Check that the date in the signature isn't too old.
This commit is contained in:
Adam Kelly
parent
52eeabc5bb
commit
b1516f18be
2 changed files with 22 additions and 2 deletions
|
|
@ -1,3 +1,4 @@
|
|||
import time
|
||||
from collections import namedtuple
|
||||
from urllib.parse import urlsplit
|
||||
|
||||
|
|
@ -51,8 +52,9 @@ class Signature(TestCase):
|
|||
sender,
|
||||
signer=None,
|
||||
send_data=None,
|
||||
digest=None):
|
||||
now = http_date()
|
||||
digest=None,
|
||||
date=None):
|
||||
now = date or http_date()
|
||||
data = get_follow_data(sender, self.rat)
|
||||
signature = make_signature(
|
||||
signer or sender, self.rat.inbox, now, digest or make_digest(data))
|
||||
|
|
@ -105,3 +107,11 @@ class Signature(TestCase):
|
|||
self.mouse,
|
||||
digest='SHA-256=AAAAAAAAAAAAAAAAAA')
|
||||
self.assertEqual(response.status_code, 401)
|
||||
|
||||
def test_old_message(self):
|
||||
'''Old messages should be rejected to prevent replay attacks.'''
|
||||
response = self.send_test_request(
|
||||
self.mouse,
|
||||
date=http_date(time.time() - 301)
|
||||
)
|
||||
self.assertEqual(response.status_code, 401)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue