Muix2015
diff --git a/‎tests/unit/http/__init__.py b/‎tests/unit/http/__init__.py
diff --git a/‎tests/unit/http/test_validation_client.py
Lines changed: 107 additions & 0 deletions b/‎tests/unit/http/test_validation_client.py
Lines changed: 107 additions & 0 deletions
diff --git a/‎tests/unit/jwt/test_client_validation.py
Lines changed: 31 additions & 11 deletions b/‎tests/unit/jwt/test_client_validation.py
Lines changed: 31 additions & 11 deletions
diff --git a/‎twilio/http/validation_client.py
Lines changed: 18 additions & 10 deletions b/‎twilio/http/validation_client.py
Lines changed: 18 additions & 10 deletions
diff --git a/‎twilio/jwt/validation/__init__.py
Lines changed: 5 additions & 7 deletions b/‎twilio/jwt/validation/__init__.py
Lines changed: 5 additions & 7 deletions
@@ -0,0 +1,107 @@
+import unittest
+
+import mock
+from mock import patch, Mock
+from requests import Request
+from requests import Session
+
+from twilio.http.validation_client import ValidationClient
+
+
+class TestValidationClientHelpers(unittest.TestCase):
+    def setUp(self):
+        self.request = Request(
+            'GET',
+            'https://api.twilio.com/2010-04-01/Accounts/AC123/Messages',
+            auth=('Username', 'Password'),
+        )
+        self.request = self.request.prepare()
+        self.client = ValidationClient('AC123', 'SK123', 'CR123', 'private_key')
+
+    def test_build_validation_payload_basic(self):
+        validation_payload = self.client._build_validation_payload(self.request)
+        self.assertEqual('GET', validation_payload.method)
+        self.assertEqual('/2010-04-01/Accounts/AC123/Messages', validation_payload.path)
+        self.assertEqual('', validation_payload.query_string)
+        self.assertEqual(['authorization', 'host'], validation_payload.signed_headers)
+        self.assertEqual('', validation_payload.body)
+
+    def test_build_validation_payload_query_string_parsed(self):
+        self.request.url = self.request.url + '?QueryParam=1&Other=true'
+
+        validation_payload = self.client._build_validation_payload(self.request)
+
+        self.assertEqual('GET', validation_payload.method)
+        self.assertEqual('/2010-04-01/Accounts/AC123/Messages', validation_payload.path)
+        self.assertEqual('QueryParam=1&
6D40
;Other=true', validation_payload.query_string)
+        self.assertEqual(['authorization', 'host'], validation_payload.signed_headers)
+        self.assertEqual('', validation_payload.body)
+
+    def test_build_validation_payload_body_parsed(self):
+        self.request.body = 'foobar'
+
+        validation_payload = self.client._build_validation_payload(self.request)
+
+        self.assertEqual('GET', validation_payload.method)
+        self.assertEqual('/2010-04-01/Accounts/AC123/Messages', validation_payload.path)
+        self.assertEqual('', validation_payload.query_string)
+        self.assertEqual(['authorization', 'host'], validation_payload.signed_headers)
+        self.assertEqual('foobar', validation_payload.body)
+
+    def test_build_validation_payload_complex(self):
+        self.request.body = 'foobar'
+        self.request.url = self.request.url + '?WestCoast=BestCoast&EastCoast=LeastCoast'
+
+        validation_payload = self.client._build_validation_payload(self.request)
+
+        self.assertEqual('GET', validation_payload.method)
+        self.assertEqual('/2010-04-01/Accounts/AC123/Messages', validation_payload.path)
+        self.assertEqual(['authorization', 'host'], validation_payload.signed_headers)
+        self.assertEqual('foobar', validation_payload.body)
+        self.assertEqual('WestCoast=BestCoast&EastCoast=LeastCoast',
+                         validation_payload.query_string)
+
+    def test_get_host(self):
+        self.assertEqual('api.twilio.com', self.client._get_host(self.request))
+
+
+class TestValidationClientRequest(unittest.TestCase):
+
+    def setUp(self):
+        self.session_patcher = patch('twilio.http.validation_client.Session')
+        self.jwt_patcher = patch('twilio.http.validation_client.ClientValidationJwt')
+
+        self.session_mock = Mock(wraps=Session())
+        self.validation_token = self.jwt_patcher.start()
+        self.request_mock = Mock()
+
+        self.session_mock.prepare_request.return_value = self.request_mock
+        self.session_mock.send.return_value = Mock(status_code=200, content='test')
+        self.validation_token.return_value.to_jwt.return_value = 'test-token'
+        self.request_mock.headers = {}
+
+        session_constructor_mock = self.session_patcher.start()
+        session_constructor_mock.return_value = self.session_mock
+
+        self.client = ValidationClient('AC123', 'SK123', 'CR123', 'private_key')
+
+    def tearDown(self):
+        self.session_patcher.stop()
+        self.jwt_patcher.stop()
+
+    def test_request_does_not_overwrite_host_header(self):
+        self.request_mock.url = 'https://api.twilio.com/'
+
+        self.client.request('doesnt matter', 'doesnt matter')
+
+        self.assertEqual('api.twilio.com', self.request_mock.headers['Host'])
+        self.assertEqual('test-token', self.request_mock.headers['Twilio-Client-Validation'])
+
+    def test_request_sets_host_header_if_missing(self):
+        self.request_mock.url = 'https://api.twilio.com/'
+        self.request_mock.headers = {'Host': 'other.twilio.com'}
+
+        self.client.request('doesnt matter', 'doesnt matter')
+
+        self.assertEqual('other.twilio.com', self.request_mock.headers['Host'])
+        self.assertEqual('test-token', self.request_mock.headers['Twilio-Client-Validation'])
@@ -19,7 +19,7 @@ class ClientValidationJwtTest(unittest.TestCase):
     def test_generate_payload_basic(self):
         vp = ValidationPayload(
             method='GET',
-            url='https://api.twilio.com/',
+            path='https://api.twilio.com/',
             query_string='q1=v1',
             signed_headers=['headerb', 'headera'],
             all_headers={'head': 'toe', 'headera': 'vala', 'headerb': 'valb'},
@@ -47,7 +47,7 @@ def test_generate_payload_basic(self):
     def test_generate_payload_complex(self):
         vp = ValidationPayload(
             method='GET',
-            url='https://api.twilio.com/',
+            path='https://api.twilio.com/',
             query_string='q1=v1&q2=v2&a=b',
             signed_headers=['headerb', 'headera'],
             all_headers={'head': 'toe', 'Headerb': 'valb', 'yeezy': 'weezy'},
@@ -74,7 +74,7 @@ def test_generate_payload_complex(self):
     def test_generate_payload_no_query_string(self):
         vp = ValidationPayload(
             method='GET',
-            url='https://api.twilio.com/',
+            path='https://api.twilio.com/',
             query_string='',
             signed_headers=['headerb', 'headera'],
             all_headers={'head': 'toe', 'Headerb': 'valb', 'yeezy': 'weezy'},
@@ -101,11 +101,11 @@ def test_generate_payload_no_query_string(self):
     def test_generate_payload_no_req_body(self):
         vp = ValidationPayload(
             method='GET',
-            url='https://api.twilio.com/',
+            path='https://api.twilio.com/',
             query_string='q1=v1',
             signed_headers=['headerb', 'headera'],
             all_headers={'head': 'toe', 'headera': 'vala', 'headerb': 'valb'},
-            body=None
+            body=''
         )
 
         expected_payload = '\n'.join([
@@ -116,6 +116,7 @@ def test_generate_payload_no_req_body(self):
             'headerb:valb',
             '',
             'headera;headerb',
+            ''
         ])
         expected_payload = ClientValidationJwt._hash(expected_payload)
 
@@ -128,7 +129,7 @@ def test_generate_payload_no_req_body(self):
     def test_generate_payload_header_keys_lowercased(self):
         vp = ValidationPayload(
             method='GET',
-            url='https://api.twilio.com/',
+            path='https://api.twilio.com/',
             query_string='q1=v1',
             signed_headers=['headerb', 'headera'],
             all_headers={'head': 'toe', 'Headera': 'vala', 'Headerb': 'valb'},
@@ -156,7 +157,7 @@ def test_generate_payload_header_keys_lowercased(self):
     def test_generate_payload_no_headers(self):
         vp = ValidationPayload(
             method='GET',
-            url='https://api.twilio.com/',
+            path='https://api.twilio.com/',
             query_string='q1=v1',
             signed_headers=['headerb', 'headera'],
             all_headers={},
@@ -179,11 +180,11 @@ def test_generate_payload_no_headers(self):
         self.assertEqual('headera;headerb', actual_payload['hrh'])
         self.assertEqual(expected_payload, actual_payload['rqh'])
 
-    def test_generate_payload_schema_correct(self):
+    def test_generate_payload_schema_correct_1(self):
         """Test against a known good rqh payload hash"""
         vp = ValidationPayload(
             method='GET',
-            url='/Messages',
+            path='/Messages',
             query_string='PageSize=5&Limit=10',
             signed_headers=['authorization', 'host'],
             all_headers={'authorization': 'foobar', 'host': 'api.twilio.com'},
@@ -198,10 +199,29 @@ def test_generate_payload_schema_correct(self):
         self.assertEqual('authorization;host', actual_payload['hrh'])
         self.assertEqual(expected_hash, actual_payload['rqh'])
 
+    def test_generate_payload_schema_correct_2(self):
+        """Test against a known good rqh payload hash"""
+        vp = ValidationPayload(
+            method='POST',
+            path='/Messages',
+            query_string='',
+            signed_headers=['authorization', 'host'],
+            all_headers={'authorization': 'foobar', 'host': 'api.twilio.com'},
+            body='testbody'
+        )
+
+        expected_hash = 'bd792c967c20d546c738b94068f5f72758a10d26c12979677501e1eefe58c65a'
+
+        jwt = ClientValidationJwt('AC123', 'SK123', 'CR123', 'secret', vp)
+
+        actual_payload = jwt._generate_payload()
+        self.assertEqual('authorization;host', actual_payload['hrh'])
+        self.assertEqual(expected_hash, actual_payload['rqh'])
+
     def test_jwt_payload(self):
         vp = ValidationPayload(
             method='GET',
-            url='/Messages',
+            path='/Messages',
             query_string='PageSize=5&Limit=10',
             signed_headers=['authorization', 'host'],
             all_headers={'authorization': 'foobar', 'host': 'api.twilio.com'},
@@ -229,7 +249,7 @@ def test_jwt_payload(self):
     def test_jwt_signing(self):
         vp = ValidationPayload(
             method='GET',
-            url='/Messages',
+            path='/Messages',
             query_string='PageSize=5&Limit=10',
             signed_headers=['authorization', 'host'],
             all_headers={'authorization': 'foobar', 'host': 'api.twilio.com'},
 
@@ -1,3 +1,5 @@
+from urlparse import urlparse
+
 from collections import namedtuple
 
 from requests import Request, Session
@@ -7,7 +9,7 @@
 from twilio.jwt.validation import ClientValidationJwt
 
 
-ValidationPayload = namedtuple('ValidationPayload', ['method', 'url', 'query_string', 'all_headers',
+ValidationPayload = namedtuple('ValidationPayload', ['method', 'path', 'query_string', 'all_headers',
                                                      'signed_headers', 'body'])
 
 
@@ -54,7 +56,10 @@ def request(self, method, url, params=None, data=None, headers=None, auth=None,
         request = Request(method.upper(), url, params=params, data=data, headers=headers, auth=auth)
         prepared_request = session.prepare_request(request)
 
-        validation_payload = self.__build_validation_payload(prepared_request)
+        if 'Host' not in prepared_request.headers and 'host' not in prepared_request.headers:
+            prepared_request.headers['Host'] = self._get_host(prepared_request)
+
+        validation_payload = self._build_validation_payload(prepared_request)
         jwt = ClientValidationJwt(self.account_sid, self.api_key_sid, self.credential_sid,
                                   self.private_key, validation_payload)
         prepared_request.headers['Twilio-Client-Validation'] = jwt.to_jwt()
@@ -67,23 +72,26 @@ def request(self, method, url, params=None, data=None, headers=None, auth=None,
 
         return Response(int(response.status_code), response.content.decode('utf-8'))
 
-    def __build_validation_payload(self, request):
+    def _build_validation_payload(self, request):
         """
         Extract relevant information from request to build a ClientValidationJWT
         :param PreparedRequest request: request we will extract information from.
         :return: ValidationPayload
         """
-        try:
-            url, query_string = request.url.split('?', 1)
-        except ValueError:
-            url = request.url
-            query_string = ''
+        parsed = urlparse(request.url)
+        path = parsed.path
+        query_string = parsed.query or ''
 
         return ValidationPayload(
             method=request.method,
-            url=url,
+            path=path,
             query_string=query_string,
             all_headers=request.headers,
             signed_headers=ValidationClient.__SIGNED_HEADERS,
-            body=request.body
+            body=request.body or ''
         )
+
+    def _get_host(self, request):
+        """Pull the Host out of the request"""
+        parsed = urlparse(request.url)
+        return parsed.netloc
@@ -48,23 +48,21 @@ def _generate_payload(self):
         query_string = self.validation_payload.query_string.split('&')
         query_string = self._sort_and_join(query_string, '&')
 
-        req_body_hash = self._hash(self.validation_payload.body)
+        req_body_hash = self._hash(self.validation_payload.body) or ''
 
         signed_headers_str = ';'.join(signed_headers)
 
         signed_payload = [
             self.validation_payload.method,
-            self.validation_payload.url,
+            self.validation_payload.path,
             query_string,
         ]
 
         if headers_str:
             signed_payload.append(headers_str)
         signed_payload.append('')
         signed_payload.append(signed_headers_str)
-
-        if req_body_hash:
-            signed_payload.append(req_body_hash)
+        signed_payload.append(req_body_hash)
 
         signed_payload = '\n'.join(signed_payload)
 
@@ -81,8 +79,8 @@ def _sort_and_join(self, values, joiner):
 
     @classmethod
     def _hash(self, input_str):
-        if input_str is None:
-            return None
+        if not input_str:
+            return input_str
 
         if not isinstance(input_str, bytes):
             input_str = input_str.encode('utf-8')