Add support for extracting timestamp from a Fernet token (#4229)

* Add API for retrieving the seconds-to-expiry for the token, given a TTL.

* Process PR feedback:

* Do compute the TTL, but just the age of the token. The caller
can decided what to do next.

* Factored out the HMAC signature verification to a separate function.

* Fixed a copy&paste mistake in the test cases

* Tests cleanup.

* `struct` no longer needed

* Document `def age()`

* typo in `age()` documentation

* token, not data

* remove test for TTL expiry that is already covered by the parameterized `test_invalid()`.

* let's call this extract_timestamp and just return timestamp

* review comments

* it's UNIX I know this

1 files changed, 9 insertions, 0 deletions

diff --git a/tests/test_fernet.py b/tests/test_fernet.py
index 6558d11b..75ecc356 100644
--- a/tests/test_fernet.py
+++ b/tests/test_fernet.py
@@ -122,6 +122,15 @@ class TestFernet(object):
         with pytest.raises(ValueError):
             Fernet(base64.urlsafe_b64encode(b"abc"), backend=backend)
 
+    def test_extract_timestamp(self, monkeypatch, backend):
+        f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend)
+        current_time = 1526138327
+        monkeypatch.setattr(time, "time", lambda: current_time)
+        token = f.encrypt(b'encrypt me')
+        assert f.extract_timestamp(token) == current_time
+        with pytest.raises(InvalidToken):
+            f.extract_timestamp(b"nonsensetoken")
+
 
 @pytest.mark.requires_backend_interface(interface=CipherBackend)
 @pytest.mark.requires_backend_interface(interface=HMACBackend)