update tests

Author: johanlundberg

src/auth_server/tests/test_app.py

@@ -14,6 +14,7 @@
 from cryptography import x509
 from cryptography.hazmat.primitives.hashes import SHA256
 from jwcrypto import jwk, jws, jwt
+from jwcrypto.common import base64url_encode
 from starlette.testclient import TestClient
 
 from auth_server.api import init_auth_server_api
@@ -337,6 +338,12 @@ def test_transaction_jwsd(self):
         }
 
         payload = req.model_dump_json(exclude_unset=True)
+
+        # create a hash of payload to send in payload place
+        payload_digest = hash_with(SHA256(), payload.encode())
+        payload_hash = base64url_encode(payload_digest)
+
+        # create detached jws
         _jws = jws.JWS(payload=payload)
         _jws.add_signature(
             key=self.client_jwk,
@@ -346,7 +353,7 @@ def test_transaction_jwsd(self):
 
         # Remove payload from serialized jws
         header, _, signature = data.split(".")
-        client_header = {"Detached-JWS": f"{header}..{signature}"}
+        client_header = {"Detached-JWS": f"{header}.{payload_hash}.{signature}"}
 
         response = self.client.post(
             "/transaction", content=req.model_dump_json(exclude_unset=True), headers=client_header
@@ -1168,7 +1175,14 @@ def test_transaction_jwsd_continue(self):
             "uri": "http://testserver/transaction",
             "created": int(utc_now().timestamp()),
         }
-        _jws = jws.JWS(payload=req.model_dump_json(exclude_unset=True))
+
+        payload = req.model_dump_json(exclude_unset=True)
+
+        # create a hash of payload to send in payload place
+        payload_digest = hash_with(SHA256(), payload.encode())
+        payload_hash = base64url_encode(payload_digest)
+
+        _jws = jws.JWS(payload=payload)
         _jws.add_signature(
             key=self.client_jwk,
             protected=json.dumps(jws_header),
@@ -1177,7 +1191,7 @@ def test_transaction_jwsd_continue(self):
 
         # Remove payload from serialized jws
         header, _, signature = data.split(".")
-        client_header = {"Detached-JWS": f"{header}..{signature}"}
+        client_header = {"Detached-JWS": f"{header}.{payload_hash}.{signature}"}
 
         response = self.client.post(
             "/transaction", content=req.model_dump_json(exclude_unset=True), headers=client_header
@@ -1213,7 +1227,11 @@ def test_transaction_jwsd_continue(self):
         # calculate ath header value
         access_token_hash = hash_with(SHA256(), continue_response["access_token"]["value"].encode())
         jws_header["ath"] = base64.urlsafe_b64encode(access_token_hash).decode("ascii").rstrip("=")
-        _jws = jws.JWS(payload="{}")
+        # create hash of empty payload to send in payload place
+        payload = "{}"
+        payload_digest = hash_with(SHA256(), payload.encode())
+        payload_hash = base64url_encode(payload_digest)
+        _jws = jws.JWS(payload=payload)
         _jws.add_signature(
             key=self.client_jwk,
             protected=json.dumps(jws_header),
@@ -1222,11 +1240,11 @@ def test_transaction_jwsd_continue(self):
 
         # Remove payload from serialized jws
         continue_header, _, continue_signature = continue_data.split(".")
-        client_header = {"Detached-JWS": f"{continue_header}..{continue_signature}"}
+        client_header = {"Detached-JWS": f"{continue_header}.{payload_hash}.{continue_signature}"}
 
         authorization_header = f'GNAP {continue_response["access_token"]["value"]}'
         client_header["Authorization"] = authorization_header
-        response = self.client.post(continue_response["uri"], json=dict(), headers=client_header)
+        response = self.client.post(continue_response["uri"], content=payload, headers=client_header)
 
         assert response.status_code == 200
         assert "access_token" in response.json()