1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
|
import base64
import json
import os
import unittest
import time
from typing import cast, Union, Dict
import http_ece
import py_vapid
import requests
from unittest.mock import patch, Mock, AsyncMock
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend
from pywebpush import WebPusher, NoData, WebPushException, CaseInsensitiveDict, webpush
class WebpushTestUtils(unittest.TestCase):
# This is a exported DER formatted string of an ECDH public key
# This was lifted from the py_vapid tests.
vapid_key = (
"MHcCAQEEIPeN1iAipHbt8+/KZ2NIF8NeN24jqAmnMLFZEMocY8RboAoGCCqGSM49"
"AwEHoUQDQgAEEJwJZq/GN8jJbo1GGpyU70hmP2hbWAUpQFKDByKB81yldJ9GTklB"
"M5xqEwuPM7VuQcyiLDhvovthPIXx+gsQRQ=="
)
def _gen_subscription_info(self, recv_key=None, endpoint="https://example.com/"):
if not recv_key:
recv_key = ec.generate_private_key(ec.SECP256R1(), default_backend())
return {
"endpoint": endpoint,
"keys": {
"auth": base64.urlsafe_b64encode(os.urandom(16)).strip(b"="),
"p256dh": self._get_pubkey_str(recv_key),
},
}
def _get_pubkey_str(self, priv_key):
return base64.urlsafe_b64encode(
priv_key.public_key().public_bytes(
encoding=serialization.Encoding.X962,
format=serialization.PublicFormat.UncompressedPoint,
)
).strip(b"=")
def test_init(self):
# use static values so we know what to look for in the reply
subscription_info = {
"endpoint": "https://example.com/",
"keys": {
"p256dh": (
"BOrnIslXrUow2VAzKCUAE4sIbK00daEZCswOcf8m3T"
"F8V82B-OpOg5JbmYLg44kRcvQC1E2gMJshsUYA-_zMPR8"
),
"auth": "k8JV6sjdbhAi1n3_LDBLvA",
},
}
rk_decode = (
b'\x04\xea\xe7"\xc9W\xadJ0\xd9P3(%\x00\x13\x8b'
b"\x08l\xad4u\xa1\x19\n\xcc\x0eq\xff&\xdd1"
b"|W\xcd\x81\xf8\xeaN\x83\x92[\x99\x82\xe0\xe3"
b"\x89\x11r\xf4\x02\xd4M\xa00\x9b!\xb1F\x00"
b"\xfb\xfc\xcc=\x1f"
)
self.assertRaises(
WebPushException, WebPusher, {"keys": {"p256dh": "AAA=", "auth": "AAA="}}
)
self.assertRaises(
WebPushException,
WebPusher,
{"endpoint": "https://example.com", "keys": {"p256dh": "AAA="}},
)
self.assertRaises(
WebPushException,
WebPusher,
{"endpoint": "https://example.com", "keys": {"auth": "AAA="}},
)
self.assertRaises(
WebPushException,
WebPusher,
{
"endpoint": "https://example.com",
"keys": {"p256dh": "AAA=", "auth": "AAA="},
},
)
push = WebPusher(subscription_info)
assert push.subscription_info != subscription_info
assert push.subscription_info["keys"] != subscription_info["keys"]
assert push.subscription_info["endpoint"] == subscription_info["endpoint"]
assert push.receiver_key == rk_decode
assert push.auth_key == b'\x93\xc2U\xea\xc8\xddn\x10"\xd6}\xff,0K\xbc'
def test_encode(self):
for content_encoding in ["aesgcm", "aes128gcm"]:
recv_key = ec.generate_private_key(ec.SECP256R1(), default_backend())
subscription_info = self._gen_subscription_info(recv_key)
data = "Mary had a little lamb, with some nice mint jelly"
push = WebPusher(subscription_info)
encoded = push.encode(data.encode(), content_encoding=content_encoding)
"""
crypto_key = base64.urlsafe_b64encode(
self._get_pubkey_str(recv_key)
).strip(b'=')
"""
# Convert these b64 strings into their raw, binary form.
raw_salt = None
if "salt" in encoded:
raw_salt = base64.urlsafe_b64decode(push._repad(encoded["salt"]))
raw_dh = None
if content_encoding != "aes128gcm":
raw_dh = base64.urlsafe_b64decode(push._repad(encoded["crypto_key"]))
raw_auth = base64.urlsafe_b64decode(
push._repad(subscription_info["keys"]["auth"])
)
decoded = http_ece.decrypt(
encoded["body"],
salt=raw_salt,
dh=raw_dh,
private_key=recv_key,
auth_secret=raw_auth,
version=content_encoding,
)
assert decoded.decode("utf8") == data
def test_bad_content_encoding(self):
subscription_info = self._gen_subscription_info()
data = "Mary had a little lamb, with some nice mint jelly"
push = WebPusher(subscription_info)
self.assertRaises(
WebPushException, push.encode, data, content_encoding="aesgcm128"
)
@patch("requests.post")
def test_send(self, mock_post):
subscription_info = self._gen_subscription_info()
headers = {"Crypto-Key": "pre-existing", "Authentication": "bearer vapid"}
data = "Mary had a little lamb"
WebPusher(subscription_info).send(data, headers)
assert subscription_info.get("endpoint") == mock_post.call_args[0][0]
pheaders = mock_post.call_args[1].get("headers")
assert pheaders.get("ttl") == "0"
assert pheaders.get("AUTHENTICATION") == headers.get("Authentication")
ckey = pheaders.get("crypto-key")
assert "pre-existing" in ckey
assert pheaders.get("content-encoding") == "aes128gcm"
@patch("requests.post")
def test_send_vapid(self, mock_post):
mock_post.return_value.status_code = 200
subscription_info = self._gen_subscription_info()
data = "Mary had a little lamb"
webpush(
subscription_info=subscription_info,
data=data,
vapid_private_key=self.vapid_key,
vapid_claims={"sub": "mailto:ops@example.com"},
content_encoding="aesgcm",
headers={"Test-Header": "test-value"},
)
assert subscription_info.get("endpoint") == mock_post.call_args[0][0]
pheaders = mock_post.call_args[1].get("headers")
assert pheaders.get("ttl") == "0"
def repad(str):
return str + "===="[: len(str) % 4]
auth = json.loads(
base64.urlsafe_b64decode(
repad(pheaders["authorization"].split(".")[1])
).decode("utf8")
)
assert subscription_info.get("endpoint", "").startswith(auth["aud"])
assert "vapid" in pheaders.get("authorization")
ckey = pheaders.get("crypto-key")
assert "dh=" in ckey
assert pheaders.get("content-encoding") == "aesgcm"
assert pheaders.get("test-header") == "test-value"
@patch.object(WebPusher, "send")
@patch.object(py_vapid.Vapid, "sign")
def test_webpush_vapid_instance(self, vapid_sign, pusher_send):
pusher_send.return_value.status_code = 200
subscription_info = self._gen_subscription_info()
data = "Mary had a little lamb"
vapid_key = py_vapid.Vapid.from_string(self.vapid_key)
claims: Dict[str, Union[str, int]] = dict(
sub="mailto:ops@example.com", aud="https://example.com"
)
webpush(
subscription_info=subscription_info,
data=data,
vapid_private_key=vapid_key,
vapid_claims=claims,
)
vapid_sign.assert_called_once_with(claims)
pusher_send.assert_called_once()
@patch.object(WebPusher, "send")
@patch.object(py_vapid.Vapid, "sign")
def test_webpush_vapid_exp(self, vapid_sign, pusher_send):
pusher_send.return_value.status_code = 200
subscription_info = self._gen_subscription_info()
data = "Mary had a little lamb"
vapid_key = py_vapid.Vapid.from_string(self.vapid_key)
claims = dict(
sub="mailto:ops@example.com",
aud="https://example.com",
exp=int(time.time() - 48600),
)
webpush(
subscription_info=subscription_info,
data=data,
vapid_private_key=vapid_key,
vapid_claims=claims,
)
vapid_sign.assert_called_once_with(claims)
pusher_send.assert_called_once()
assert int(claims["exp"]) > int(time.time())
@patch("requests.post")
def test_send_bad_vapid_no_key(self, mock_post):
mock_post.return_value.status_code = 200
subscription_info = self._gen_subscription_info()
data = "Mary had a little lamb"
self.assertRaises(
WebPushException,
webpush,
subscription_info=subscription_info,
data=data,
vapid_claims={
"aud": "https://example.com",
"sub": "mailto:ops@example.com",
},
)
@patch("requests.post")
def test_send_bad_vapid_bad_return(self, mock_post):
mock_post.return_value.status_code = 410
subscription_info = self._gen_subscription_info()
data = "Mary had a little lamb"
self.assertRaises(
WebPushException,
webpush,
subscription_info=subscription_info,
data=data,
vapid_claims={
"aud": "https://example.com",
"sub": "mailto:ops@example.com",
},
vapid_private_key=self.vapid_key,
)
@patch("requests.post")
def test_send_empty(self, mock_post):
subscription_info = self._gen_subscription_info()
headers = {"Crypto-Key": "pre-existing", "Authentication": "bearer vapid"}
WebPusher(subscription_info).send("", headers)
assert subscription_info.get("endpoint") == mock_post.call_args[0][0]
pheaders = mock_post.call_args[1].get("headers")
assert pheaders.get("ttl") == "0"
assert "encryption" not in pheaders
assert pheaders.get("AUTHENTICATION") == headers.get("Authentication")
ckey = pheaders.get("crypto-key")
assert "pre-existing" in ckey
def test_encode_empty(self):
subscription_info = self._gen_subscription_info()
headers = {"Crypto-Key": "pre-existing", "Authentication": "bearer vapid"}
pusher = WebPusher(subscription_info)
self.assertRaises(NoData, pusher.encode, "", headers)
def test_encode_no_crypto(self):
subscription_info = self._gen_subscription_info()
del subscription_info["keys"]
headers = {"Crypto-Key": "pre-existing", "Authentication": "bearer vapid"}
data = "Something"
pusher = WebPusher(subscription_info)
self.assertRaises(WebPushException, pusher.encode, data, headers)
@patch("requests.post")
def test_send_no_headers(self, mock_post):
subscription_info = self._gen_subscription_info()
data = "Mary had a little lamb"
WebPusher(subscription_info).send(data)
assert subscription_info.get("endpoint") == mock_post.call_args[0][0]
pheaders = mock_post.call_args[1].get("headers")
assert pheaders.get("ttl") == "0"
assert pheaders.get("content-encoding") == "aes128gcm"
@patch("pywebpush.open")
def test_as_curl(self, opener):
subscription_info = self._gen_subscription_info()
result = webpush(
subscription_info,
data="Mary had a little lamb",
vapid_claims={
"aud": "https://example.com",
"sub": "mailto:ops@example.com",
},
vapid_private_key=self.vapid_key,
curl=True,
)
result = cast(str, result)
for s in [
"curl -vX POST https://example.com",
'-H "content-encoding: aes128gcm"',
'-H "authorization: vapid ',
'-H "ttl: 0"',
'-H "content-length:',
]:
assert s in result, "missing: {}".format(s)
def test_ci_dict(self):
ci = CaseInsensitiveDict({"Foo": "apple", "bar": "banana"})
assert "apple" == ci["foo"]
assert "apple" == ci.get("FOO")
assert "apple" == ci.get("Foo")
del ci["FOO"]
assert ci.get("Foo") is None
@patch("requests.post")
def test_gcm(self, mock_post):
subscription_info = self._gen_subscription_info(
None, endpoint="https://android.googleapis.com/gcm/send/regid123"
)
headers = {"Crypto-Key": "pre-existing", "Authentication": "bearer vapid"}
data = "Mary had a little lamb"
wp = WebPusher(subscription_info)
wp.send(data, headers, gcm_key="gcm_key_value")
pdata = json.loads(mock_post.call_args[1].get("data"))
pheaders = mock_post.call_args[1].get("headers")
assert pdata["registration_ids"][0] == "regid123"
assert pheaders.get("authorization") == "key=gcm_key_value"
assert pheaders.get("content-type") == "application/json"
@patch("requests.post")
def test_timeout(self, mock_post):
mock_post.return_value.status_code = 200
subscription_info = self._gen_subscription_info()
WebPusher(subscription_info).send(timeout=5.2)
assert mock_post.call_args[1].get("timeout") == 5.2
webpush(subscription_info, timeout=10.001)
assert mock_post.call_args[1].get("timeout") == 10.001
@patch("requests.Session")
def test_send_using_requests_session(self, mock_session):
subscription_info = self._gen_subscription_info()
headers = {"Crypto-Key": "pre-existing", "Authentication": "bearer vapid"}
data = "Mary had a little lamb"
WebPusher(subscription_info, requests_session=mock_session).send(data, headers)
assert subscription_info.get("endpoint") == mock_session.post.call_args[0][0]
pheaders = mock_session.post.call_args[1].get("headers")
assert pheaders.get("ttl") == "0"
assert pheaders.get("AUTHENTICATION") == headers.get("Authentication")
ckey = pheaders.get("crypto-key")
assert "pre-existing" in ckey
assert pheaders.get("content-encoding") == "aes128gcm"
class WebPusherAsyncTestCase(WebpushTestUtils, unittest.IsolatedAsyncioTestCase):
@patch("aiohttp.ClientSession.post", new_callable=AsyncMock)
async def test_send(self, mock_post):
subscription_info = self._gen_subscription_info()
headers = {"Crypto-Key": "pre-existing", "Authentication": "bearer vapid"}
data = "Mary had a little lamb"
await WebPusher(subscription_info).send_async(data, headers)
assert subscription_info.get("endpoint") == mock_post.call_args[0][0]
pheaders = mock_post.call_args[1].get("headers")
assert pheaders.get("ttl") == "0"
assert pheaders.get("AUTHENTICATION") == headers.get("Authentication")
ckey = pheaders.get("crypto-key")
assert "pre-existing" in ckey
assert pheaders.get("content-encoding") == "aes128gcm"
@patch("aiohttp.ClientSession.post", new_callable=AsyncMock)
async def test_send_empty(self, mock_post):
subscription_info = self._gen_subscription_info()
headers = {"Crypto-Key": "pre-existing", "Authentication": "bearer vapid"}
await WebPusher(subscription_info).send_async("", headers)
assert subscription_info.get("endpoint") == mock_post.call_args[0][0]
pheaders = mock_post.call_args[1].get("headers")
assert pheaders.get("ttl") == "0"
assert "encryption" not in pheaders
assert pheaders.get("AUTHENTICATION") == headers.get("Authentication")
ckey = pheaders.get("crypto-key")
assert "pre-existing" in ckey
@patch("aiohttp.ClientSession.post", new_callable=AsyncMock)
async def test_send_no_headers(self, mock_post):
subscription_info = self._gen_subscription_info()
data = "Mary had a little lamb"
await WebPusher(subscription_info).send_async(data)
assert subscription_info.get("endpoint") == mock_post.call_args[0][0]
pheaders = mock_post.call_args[1].get("headers")
assert pheaders.get("ttl") == "0"
assert pheaders.get("content-encoding") == "aes128gcm"
@patch("aiohttp.ClientSession.post", new_callable=AsyncMock)
async def test_fcm(self, mock_post):
subscription_info = self._gen_subscription_info(
None, endpoint="https://android.googleapis.com/fcm/send/regid123"
)
headers = {"Crypto-Key": "pre-existing", "Authentication": "bearer vapid"}
data = "Mary had a little lamb"
wp = WebPusher(subscription_info)
await wp.send_async(data, headers, gcm_key="gcm_key_value")
pdata = json.loads(mock_post.call_args[1].get("data"))
pheaders = mock_post.call_args[1].get("headers")
assert pdata["registration_ids"][0] == "regid123"
assert pheaders.get("authorization") == "key=gcm_key_value"
assert pheaders.get("content-type") == "application/json"
@patch("aiohttp.ClientSession.post", new_callable=AsyncMock)
async def test_timeout(self, mock_post):
mock_post.return_value.status_code = 200
subscription_info = self._gen_subscription_info()
await WebPusher(subscription_info).send_async(timeout=5.2)
assert mock_post.call_args[1].get("timeout") == 5.2
@patch("aiohttp.ClientSession", new_callable=AsyncMock)
async def test_send_using_requests_session(self, mock_session):
subscription_info = self._gen_subscription_info()
headers = {"Crypto-Key": "pre-existing", "Authentication": "bearer vapid"}
data = "Mary had a little lamb"
await WebPusher(subscription_info, aiohttp_session=mock_session).send_async(
data, headers
)
assert subscription_info.get("endpoint") == mock_session.post.call_args[0][0]
pheaders = mock_session.post.call_args[1].get("headers")
assert pheaders.get("ttl") == "0"
assert pheaders.get("AUTHENTICATION") == headers.get("Authentication")
ckey = pheaders.get("crypto-key")
assert "pre-existing" in ckey
assert pheaders.get("content-encoding") == "aes128gcm"
class WebpushExceptionTestCase(unittest.TestCase):
def test_exception(self):
from requests import Response
exp = WebPushException("foo")
assert "{}".format(exp) == "WebPushException: foo"
# Really should try to load the response to verify, but this mock
# covers what we need.
response = Mock(spec=Response)
response.text = (
'{"code": 401, "errno": 109, "error": '
'"Unauthorized", "more_info": "http://'
"autopush.readthedocs.io/en/latest/htt"
'p.html#error-codes", "message": "Requ'
"est did not validate missing authoriz"
'ation header"}'
)
response.json.return_value = json.loads(response.text)
response.status_code = 401
response.reason = "Unauthorized"
exp = WebPushException("foo", response)
assert "{}".format(exp) == "WebPushException: foo, Response {}".format(
response.text
)
assert "{}".format(exp.response), "<Response [401]>"
assert cast(requests.Response, exp.response).json().get("errno") == 109
exp = WebPushException("foo", [1, 2, 3])
assert "{}".format(exp) == "WebPushException: foo, Response [1, 2, 3]"
|
