Fix per review comments

Dave Mun · Dave Mun · commit 39ed62cb57e0 · 2016-07-12T21:50:41.000-07:00
diff --git a/opentok/opentok.py b/opentok/opentok.py
@@ -275,7 +275,7 @@ def headers(self):
         """For internal use."""
         return {
             'User-Agent': 'OpenTok-Python-SDK/' + __version__ + ' ' + platform.python_version(),
-            'X-TB-OPENTOK-AUTH': self._create_jwt_auth_header(self.api_key, self.api_secret)
+            'X-TB-OPENTOK-AUTH': self._create_jwt_auth_header()
         }
 
     def archive_headers(self):
@@ -447,12 +447,12 @@ def get_archives(self, offset=None, count=None):
     def _sign_string(self, string, secret):
         return hmac.new(secret.encode('utf-8'), string.encode('utf-8'), hashlib.sha1).hexdigest()
 
-    def _create_jwt_auth_header(self, api_key, api_secret):
+    def _create_jwt_auth_header(self):
         payload = {
                       'ist': 'project',
-                      'iss': api_key,
+                      'iss': self.api_key,
                       'exp': int(time.time()) + (60*5), # 5 minutes
                       'jti': '{:f}'.format(random.random())
                   }
 
-        return jwt.encode(payload, api_secret, algorithm='HS256')
+        return jwt.encode(payload, self.api_secret, algorithm='HS256')
diff --git a/tests/__init__.py b/tests/__init__.py
@@ -0,0 +1 @@
+from .validate_jwt import validate_jwt_header
diff --git a/tests/test_archive.py b/tests/test_archive.py
@@ -7,8 +7,7 @@
 import json
 import datetime
 import pytz
-from jose import jwt
-import time
+from .validate_jwt import validate_jwt_header
 
 from opentok import OpenTok, Archive, __version__, OutputModes
 
@@ -58,12 +57,7 @@ def test_stop_archive(self):
 
         archive.stop()
 
-        claims = jwt.decode(httpretty.last_request().headers[u('x-tb-opentok-auth')], self.api_secret, algorithms=[u('HS256')])
-        expect(claims[u('iss')]).to.equal(self.api_key)
-        expect(claims[u('ist')]).to.equal(u('project'))
-        expect(float(claims[u('exp')])).to.be.greater_than(float(time.time()))
-        expect(float(claims[u('jti')])).to.be.greater_than_or_equal_to(float(0))
-        expect(float(claims[u('jti')])).to.be.lower_than(float(1))
+        validate_jwt_header(self, httpretty.last_request().headers[u('x-tb-opentok-auth')])
         expect(httpretty.last_request().headers[u('user-agent')]).to.contain(u('OpenTok-Python-SDK/')+__version__)
         expect(httpretty.last_request().headers[u('content-type')]).to.equal(u('application/json'))
         expect(archive).to.be.an(Archive)
@@ -108,12 +102,7 @@ def test_delete_archive(self):
 
         archive.delete()
 
-        claims = jwt.decode(httpretty.last_request().headers[u('x-tb-opentok-auth')], self.api_secret, algorithms=[u('HS256')])
-        expect(claims[u('iss')]).to.equal(self.api_key)
-        expect(claims[u('ist')]).to.equal(u('project'))
-        expect(float(claims[u('exp')])).to.be.greater_than(float(time.time()))
-        expect(float(claims[u('jti')])).to.be.greater_than_or_equal_to(float(0))
-        expect(float(claims[u('jti')])).to.be.lower_than(float(1))
+        validate_jwt_header(self, httpretty.last_request().headers[u('x-tb-opentok-auth')])
         expect(httpretty.last_request().headers[u('user-agent')]).to.contain(u('OpenTok-Python-SDK/')+__version__)
         expect(httpretty.last_request().headers[u('content-type')]).to.equal(u('application/json'))
         # TODO: test that the object is invalidated
diff --git a/tests/test_archive_api.py b/tests/test_archive_api.py
@@ -7,8 +7,7 @@
 import json
 import datetime
 import pytz
-from jose import jwt
-import time
+from .validate_jwt import validate_jwt_header
 
 from opentok import OpenTok, Archive, ArchiveList, OutputModes, __version__
 
@@ -43,12 +42,7 @@ def test_start_archive(self):
 
         archive = self.opentok.start_archive(self.session_id)
 
-        claims = jwt.decode(httpretty.last_request().headers[u('x-tb-opentok-auth')], self.api_secret, algorithms=[u('HS256')])
-        expect(claims[u('iss')]).to.equal(self.api_key)
-        expect(claims[u('ist')]).to.equal(u('project'))
-        expect(float(claims[u('exp')])).to.be.greater_than(float(time.time()))
-        expect(float(claims[u('jti')])).to.be.greater_than_or_equal_to(float(0))
-        expect(float(claims[u('jti')])).to.be.lower_than(float(1))
+        validate_jwt_header(self, httpretty.last_request().headers[u('x-tb-opentok-auth')])
         expect(httpretty.last_request().headers[u('user-agent')]).to.contain(u('OpenTok-Python-SDK/')+__version__)
         expect(httpretty.last_request().headers[u('content-type')]).to.equal(u('application/json'))
         # non-deterministic json encoding. have to decode to test it properly
@@ -99,12 +93,7 @@ def test_start_archive_with_name(self):
 
         archive = self.opentok.start_archive(self.session_id, name=u('ARCHIVE NAME'))
 
-        claims = jwt.decode(httpretty.last_request().headers[u('x-tb-opentok-auth')], self.api_secret, algorithms=[u('HS256')])
-        expect(claims[u('iss')]).to.equal(self.api_key)
-        expect(claims[u('ist')]).to.equal(u('project'))
-        expect(float(claims[u('exp')])).to.be.greater_than(float(time.time()))
-        expect(float(claims[u('jti')])).to.be.greater_than_or_equal_to(float(0))
-        expect(float(claims[u('jti')])).to.be.lower_than(float(1))
+        validate_jwt_header(self, httpretty.last_request().headers[u('x-tb-opentok-auth')])
         expect(httpretty.last_request().headers[u('user-agent')]).to.contain(u('OpenTok-Python-SDK/')+__version__)
         expect(httpretty.last_request().headers[u('content-type')]).to.equal(u('application/json'))
         # non-deterministic json encoding. have to decode to test it properly
@@ -153,12 +142,7 @@ def test_start_voice_archive(self):
 
         archive = self.opentok.start_archive(self.session_id, name=u('ARCHIVE NAME'), has_video=False)
 
-        claims = jwt.decode(httpretty.last_request().headers[u('x-tb-opentok-auth')], self.api_secret, algorithms=[u('HS256')])
-        expect(claims[u('iss')]).to.equal(self.api_key)
-        expect(claims[u('ist')]).to.equal(u('project'))
-        expect(float(claims[u('exp')])).to.be.greater_than(float(time.time()))
-        expect(float(claims[u('jti')])).to.be.greater_than_or_equal_to(float(0))
-        expect(float(claims[u('jti')])).to.be.lower_than(float(1))
+        validate_jwt_header(self, httpretty.last_request().headers[u('x-tb-opentok-auth')])
         expect(httpretty.last_request().headers[u('user-agent')]).to.contain(u('OpenTok-Python-SDK/')+__version__)
         expect(httpretty.last_request().headers[u('content-type')]).to.equal(u('application/json'))
         # non-deterministic json encoding. have to decode to test it properly
@@ -209,12 +193,7 @@ def test_start_individual_archive(self):
 
         archive = self.opentok.start_archive(self.session_id, name=u('ARCHIVE NAME'), output_mode=OutputModes.individual)
 
-        claims = jwt.decode(httpretty.last_request().headers[u('x-tb-opentok-auth')], self.api_secret, algorithms=[u('HS256')])
-        expect(claims[u('iss')]).to.equal(self.api_key)
-        expect(claims[u('ist')]).to.equal(u('project'))
-        expect(float(claims[u('exp')])).to.be.greater_than(float(time.time()))
-        expect(float(claims[u('jti')])).to.be.greater_than_or_equal_to(float(0))
-        expect(float(claims[u('jti')])).to.be.lower_than(float(1))
+        validate_jwt_header(self, httpretty.last_request().headers[u('x-tb-opentok-auth')])
         expect(httpretty.last_request().headers[u('user-agent')]).to.contain(u('OpenTok-Python-SDK/')+__version__)
         expect(httpretty.last_request().headers[u('content-type')]).to.equal(u('application/json'))
         # non-deterministic json encoding. have to decode to test it properly
@@ -266,12 +245,7 @@ def test_start_composed_archive(self):
 
         archive = self.opentok.start_archive(self.session_id, name=u('ARCHIVE NAME'), output_mode=OutputModes.composed)
 
-        claims = jwt.decode(httpretty.last_request().headers[u('x-tb-opentok-auth')], self.api_secret, algorithms=[u('HS256')])
-        expect(claims[u('iss')]).to.equal(self.api_key)
-        expect(claims[u('ist')]).to.equal(u('project'))
-        expect(float(claims[u('exp')])).to.be.greater_than(float(time.time()))
-        expect(float(claims[u('jti')])).to.be.greater_than_or_equal_to(float(0))
-        expect(float(claims[u('jti')])).to.be.lower_than(float(1))
+        validate_jwt_header(self, httpretty.last_request().headers[u('x-tb-opentok-auth')])
         expect(httpretty.last_request().headers[u('user-agent')]).to.contain(u('OpenTok-Python-SDK/')+__version__)
         expect(httpretty.last_request().headers[u('content-type')]).to.equal(u('application/json'))
         # non-deterministic json encoding. have to decode to test it properly
@@ -324,12 +298,7 @@ def test_stop_archive(self):
 
         archive = self.opentok.stop_archive(archive_id)
 
-        claims = jwt.decode(httpretty.last_request().headers[u('x-tb-opentok-auth')], self.api_secret, algorithms=[u('HS256')])
-        expect(claims[u('iss')]).to.equal(self.api_key)
-        expect(claims[u('ist')]).to.equal(u('project'))
-        expect(float(claims[u('exp')])).to.be.greater_than(float(time.time()))
-        expect(float(claims[u('jti')])).to.be.greater_than_or_equal_to(float(0))
-        expect(float(claims[u('jti')])).to.be.lower_than(float(1))
+        validate_jwt_header(self, httpretty.last_request().headers[u('x-tb-opentok-auth')])
         expect(httpretty.last_request().headers[u('user-agent')]).to.contain(u('OpenTok-Python-SDK/')+__version__)
         expect(httpretty.last_request().headers[u('content-type')]).to.equal(u('application/json'))
         expect(archive).to.be.an(Archive)
@@ -356,12 +325,7 @@ def test_delete_archive(self):
 
         self.opentok.delete_archive(archive_id)
 
-        claims = jwt.decode(httpretty.last_request().headers[u('x-tb-opentok-auth')], self.api_secret, algorithms=[u('HS256')])
-        expect(claims[u('iss')]).to.equal(self.api_key)
-        expect(claims[u('ist')]).to.equal(u('project'))
-        expect(float(claims[u('exp')])).to.be.greater_than(float(time.time()))
-        expect(float(claims[u('jti')])).to.be.greater_than_or_equal_to(float(0))
-        expect(float(claims[u('jti')])).to.be.lower_than(float(1))
+        validate_jwt_header(self, httpretty.last_request().headers[u('x-tb-opentok-auth')])
         expect(httpretty.last_request().headers[u('user-agent')]).to.contain(u('OpenTok-Python-SDK/')+__version__)
         expect(httpretty.last_request().headers[u('content-type')]).to.equal(u('application/json'))
 
@@ -390,12 +354,7 @@ def test_find_archive(self):
 
         archive = self.opentok.get_archive(archive_id)
 
-        claims = jwt.decode(httpretty.last_request().headers[u('x-tb-opentok-auth')], self.api_secret, algorithms=[u('HS256')])
-        expect(claims[u('iss')]).to.equal(self.api_key)
-        expect(claims[u('ist')]).to.equal(u('project'))
-        expect(float(claims[u('exp')])).to.be.greater_than(float(time.time()))
-        expect(float(claims[u('jti')])).to.be.greater_than_or_equal_to(float(0))
-        expect(float(claims[u('jti')])).to.be.lower_than(float(1))
+        validate_jwt_header(self, httpretty.last_request().headers[u('x-tb-opentok-auth')])
         expect(httpretty.last_request().headers[u('user-agent')]).to.contain(u('OpenTok-Python-SDK/')+__version__)
         expect(httpretty.last_request().headers[u('content-type')]).to.equal(u('application/json'))
         expect(archive).to.be.an(Archive)
@@ -510,12 +469,7 @@ def test_find_archives(self):
 
         archive_list = self.opentok.get_archives()
 
-        claims = jwt.decode(httpretty.last_request().headers[u('x-tb-opentok-auth')], self.api_secret, algorithms=[u('HS256')])
-        expect(claims[u('iss')]).to.equal(self.api_key)
-        expect(claims[u('ist')]).to.equal(u('project'))
-        expect(float(claims[u('exp')])).to.be.greater_than(float(time.time()))
-        expect(float(claims[u('jti')])).to.be.greater_than_or_equal_to(float(0))
-        expect(float(claims[u('jti')])).to.be.lower_than(float(1))
+        validate_jwt_header(self, httpretty.last_request().headers[u('x-tb-opentok-auth')])
         expect(httpretty.last_request().headers[u('user-agent')]).to.contain(u('OpenTok-Python-SDK/')+__version__)
         expect(httpretty.last_request().headers[u('content-type')]).to.equal(u('application/json'))
         expect(archive_list).to.be.an(ArchiveList)
@@ -575,12 +529,7 @@ def test_find_archives_with_offset(self):
 
         archive_list = self.opentok.get_archives(offset=3)
 
-        claims = jwt.decode(httpretty.last_request().headers[u('x-tb-opentok-auth')], self.api_secret, algorithms=[u('HS256')])
-        expect(claims[u('iss')]).to.equal(self.api_key)
-        expect(claims[u('ist')]).to.equal(u('project'))
-        expect(float(claims[u('exp')])).to.be.greater_than(float(time.time()))
-        expect(float(claims[u('jti')])).to.be.greater_than_or_equal_to(float(0))
-        expect(float(claims[u('jti')])).to.be.lower_than(float(1))
+        validate_jwt_header(self, httpretty.last_request().headers[u('x-tb-opentok-auth')])
         expect(httpretty.last_request().headers[u('user-agent')]).to.contain(u('OpenTok-Python-SDK/')+__version__)
         expect(httpretty.last_request().headers[u('content-type')]).to.equal(u('application/json'))
         expect(httpretty.last_request()).to.have.property("querystring").being.equal({
@@ -630,12 +579,7 @@ def test_find_archives_with_count(self):
 
         archive_list = self.opentok.get_archives(count=2)
 
-        claims = jwt.decode(httpretty.last_request().headers[u('x-tb-opentok-auth')], self.api_secret, algorithms=[u('HS256')])
-        expect(claims[u('iss')]).to.equal(self.api_key)
-        expect(claims[u('ist')]).to.equal(u('project'))
-        expect(float(claims[u('exp')])).to.be.greater_than(float(time.time()))
-        expect(float(claims[u('jti')])).to.be.greater_than_or_equal_to(float(0))
-        expect(float(claims[u('jti')])).to.be.lower_than(float(1))
+        validate_jwt_header(self, httpretty.last_request().headers[u('x-tb-opentok-auth')])
         expect(httpretty.last_request().headers[u('user-agent')]).to.contain(u('OpenTok-Python-SDK/')+__version__)
         expect(httpretty.last_request().headers[u('content-type')]).to.equal(u('application/json'))
         expect(httpretty.last_request()).to.have.property("querystring").being.equal({
@@ -711,12 +655,7 @@ def test_find_archives_with_offset_and_count(self):
 
         archive_list = self.opentok.get_archives(count=4, offset=2)
 
-        claims = jwt.decode(httpretty.last_request().headers[u('x-tb-opentok-auth')], self.api_secret, algorithms=[u('HS256')])
-        expect(claims[u('iss')]).to.equal(self.api_key)
-        expect(claims[u('ist')]).to.equal(u('project'))
-        expect(float(claims[u('exp')])).to.be.greater_than(float(time.time()))
-        expect(float(claims[u('jti')])).to.be.greater_than_or_equal_to(float(0))
-        expect(float(claims[u('jti')])).to.be.lower_than(float(1))
+        validate_jwt_header(self, httpretty.last_request().headers[u('x-tb-opentok-auth')])
         expect(httpretty.last_request().headers[u('user-agent')]).to.contain(u('OpenTok-Python-SDK/')+__version__)
         expect(httpretty.last_request().headers[u('content-type')]).to.equal(u('application/json'))
         expect(httpretty.last_request()).to.have.property("querystring").being.equal({
diff --git a/tests/test_session_creation.py b/tests/test_session_creation.py
diff --git a/tests/validate_jwt.py b/tests/validate_jwt.py

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+from .validate_jwt import validate_jwt_header`