Merge pull request #3 from CSCfi/devel

Add signature expiration

Author: blankdots

swift_upload_runner/__init__.py

@@ -1,6 +1,6 @@
 """Runner for swift-browser-ui upload and replication operations."""
 
 __name__ = 'swift_upload_runner'
-__version__ = '0.1.0'
+__version__ = '0.1.1'
 __author__ = 'CSC Developers'
 __license__ = 'MIT License'

swift_upload_runner/auth.py

@@ -5,14 +5,14 @@
 import hashlib
 import typing
 import hmac
+import time
 
 import aiohttp.web
 
 from swift_browser_ui._convenience import (
     initiate_os_session
 )
 
-
 AiohttpHandler = typing.Callable[
     [aiohttp.web.Request],
     typing.Coroutine[
@@ -70,8 +70,14 @@ async def test_signature(
         tokens: typing.List[bytes],
         signature: str,
         message: str,
+        validity: str,
 ) -> bool:
     """Validate signature against the given tokens."""
+    # Check signature expiration
+    if int(validity) < time.time():
+        raise aiohttp.web.HTTPUnauthorized(
+            reason="Signature expired"
+        )
     byte_message = message.encode("utf-8")
     for token in tokens:
         digest = hmac.new(
@@ -104,7 +110,8 @@ async def handle_validate_authentication(
     await test_signature(
         request.app["tokens"],
         signature,
-        validity + path
+        validity + path,
+        validity
     )
 
     return await handler(request)