def test_nonces_dont_keep_growing(self):
     u = self.make_user('*****@*****.**')
     # Subsequent calls for make_for overwrite existing nonce
     # values of the same type.
     value1 = UserNonce.make_for(u, "type1").value
     value2 = UserNonce.make_for(u, "type1").value
     self.assertNotEquals(value1, value2)
     self.assertEquals(1, UserNonce.all().ancestor(u).count())
Beispiel #2
0
 def validate_signature_for(self, user_data):
     nonce_entity = UserNonce.get_for(user_data, "https_transfer")
     if nonce_entity is None:
         return False
     nonce = nonce_entity.value
     expected = BaseSecureToken.sign_payload(user_data, self.timestamp,
                                             nonce)
     return expected == self.signature
Beispiel #3
0
    def make_token_signature(user_data, timestamp):
        if not user_data.credential_version:
            raise TokenError("Can't make password reset token for "
                             "user with no password.")

        nonce = UserNonce.make_for(user_data, "pw_reset").value
        return BaseSecureToken.sign_payload(user_data, timestamp, nonce,
                                            user_data.credential_version)
Beispiel #4
0
 def validate_signature_for(self, user_data):
     nonce_entity = UserNonce.get_for(user_data, "https_transfer")
     if nonce_entity is None:
         return False
     nonce = nonce_entity.value
     expected = BaseSecureToken.sign_payload(user_data,
                                             self.timestamp,
                                             nonce)
     return expected == self.signature
Beispiel #5
0
    def validate_signature_for(self, user_data):
        nonce_entity = UserNonce.get_for(user_data, "pw_reset")
        if nonce_entity is None:
            return False

        nonce = nonce_entity.value
        expected = BaseSecureToken.sign_payload(user_data, self.timestamp,
                                                nonce,
                                                user_data.credential_version)
        return expected == self.signature
Beispiel #6
0
    def make_token_signature(user_data, timestamp):
        if not user_data.credential_version:
            raise TokenError("Can't make password reset token for "
                             "user with no password.")

        nonce = UserNonce.make_for(user_data, "pw_reset").value
        return BaseSecureToken.sign_payload(user_data,
                                            timestamp,
                                            nonce,
                                            user_data.credential_version)
Beispiel #7
0
    def validate_signature_for(self, user_data):
        nonce_entity = UserNonce.get_for(user_data, "pw_reset")
        if nonce_entity is None:
            return False

        nonce = nonce_entity.value
        expected = BaseSecureToken.sign_payload(user_data,
                                                self.timestamp,
                                                nonce,
                                                user_data.credential_version)
        return expected == self.signature
    def test_nonce_values_are_user_specific(self):
        bob = self.make_user('*****@*****.**')
        joe = self.make_user('*****@*****.**')
        UserNonce.make_for(bob, "type")

        self.assertTrue(UserNonce.get_for(joe, "type") is None)
 def test_nonce_types_distinct(self):
     u = self.make_user('*****@*****.**')
     type1 = UserNonce.make_for(u, "type1")
     self.assertTrue(UserNonce.get_for(u, "type2") is None)
     self.assertEquals(type1.value, UserNonce.get_for(u, "type1").value)
Beispiel #10
0
 def make_token_signature(user_data, timestamp):
     nonce = UserNonce.make_for(user_data, "https_transfer").value
     return BaseSecureToken.sign_payload(user_data, timestamp, nonce)
Beispiel #11
0
 def make_token_signature(user_data, timestamp):
     nonce = UserNonce.make_for(user_data, "https_transfer").value
     return BaseSecureToken.sign_payload(user_data, timestamp, nonce)