param_hash == generate_hash(data, token) return param_hash == generate_hash(data, token)
def check_signature(token: str, hash: str, **kwargs) -> bool:
"""
Generate hexadecimal representation
of the HMAC-SHA-256 signature of the data-check-string
with the SHA256 hash of the bot's token used as a secret key
:param token:
:param hash:
:param kwargs: all params received on auth
:return:
"""
secret = hashlib.sha256(token.encode('utf-8'))
check_string = '\n'.join(map(lambda k: f'{k}={kwargs[k]}', sorted(kwargs)))
hmac_string = hmac.new(secret.digest(), check_string.encode('utf-8'), digestmod=hashlib.sha256).hexdigest()
return hmac_string == hash
def check_integrity(token: str, data: dict) -> bool:
"""
Verify the authentication and the integrity
of the data received on user's auth
:param token: Bot's token
:param data: all data that came on auth
:return:
"""
return check_signature(token, **data)

7
aiogram/utils/deprecated.py
View file

@ -1,10 +1,11 @@
import functools import asyncio
import inspect import inspect
import warnings import warnings
import asyncio import functools
from typing import Callable
def deprecated(reason): def deprecated(reason) -> Callable:
""" """
This is a decorator which can be used to mark functions This is a decorator which can be used to mark functions
as deprecated. It will result in a warning being emitted as deprecated. It will result in a warning being emitted

18
tests/test_bot/test_api.py Normal file
View file

@ -0,0 +1,18 @@
import pytest
from aiogram.bot.api import check_token
from aiogram.utils.exceptions import ValidationError
VALID_TOKEN = '123456789:AABBCCDDEEFFaabbccddeeff-1234567890'
INVALID_TOKEN = '123456789:AABBCCDDEEFFaabbccddeeff 123456789' # Space in token and wrong length
class Test_check_token:
def test_valid(self):
assert check_token(VALID_TOKEN) is True
def test_invalid_token(self):
with pytest.raises(ValidationError):
check_token(INVALID_TOKEN)

41
tests/test_token.py
View file

@ -1,41 +0,0 @@
import pytest
from aiogram.bot import api
from aiogram.utils import auth_widget, exceptions
VALID_TOKEN = '123456789:AABBCCDDEEFFaabbccddeeff-1234567890'
INVALID_TOKEN = '123456789:AABBCCDDEEFFaabbccddeeff 123456789' # Space in token and wrong length
VALID_DATA = {
'date': 1525385236,
'first_name': 'Test',
'last_name': 'User',
'id': 123456789,
'username': 'username',
'hash': '69a9871558fbbe4cd0dbaba52fa1cc4f38315d3245b7504381a64139fb024b5b'
}
INVALID_DATA = {
'date': 1525385237,
'first_name': 'Test',
'last_name': 'User',
'id': 123456789,
'username': 'username',
'hash': '69a9871558fbbe4cd0dbaba52fa1cc4f38315d3245b7504381a64139fb024b5b'
}
def test_valid_token():
assert api.check_token(VALID_TOKEN)
def test_invalid_token():
with pytest.raises(exceptions.ValidationError):
api.check_token(INVALID_TOKEN)
def test_widget():
assert auth_widget.check_token(VALID_DATA, VALID_TOKEN)
def test_invalid_widget_data():
assert not auth_widget.check_token(INVALID_DATA, VALID_TOKEN)

46
tests/test_utils/test_auth_widget.py Normal file
View file

@ -0,0 +1,46 @@
import pytest
from aiogram.utils.auth_widget import check_integrity, \
generate_hash, check_token
TOKEN = '123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11'
@pytest.fixture
def data():
return {
'id': '42',
'first_name': 'John',
'last_name': 'Smith',
'username': 'username',
'photo_url': 'https://t.me/i/userpic/320/picname.jpg',
'auth_date': '1565810688',
'hash': 'c303db2b5a06fe41d23a9b14f7c545cfc11dcc7473c07c9c5034ae60062461ce',
}
def test_generate_hash(data):
res = generate_hash(data, TOKEN)
assert res == data['hash']
class Test_check_token:
"""
This case gonna be deleted
"""
def test_ok(self, data):
assert check_token(data, TOKEN) is True
def test_fail(self, data):
data.pop('username')
assert check_token(data, TOKEN) is False
class Test_check_integrity:
def test_ok(self, data):
assert check_integrity(TOKEN, data) is True
def test_fail(self, data):
data.pop('username')
assert check_integrity(TOKEN, data) is False