def test_next_nonce_generation(self):
nm = SignedNonceManager(soft_timeout=0.1)
environ = make_environ()
nonce1 = nm.generate_nonce(environ)
self.failUnless(nm.is_valid_nonce(nonce1, environ))
# next-nonce is not generated until the soft timeout expires.
self.assertEquals(nm.get_next_nonce(nonce1, environ), None)
time.sleep(0.1)
nonce2 = nm.get_next_nonce(nonce1, environ)
self.assertNotEquals(nonce2, None)
self.assertNotEquals(nonce2, nonce1)
self.failUnless(nm.is_valid_nonce(nonce1, environ))
self.failUnless(nm.is_valid_nonce(nonce2, environ))
def test_next_nonce_generation(self):
nm = SignedNonceManager(soft_timeout=0.1)
environ = make_environ()
nonce1 = nm.generate_nonce(environ)
self.failUnless(nm.is_valid_nonce(nonce1, environ))
# next-nonce is not generated until the soft timeout expires.
self.assertEquals(nm.get_next_nonce(nonce1, environ), None)
time.sleep(0.1)
nonce2 = nm.get_next_nonce(nonce1, environ)
self.assertNotEquals(nonce2, None)
self.assertNotEquals(nonce2, nonce1)
self.failUnless(nm.is_valid_nonce(nonce1, environ))
self.failUnless(nm.is_valid_nonce(nonce2, environ))
def test_nonce_validation(self):
nm = SignedNonceManager(timeout=0.1)
environ = make_environ(HTTP_USER_AGENT="good-user")
# malformed nonces should be invalid
self.failIf(nm.is_valid_nonce("", environ))
self.failIf(nm.is_valid_nonce("IHACKYOU", environ))
# immediately-generated nonces should be valid.
nonce = nm.generate_nonce(environ)
self.failUnless(nm.is_valid_nonce(nonce, environ))
# tampered-with nonces should be invalid
self.failIf(nm.is_valid_nonce(nonce + "IHACKYOU", environ))
# nonces are only valid for specific user-agent
environ2 = make_environ(HTTP_USER_AGENT="nasty-hacker")
self.failIf(nm.is_valid_nonce(nonce, environ2))
# expired nonces should be invalid
self.failUnless(nm.is_valid_nonce(nonce, environ))
time.sleep(0.1)
self.failIf(nm.is_valid_nonce(nonce, environ))
def test_nonce_validation(self):
nm = SignedNonceManager(timeout=0.1)
environ = make_environ(HTTP_USER_AGENT="good-user")
# malformed nonces should be invalid
self.failIf(nm.is_valid_nonce("", environ))
self.failIf(nm.is_valid_nonce("IHACKYOU", environ))
# immediately-generated nonces should be valid.
nonce = nm.generate_nonce(environ)
self.failUnless(nm.is_valid_nonce(nonce, environ))
# tampered-with nonces should be invalid
self.failIf(nm.is_valid_nonce(nonce + "IHACKYOU", environ))
# nonces are only valid for specific user-agent
environ2 = make_environ(HTTP_USER_AGENT="nasty-hacker")
self.failIf(nm.is_valid_nonce(nonce, environ2))
# expired nonces should be invalid
self.failUnless(nm.is_valid_nonce(nonce, environ))
time.sleep(0.1)
self.failIf(nm.is_valid_nonce(nonce, environ))
