Refactor aiogram/utils/auth_widget.py

+ fix check auth widget token in BaseBot, fix tests

aiogram/bot/base.py

@@ -13,7 +13,7 @@ from aiohttp.helpers import sentinel
 from . import api
 from ..types import ParseMode, base
 from ..utils import json
-from ..utils.auth_widget import check_token
+from ..utils.auth_widget import check_integrity
 
 
 class BaseBot:
@@ -266,4 +266,4 @@ class BaseBot:
         self.parse_mode = None
 
     def check_auth_widget(self, data):
-        return check_token(data, self.__token)
+        return check_integrity(self.__token, data)

aiogram/utils/auth_widget.py

@@ -8,7 +8,10 @@ import collections
 import hashlib
 import hmac
 
+from aiogram.utils.deprecated import deprecated
 
+
+@deprecated('`generate_hash` is outdated, please use `check_signature` or `check_integrity`')
 def generate_hash(data: dict, token: str) -> str:
     """
     Generate secret hash
@@ -24,6 +27,7 @@ def generate_hash(data: dict, token: str) -> str:
     return hmac.new(secret.digest(), msg.encode('utf-8'), digestmod=hashlib.sha256).hexdigest()
 
 
+@deprecated('`check_token` helper was renamed to `check_integrity`')
 def check_token(data: dict, token: str) -> bool:
     """
     Validate auth token
@@ -34,3 +38,32 @@ def check_token(data: dict, token: str) -> bool:
     """
     param_hash = data.get('hash', '') or ''
     return param_hash == generate_hash(data, token)
+
+
+def check_signature(token: str, hash: str, **kwargs) -> bool:
+    """
+    Generate hexadecimal representation
+    of the HMAC-SHA-256 signature of the data-check-string
+    with the SHA256 hash of the bot's token used as a secret key
+
+    :param token:
+    :param hash:
+    :param kwargs: all params received on auth
+    :return:
+    """
+    secret = hashlib.sha256(token.encode('utf-8'))
+    check_string = '\n'.join(map(lambda k: f'{k}={kwargs[k]}', sorted(kwargs)))
+    hmac_string = hmac.new(secret.digest(), check_string.encode('utf-8'), digestmod=hashlib.sha256).hexdigest()
+    return hmac_string == hash
+
+
+def check_integrity(token: str, data: dict) -> bool:
+    """
+    Verify the authentication and the integrity
+    of the data received on user's auth
+
+    :param token: Bot's token
+    :param data: all data that came on auth
+    :return:
+    """
+    return check_signature(token, **data)

aiogram/utils/deprecated.py

@@ -1,10 +1,11 @@
-import functools
+import asyncio
 import inspect
 import warnings
-import asyncio
+import functools
+from typing import Callable
 
 
-def deprecated(reason):
+def deprecated(reason) -> Callable:
     """
     This is a decorator which can be used to mark functions
     as deprecated. It will result in a warning being emitted