Vonage
diff --git a/‎.gitignore
Lines changed: 101 additions & 1 deletion b/‎.gitignore
Lines changed: 101 additions & 1 deletion
diff --git a/‎.travis.yml
Lines changed: 2 additions & 4 deletions b/‎.travis.yml
Lines changed: 2 additions & 4 deletions
diff --git a/‎CHANGES.md
Lines changed: 4 additions & 0 deletions b/‎CHANGES.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎Makefile
Lines changed: 18 additions & 0 deletions b/‎Makefile
Lines changed: 18 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 22 additions & 1 deletion b/‎README.md
Lines changed: 22 additions & 1 deletion
diff --git a/‎docs/quickstart.rst
Lines changed: 14 additions & 0 deletions b/‎docs/quickstart.rst
Lines changed: 14 additions & 0 deletions
diff --git a/‎nexmo/__init__.py
Lines changed: 45 additions & 14 deletions b/‎nexmo/__init__.py
Lines changed: 45 additions & 14 deletions
diff --git a/‎requirements.txt
Lines changed: 4 additions & 0 deletions b/‎requirements.txt
Lines changed: 4 additions & 0 deletions
diff --git a/‎setup.cfg
Lines changed: 8 additions & 0 deletions b/‎setup.cfg
Lines changed: 8 additions & 0 deletions
diff --git a/‎setup.py
Lines changed: 0 additions & 1 deletion b/‎setup.py
Lines changed: 0 additions & 1 deletion
@@ -1,3 +1,103 @@
+# Created by https://www.gitignore.io/api/python
+
+### Python ###
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
 build/
+develop-eggs/
 dist/
-nexmo.egg-info/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*,cover
+.hypothesis/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule
+
+# SageMath parsed files
+*.sage.py
+
+# dotenv
+.env
+
+# virtualenv
+.venv
+venv/
+ENV/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+.requirements.txt
@@ -2,14 +2,12 @@ language: python
 
 python:
   - "2.7"
-  - "3.3"
   - "3.4"
   - "3.5"
   - "3.6"
 
 install:
-  - pip install --quiet requests responses
-  - python setup.py install
+  - make install
 
 script:
-  - python test_nexmo.py
+  - make test
@@ -1,3 +1,7 @@
+# Development
+* Drop support for Python 3.3 (in line with the cryptography library we depend upon)
+* Ensure timestamp is added the params list if signing requests
+
 # 1.5.0
 
 * Added ability to provide a file path as private_key param no the nexmo.Client constructor
 
@@ -0,0 +1,18 @@
+.PHONY: test install requirements release release-test
+test:
+	pytest -v
+
+release-test:
+	python setup.py sdist bdist_wheel upload -r pypitest
+
+release:
+	python setup.py sdist bdist_wheel upload
+
+install: requirements
+
+requirements: .requirements.txt
+
+.requirements.txt: requirements.txt
+	pip install --upgrade pip setuptools
+	pip install -r requirements.txt
+	pip freeze > .requirements.txt
@@ -32,7 +32,7 @@ Alternatively you can clone the repository:
 Usage
 -----
 
-Begin by importing the nexmo module:
+Begin by importing the `nexmo` module:
 
 ```python
 import nexmo
@@ -351,10 +351,31 @@ API Coverage
     * [X] Text-To-Speech Prompt
 
 
+Contributing
+------------
+
+We :heart: contributions! But if you plan to work on something big or controversial, please [contact us](mailto:devrel@nexmo.com) first!
+
+We recommend working on `nexmo-python` with a [virtualenv][virtualenv]. The following command will install all the Python dependencies you need to run the tests:
+
+```bash
+make install
+```
+
+The tests are all written with pytest. You run them with:
+
+```bash
+make test
+```
+
+
 License
 -------
 
 This library is released under the [MIT License][license]
 
+[virtualenv]: https://virtualenv.pypa.io/en/stable/
+[report-a-bug]: https://github.com/Nexmo/nexmo-python/issues/new
+[pull-request]: https://github.com/Nexmo/nexmo-python/pulls
 [signup]: https://dashboard.nexmo.com/sign-up?utm_source=DEV_REL&utm_medium=github&utm_campaign=python-client-library
 [license]: LICENSE.txt
@@ -62,6 +62,10 @@ In order to check signatures for incoming webhook requests, you'll also
 need to specify the ``signature_secret`` argument (or the
 ``NEXMO_SIGNATURE_SECRET`` environment variable).
 
+If the argument ``signature_method`` is omitted, it will default to the md5 hash
+algorithm. Otherwise, it will use the selected method as in md5, sha1, sha256 or
+sha512 with hmac.
+
 SMS API
 -------
 
@@ -256,6 +260,16 @@ Validate webhook signatures
     else:
       # invalid signature
 
+
+    or by using signature method via POST:
+
+    client = nexmo.Client(signature_secret='secret', signature_method='sha256')
+
+    if client.check_signature(request.body.decode()):
+      # valid signature
+    else:
+      # invalid signature
+
 Docs:
 `https://docs.nexmo.com/messaging/signing-messages <https://docs.nexmo.com/messaging/signing-messages?utm_source=DEV_REL&utm_medium=github&utm_campaign=python-client-library>`__
 
 
@@ -1,14 +1,22 @@
-__version__ = '1.5.0'
-
-import requests, os, warnings, hashlib, hmac, jwt, time, uuid, sys
-
 from platform import python_version
 
+import hashlib
+import hmac
+import jwt
+import os
+import requests
+import sys
+import time
+from uuid import uuid4
+import warnings
+
 if sys.version_info[0] == 3:
     string_types = (str, bytes)
 else:
     string_types = (unicode, str)
 
+__version__ = '1.5.0'
+
 
 class Error(Exception):
     pass
@@ -33,6 +41,16 @@ def __init__(self, **kwargs):
         self.api_secret = kwargs.get('secret', None) or os.environ.get('NEXMO_API_SECRET', None)
 
         self.signature_secret = kwargs.get('signature_secret', None) or os.environ.get('NEXMO_SIGNATURE_SECRET', None)
+        self.signature_method = kwargs.get('signature_method', None) or os.environ.get('NEXMO_SIGNATURE_METHOD', None)
+
+        if self.signature_method == 'md5':
+            self.signature_method = hashlib.md5
+        elif self.signature_method == 'sha1':
+            self.signature_method = hashlib.sha1
+        elif self.signature_method == 'sha256':
+            self.signature_method = hashlib.sha256
+        elif self.signature_method == 'sha512':
+            self.signature_method = hashlib.sha512
 
         self.application_id = kwargs.get('application_id', None)
 
@@ -237,24 +255,37 @@ def send_dtmf(self, uuid, params=None, **kwargs):
     def check_signature(self, params):
         params = dict(params)
 
-        signature = params.pop('sig', '')
+        signature = params.pop('sig', '').lower()
 
         return hmac.compare_digest(signature, self.signature(params))
 
     def signature(self, params):
-        md5 = hashlib.md5()
+        if self.signature_method:
+            hasher = hmac.new(self.signature_secret.encode(), digestmod=self.signature_method)
+        else:
+            hasher = hashlib.md5()
+
+        # Add timestamp if not already present
+        if not params.get("timestamp"):
+            params["timestamp"] = int(time.time())
 
         for key in sorted(params):
-            md5.update('&{0}={1}'.format(key, params[key]).encode('utf-8'))
+            value = params[key]
+
+            if isinstance(value, str):
+                value = value.replace('&', '_').replace('=', '_')
 
-        md5.update(self.signature_secret.encode('utf-8'))
+            hasher.update('&{0}={1}'.format(key, value).encode('utf-8'))
 
-        return md5.hexdigest()
+        if self.signature_method is None:
+            hasher.update(self.signature_secret.encode())
 
-    def get(self, host, request_uri, params={}):
+        return hasher.hexdigest()
+
+    def get(self, host, request_uri, params=None):
         uri = 'https://' + host + request_uri
 
-        params = dict(params, api_key=self.api_key, api_secret=self.api_secret)
+        params = dict(params or {}, api_key=self.api_key, api_secret=self.api_secret)
 
         return self.parse(host, requests.get(uri, params=params, headers=self.headers))
 
@@ -295,10 +326,10 @@ def parse(self, host, response):
 
             raise ServerError(message)
 
-    def __get(self, request_uri, params={}):
+    def __get(self, request_uri, params=None):
         uri = 'https://' + self.api_host + request_uri
 
-        return self.parse(self.api_host, requests.get(uri, params=params, headers=self.__headers()))
+        return self.parse(self.api_host, requests.get(uri, params=params or {}, headers=self.__headers()))
 
     def __post(self, request_uri, params):
         uri = 'https://' + self.api_host + request_uri
@@ -322,7 +353,7 @@ def __headers(self):
         payload.setdefault('application_id', self.application_id)
         payload.setdefault('iat', iat)
         payload.setdefault('exp', iat + 60)
-        payload.setdefault('jti', str(uuid.uuid4()))
+        payload.setdefault('jti', str(uuid4()))
 
         token = jwt.encode(payload, self.private_key, algorithm='RS256')
 
 
@@ -0,0 +1,4 @@
+-e .
+pytest==3.1.2
+pytest-cov==2.5.1
+responses==0.5.1
@@ -1,2 +1,10 @@
+[tool:pytest]
+testpaths=tests
+addopts=--tb=short -p no:doctest
+norecursedirs = bin dist docs htmlcov .* {args}
+
 [pycodestyle]
 max-line-length=120
+
+[coverage:run]
+source= nexmo
@@ -22,7 +22,6 @@
           'Programming Language :: Python :: 2',
           'Programming Language :: Python :: 2.7',
           'Programming Language :: Python :: 3',
-          'Programming Language :: Python :: 3.3',
           'Programming Language :: Python :: 3.4',
           'Programming Language :: Python :: 3.5',
           'Programming Language :: Python :: 3.6',