feat: Move to RFC 8188 "aes128gcm" content encoding default

Closes #97

Author: jrconlin

pywebpush/__init__.py

@@ -112,7 +112,7 @@ class WebPusher:
     valid_encodings = [
         # "aesgcm128",  # this is draft-0, but DO NOT USE.
         "aesgcm",  # draft-httpbis-encryption-encoding-01
-        "aes128gcm"  # draft-httpbis-encryption-encoding-04
+        "aes128gcm"  # RFC8188 Standard encoding
     ]
 
     def __init__(self, subscription_info, requests_session=None):
@@ -157,17 +157,16 @@ def _repad(self, data):
         """Add base64 padding to the end of a string, if required"""
         return data + b"===="[:len(data) % 4]
 
-    def encode(self, data, content_encoding="aesgcm"):
+    def encode(self, data, content_encoding="aes128gcm"):
         """Encrypt the data.
 
         :param data: A serialized block of byte data (String, JSON, bit array,
             etc.) Make sure that whatever you send, your client knows how
             to understand it.
         :type data: str
         :param content_encoding: The content_encoding type to use to encrypt
-            the data. Defaults to draft-01 "aesgcm". Latest draft-04 is
-            "aes128gcm", however not all clients may be able to use this
-            format.
+            the data. Defaults to RFC8188 "aes128gcm". The previous draft-01 is
+            "aesgcm", however this format is now deprecated.
         :type content_encoding: enum("aesgcm", "aes128gcm")
 
         """
@@ -241,7 +240,7 @@ def as_curl(self, endpoint, encoded_data, headers):
             url=endpoint, headers="".join(header_list), data=data))
 
     def send(self, data=None, headers=None, ttl=0, gcm_key=None, reg_id=None,
-             content_encoding="aesgcm", curl=False, timeout=None):
+             content_encoding="aes128gcm", curl=False, timeout=None):
         """Encode and send the data to the Push Service.
 
         :param data: A serialized block of data (see encode() ).
@@ -258,7 +257,7 @@ def send(self, data=None, headers=None, ttl=0, gcm_key=None, reg_id=None,
         :param reg_id: registration id of the recipient. If not provided,
             it will be extracted from the endpoint.
         :type reg_id: str
-        :param content_encoding: ECE content encoding (defaults to "aesgcm")
+        :param content_encoding: ECE content encoding (defaults to "aes128gcm")
         :type content_encoding: str
         :param curl: Display output as `curl` command instead of sending
         :type curl: bool
@@ -284,8 +283,11 @@ def send(self, data=None, headers=None, ttl=0, gcm_key=None, reg_id=None,
             headers.update({
                 'crypto-key': crypto_key,
                 'content-encoding': content_encoding,
-                'encryption': "salt=" + encoded['salt'].decode('utf8'),
             })
+            if encoded.get('salt'):
+                headers.update({
+                    'encryption': "salt=" + encoded['salt'].decode('utf8')
+                })
         if gcm_key:
             endpoint = 'https://android.googleapis.com/gcm/send'
             reg_ids = []
@@ -324,7 +326,7 @@ def webpush(subscription_info,
             data=None,
             vapid_private_key=None,
             vapid_claims=None,
-            content_encoding="aesgcm",
+            content_encoding="aes128gcm",
             curl=False,
             timeout=None,
             ttl=0):

pywebpush/tests/test_webpush.py

@@ -134,11 +134,10 @@ def test_send(self, mock_post):
         eq_(subscription_info.get('endpoint'), mock_post.call_args[0][0])
         pheaders = mock_post.call_args[1].get('headers')
         eq_(pheaders.get('ttl'), '0')
-        ok_('encryption' in pheaders)
         eq_(pheaders.get('AUTHENTICATION'), headers.get('Authentication'))
         ckey = pheaders.get('crypto-key')
         ok_('pre-existing' in ckey)
-        eq_(pheaders.get('content-encoding'), 'aesgcm')
+        eq_(pheaders.get('content-encoding'), 'aes128gcm')
 
     @patch("requests.post")
     def test_send_vapid(self, mock_post):
@@ -164,12 +163,11 @@ def repad(str):
             ).decode('utf8')
         )
         ok_(subscription_info.get('endpoint').startswith(auth['aud']))
-        ok_('encryption' in pheaders)
         ok_('WebPush' in pheaders.get('authorization'))
         ckey = pheaders.get('crypto-key')
         ok_('p256ecdsa=' in ckey)
         ok_('dh=' in ckey)
-        eq_(pheaders.get('content-encoding'), 'aesgcm')
+        eq_(pheaders.get('content-encoding'), 'aes128gcm')
 
     @patch.object(WebPusher, "send")
     @patch.object(py_vapid.Vapid, "sign")
@@ -262,8 +260,7 @@ def test_send_no_headers(self, mock_post):
         eq_(subscription_info.get('endpoint'), mock_post.call_args[0][0])
         pheaders = mock_post.call_args[1].get('headers')
         eq_(pheaders.get('ttl'), '0')
-        ok_('encryption' in pheaders)
-        eq_(pheaders.get('content-encoding'), 'aesgcm')
+        eq_(pheaders.get('content-encoding'), 'aes128gcm')
 
     @patch("pywebpush.open")
     def test_as_curl(self, opener):
@@ -281,9 +278,8 @@ def test_as_curl(self, opener):
         for s in [
             "curl -vX POST https://example.com",
             "-H \"crypto-key: p256ecdsa=",
-            "-H \"content-encoding: aesgcm\"",
+            "-H \"content-encoding: aes128gcm\"",
             "-H \"authorization: WebPush ",
-            "-H \"encryption: salt=",
             "-H \"ttl: 0\"",
             "-H \"content-length:"
         ]:
@@ -334,11 +330,10 @@ def test_send_using_requests_session(self, mock_session):
             mock_session.post.call_args[0][0])
         pheaders = mock_session.post.call_args[1].get('headers')
         eq_(pheaders.get('ttl'), '0')
-        ok_('encryption' in pheaders)
         eq_(pheaders.get('AUTHENTICATION'), headers.get('Authentication'))
         ckey = pheaders.get('crypto-key')
         ok_('pre-existing' in ckey)
-        eq_(pheaders.get('content-encoding'), 'aesgcm')
+        eq_(pheaders.get('content-encoding'), 'aes128gcm')
 
 
 class WebpushExceptionTestCase(unittest.TestCase):

setup.py

@@ -3,20 +3,21 @@
 
 from setuptools import find_packages, setup
 
-__version__ = "1.7.0"
+
+__version__ = "1.8.0"
 
 
 def read_from(file):
     reply = []
     with io.open(os.path.join(here, file), encoding='utf8') as f:
-        for l in f:
-            l = l.strip()
-            if not l:
+        for line in f:
+            line = line.strip()
+            if not line:
                 break
-            if l[:2] == '-r':
-                reply += read_from(l.split(' ')[1])
+            if line[:2] == '-r':
+                reply += read_from(line.split(' ')[1])
                 continue
-            if l[0] != '#' or l[:2] != '//':
+            if line[0] != '#' or line[:2] != '//':
                 reply.append(l)
     return reply