def test_next_nonce_generation(self): nm = SignedNonceManager(soft_timeout=0.1) environ = make_environ() nonce1 = nm.generate_nonce(environ) self.failUnless(nm.is_valid_nonce(nonce1, environ)) # next-nonce is not generated until the soft timeout expires. self.assertEquals(nm.get_next_nonce(nonce1, environ), None) time.sleep(0.1) nonce2 = nm.get_next_nonce(nonce1, environ) self.assertNotEquals(nonce2, None) self.assertNotEquals(nonce2, nonce1) self.failUnless(nm.is_valid_nonce(nonce1, environ)) self.failUnless(nm.is_valid_nonce(nonce2, environ))
def test_next_nonce_generation(self): nm = SignedNonceManager(soft_timeout=0.1) environ = make_environ() nonce1 = nm.generate_nonce(environ) self.failUnless(nm.is_valid_nonce(nonce1, environ)) # next-nonce is not generated until the soft timeout expires. self.assertEquals(nm.get_next_nonce(nonce1, environ), None) time.sleep(0.1) nonce2 = nm.get_next_nonce(nonce1, environ) self.assertNotEquals(nonce2, None) self.assertNotEquals(nonce2, nonce1) self.failUnless(nm.is_valid_nonce(nonce1, environ)) self.failUnless(nm.is_valid_nonce(nonce2, environ))
def test_nonce_validation(self): nm = SignedNonceManager(timeout=0.1) environ = make_environ(HTTP_USER_AGENT="good-user") # malformed nonces should be invalid self.failIf(nm.is_valid_nonce("", environ)) self.failIf(nm.is_valid_nonce("IHACKYOU", environ)) # immediately-generated nonces should be valid. nonce = nm.generate_nonce(environ) self.failUnless(nm.is_valid_nonce(nonce, environ)) # tampered-with nonces should be invalid self.failIf(nm.is_valid_nonce(nonce + "IHACKYOU", environ)) # nonces are only valid for specific user-agent environ2 = make_environ(HTTP_USER_AGENT="nasty-hacker") self.failIf(nm.is_valid_nonce(nonce, environ2)) # expired nonces should be invalid self.failUnless(nm.is_valid_nonce(nonce, environ)) time.sleep(0.1) self.failIf(nm.is_valid_nonce(nonce, environ))
def test_nonce_validation(self): nm = SignedNonceManager(timeout=0.1) environ = make_environ(HTTP_USER_AGENT="good-user") # malformed nonces should be invalid self.failIf(nm.is_valid_nonce("", environ)) self.failIf(nm.is_valid_nonce("IHACKYOU", environ)) # immediately-generated nonces should be valid. nonce = nm.generate_nonce(environ) self.failUnless(nm.is_valid_nonce(nonce, environ)) # tampered-with nonces should be invalid self.failIf(nm.is_valid_nonce(nonce + "IHACKYOU", environ)) # nonces are only valid for specific user-agent environ2 = make_environ(HTTP_USER_AGENT="nasty-hacker") self.failIf(nm.is_valid_nonce(nonce, environ2)) # expired nonces should be invalid self.failUnless(nm.is_valid_nonce(nonce, environ)) time.sleep(0.1) self.failIf(nm.is_valid_nonce(nonce, environ))