1. import time
  2. import hashlib
  3. import base64
  5. def assert_auth_token(token, expected_username, expected_expiry):
  6. """
  7. Asserts the validity of an authentication token.
  9. Args:
  10. token (str): The authentication token to validate.
  11. expected_username (str): The expected username associated with the token.
  12. expected_expiry (float): The expected expiry timestamp (Unix timestamp).
  14. Raises:
  15. AssertionError: If any of the token's attributes do not match the expected values.
  16. """
  18. try:
  19. # Decode the token (assuming it's base64 encoded)
  20. decoded_token = base64.b64decode(token)
  21. token_str = decoded_token.decode('utf-8') #Decode to string
  23. # Split the token into its components (username, expiry, etc.)
  24. parts = token_str.split('|')
  26. if len(parts) != 3:
  27. raise AssertionError("Invalid token format: Expected username|expiry|signature")
  29. username = parts[0].strip()
  30. expiry_str = parts[1].strip()
  31. signature = parts[2].strip()
  33. # Validate username
  34. if username != expected_username:
  35. raise AssertionError(f"Invalid username: Expected '{expected_username}', got '{username}'")
  37. # Validate expiry
  38. try:
  39. expiry = float(expiry_str)
  40. if expiry < time.time():
  41. raise AssertionError("Token has expired")
  42. except ValueError:
  43. raise AssertionError("Invalid expiry format")
  45. # Verify signature (simple example - can be extended with more robust methods)
  46. calculated_signature = calculate_signature(username, expiry, expected_username)
  47. if calculated_signature != signature:
  48. raise AssertionError("Invalid signature")
  49. except Exception as e:
  50. raise AssertionError(f"Token validation failed: {e}")
  53. def calculate_signature(username, expiry, expected_username):
  54. """
  55. Calculates a simple signature for the token. This is a placeholder.
  56. In a real application, a more robust hashing algorithm should be used.
  57. """
  58. data = f"{username}|{expiry}|{expected_username}"
  59. hashed_data = hashlib.sha256(data.encode('utf-8')).hexdigest()
  60. return hashed_data
  62. if __name__ == '__main__':
  63. # Example Usage
  64. valid_token = "user123|1678886400|a1b2c3d4e5f67890" # Example token
  65. invalid_token_username = "wronguser|1678886400|a1b2c3d4e5f67890" #Invalid username
  66. invalid_token_expired = "user123|1678799200|a1b2c3d4e5f67890" #Expired token
  68. try:
  69. assert_auth_token(valid_token, "user123", 1678886400)
  70. print("Valid token passed!")
  71. except AssertionError as e:
  72. print(f"Valid token failed: {e}")
  74. try:
  75. assert_auth_token(invalid_token_username, "user123", 1678886400)
  76. print("Invalid username token passed!")
  77. except AssertionError as e:
  78. print(f"Invalid username token failed: {e}")
  80. try:
  81. assert_auth_token(invalid_token_expired, "user123", 1678886400)
  82. print("Expired token passed!")
  83. except AssertionError as e:
  84. print(f"Expired token failed: {e}")

Add your comment