Merge pull request #996 from VWS-Python/allow-strings

adamtheturtle · web-flow · commit d4f93c48da97 · 2024-07-12T17:58:16.000+01:00
Allow utf-8 encoded strings as content
diff --git a/src/vws_auth_tools/__init__.py b/src/vws_auth_tools/__init__.py
@@ -26,7 +26,7 @@ def authorization_header(
     access_key: str,
     secret_key: str,
     method: str,
-    content: bytes,
+    content: str | bytes | None,
     content_type: str,
     date: str,
     request_path: str,
@@ -59,6 +59,13 @@ def authorization_header(
     """
     # Ignore a warning that MD5 is insecure - VWS requires it.
     hashed = hashlib.md5()  # noqa: S324
+
+    if content is None:
+        content = b""
+
+    if isinstance(content, str):
+        content = content.encode(encoding="utf-8")
+
     hashed.update(content)
     content_md5_hex = hashed.hexdigest()
 
diff --git a/tests/test_vws_auth_tools.py b/tests/test_vws_auth_tools.py
@@ -3,6 +3,7 @@
 import datetime
 from zoneinfo import ZoneInfo
 
+import pytest
 import vws_auth_tools
 from freezegun import freeze_time
 
@@ -36,7 +37,8 @@ def test_rfc_1123_date() -> None:
     assert result == "Thu, 05 Feb 2015 14:55:12 GMT"
 
 
-def test_authorization_header() -> None:
+@pytest.mark.parametrize("content", [b"some_bytes", "some_bytes"])
+def test_authorization_header(content: bytes | str) -> None:
     """The Authorization header is constructed as documented.
 
     This example has been run on known-working code and so any refactor should
@@ -46,7 +48,6 @@ def test_authorization_header() -> None:
     # Ignore "Possible hardcoded password" as it is appropriate here.
     secret_key = "my_secret_key"  # noqa: S105
     method = "HTTPMETHOD"
-    content = b"some_bytes"
     content_type = "some/content/type"
     date = "some_date_string"
     request_path = "/foo"
@@ -62,3 +63,29 @@ def test_authorization_header() -> None:
     )
 
     assert result == "VWS my_access_key:8Uy6SKuO5sSBY2X8/znlPFmDF/k="
+
+
+@pytest.mark.parametrize("content", [b"", None])
+def test_authorization_header_none_content(content: bytes | None) -> None:
+    """
+    The Authorization header is the same whether the content is None or b"".
+    """
+    access_key = "my_access_key"
+    # Ignore "Possible hardcoded password" as it is appropriate here.
+    secret_key = "my_secret_key"  # noqa: S105
+    method = "HTTPMETHOD"
+    content_type = "some/content/type"
+    date = "some_date_string"
+    request_path = "/foo"
+
+    result = vws_auth_tools.authorization_header(
+        access_key=access_key,
+        secret_key=secret_key,
+        method=method,
+        content=content,
+        content_type=content_type,
+        date=date,
+        request_path=request_path,
+    )
+
+    assert result == "VWS my_access_key:XXvKyRyMkwS8/1P1WLQ0duqNpKs="
