From 2bd44ed2296c2635b5a7b4a712989a65468f6cb5 Mon Sep 17 00:00:00 2001
From: Yasser Tahiri <yasserth19@gmail.com>
Date: Sun, 18 Feb 2024 16:35:23 +0100
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Handle=20catch-all=20signature=20er?=
 =?UTF-8?q?rors=20(#538)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* ✨ Handle catch-all signature errors

* ♻️ Refactor `SignatureSerializerTest`
---
 authx/_internal/_signature.py    |  3 ++-
 tests/internal/test_signature.py | 41 +++++++++++++++++++++++++++-----
 2 files changed, 37 insertions(+), 7 deletions(-)

diff --git a/authx/_internal/_signature.py b/authx/_internal/_signature.py
index 61f40e2d..30326130 100644
--- a/authx/_internal/_signature.py
+++ b/authx/_internal/_signature.py
@@ -26,7 +26,8 @@ def decode(self, token):
             return None, "SignatureExpired"
         except BadTimeSignature:
             return None, "InvalidSignature"
-
+        except Exception:
+            return None, "BadSignature"  # Catch-all for other signature errors
         return decoded_obj, None
 
 
diff --git a/tests/internal/test_signature.py b/tests/internal/test_signature.py
index 246d361a..b79570c9 100644
--- a/tests/internal/test_signature.py
+++ b/tests/internal/test_signature.py
@@ -16,11 +16,7 @@ def test_encode_decode(self):
         self.assertEqual(data["session_id"], session_id)
 
     def test_decode_with_no_token(self):
-        serializer = SignatureSerializer("MY_SECRET_KEY", expired_in=1)
-        token = None
-        data, err = serializer.decode(token)
-        self.assertIsNone(data)
-        self.assertEqual(err, "NoTokenSpecified")
+        self.decode_serializer(None, "NoTokenSpecified")
 
     def test_decode_with_expired_token(self):
         serializer = SignatureSerializer("MY_SECRET_KEY", expired_in=1)
@@ -33,6 +29,19 @@ def test_decode_with_expired_token(self):
         self.assertIsNone(data)
         self.assertEqual(err, "SignatureExpired")
 
+    def test_decode_with_invalid_signature(self):
+        self.decode_serializer("tampered_token", "BadSignature")
+
+    def test_decode_with_malformed_token(self):
+        self.decode_serializer("malformedtoken", "BadSignature")
+
+    def decode_serializer(self, token, expected_data):
+        serializer = SignatureSerializer("MY_SECRET_KEY", expired_in=1)
+        token = token
+        data, err = serializer.decode(token)
+        self.assertIsNone(data)
+        self.assertEqual(err, expected_data)
+
 
 def test_token_expiration():
     serializer = SignatureSerializer("MY_SECRET_KEY", expired_in=1)
@@ -58,7 +67,6 @@ def test_token_no_expiration():
     ), "Failed to decode or session_id does not match."
 
 
-@unittest.skip("Dropping tampering test for now.")
 def test_token_tampering():
     serializer = SignatureSerializer("MY_SECRET_KEY", expired_in=3600)
     dict_obj = {"session_id": 999}
@@ -69,3 +77,24 @@ def test_token_tampering():
     assert (
         data is None and err == "InvalidSignature"
     ), "Tampered token did not cause an error as expected."
+
+
+def test_casual_ut():
+    secret_key = "MY_SECRET_KEY"
+    expired_in = 1
+    session_id = 1
+    dict_obj = {"session_id": session_id}
+
+    # Instantiate SignatureSerializer
+    serializer = SignatureSerializer(secret_key, expired_in=expired_in)
+
+    # Encode the dictionary object into a token
+    token = serializer.encode(dict_obj)
+
+    # Decode the token
+    data, err = serializer.decode(token)
+
+    # Assert the results
+    assert (
+        data is not None and err is None and data["session_id"] == session_id
+    ), "Failed to decode or session_id does not match."