Merge pull request #77 from samuelcolvin/relax-aud-check

relax 'aud' check
web-push-libs · Jun 21, 2019 · 08de746 · 08de746
2 parents 9be3128 + 5f10fd1
commit 08de746
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/.travis.yml b/.travis.yml
@@ -1,7 +1,10 @@
+dist: xenial
 language: python
 python:
 - "2.7"
 - "3.5"
+- "3.6"
+- "3.7"
 install:
 - cd python
 - pip install -r requirements.txt

diff --git a/python/py_vapid/__init__.py b/python/py_vapid/__init__.py
@@ -264,7 +264,7 @@ def _base_sign(self, claims):
             raise VapidException(
                 "Missing 'sub' from claims. "
                 "'sub' is your admin email as a mailto: link.")
-        if not re.match(r"^https?://[^/.:]+\.[^/:]+(:\d+)?$",
+        if not re.match(r"^https?://[^/:]+(:\d+)?$",
                         cclaims.get("aud", ""),
                         re.IGNORECASE):
             raise VapidException(

diff --git a/python/py_vapid/tests/test_vapid.py b/python/py_vapid/tests/test_vapid.py
@@ -179,6 +179,17 @@ def test_sign_02(self):
         for k in claims:
             eq_(t_val[k], claims[k])
 
+    def test_sign_02_localhost(self):
+        v = Vapid02.from_file("/tmp/private")
+        claims = {"aud": "http://localhost:8000",
+                  "sub": "mailto:admin@example.com",
+                  "foo": "extra value"}
+        result = v.sign(claims, "id=previous")
+        auth = result['Authorization']
+        eq_(auth[:6], 'vapid ')
+        ok_(' t=' in auth)
+        ok_(',k=' in auth)
+
     def test_integration(self):
         # These values were taken from a test page. DO NOT ALTER!
         key = ("BDd3_hVL9fZi9Ybo2UUzA284WG5FZR30_95YeZJsiApwXKpNcF1rRPF3foI"