def setUp(self): self.data = 'cogitoergosum' self.exp = time.time() + 3600 self.jar = AuthCookieJar()
class AuthCookieTestCase(unittest.TestCase): _format = 'Set-Cookie: _M2AUTH_="exp=%s&data=%s&digest=%s"' if sys.version_info < (2, 5): _format += ';' _token = '_M2AUTH_' def setUp(self): self.data = 'cogitoergosum' self.exp = time.time() + 3600 self.jar = AuthCookieJar() def tearDown(self): pass def test_mix_unmix(self): dough = mix(self.exp, self.data) exp, data = unmix(dough) self.failUnlessEqual(data, self.data) self.failUnlessEqual(exp, self.exp) def test_make_cookie(self): c = self.jar.makeCookie(self.exp, self.data) self.failUnless(isinstance(c, AuthCookie)) self.failUnlessEqual(c.expiry(), self.exp) self.failUnlessEqual(c.data(), self.data) # Peek inside the cookie jar... key = self.jar._key mac = binascii.b2a_base64( EVP.hmac(key, mix(self.exp, self.data), 'sha1'))[:-1] self.failUnlessEqual(c.mac(), mac) # Ok, stop peeking now. cookie_str = self._format % (repr(self.exp), self.data, mac) self.failUnlessEqual(c.output(), cookie_str) def test_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) self.failUnless(c.isExpired()) def test_not_expired(self): c = self.jar.makeCookie(self.exp, self.data) self.failIf(c.isExpired()) def test_is_valid(self): c = self.jar.makeCookie(self.exp, self.data) self.failUnless(self.jar.isGoodCookie(c)) def test_is_invalid_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) self.failIf(self.jar.isGoodCookie(c)) def test_is_invalid_changed_exp(self): c = self.jar.makeCookie(self.exp, self.data) c._expiry = 'this is bad' self.failIf(self.jar.isGoodCookie(c)) def test_is_invalid_changed_data(self): c = self.jar.makeCookie(self.exp, self.data) c._data = 'this is bad' self.failIf(self.jar.isGoodCookie(c)) def test_is_invalid_changed_mac(self): c = self.jar.makeCookie(self.exp, self.data) c._mac = 'this is bad' self.failIf(self.jar.isGoodCookie(c)) def test_mix_unmix3(self): c = self.jar.makeCookie(self.exp, self.data) s = Cookie.SmartCookie() s.load(c.output()) exp, data, digest = unmix3(s[self._token].value) self.failUnlessEqual(data, self.data) self.failUnlessEqual(float(exp), self.exp) key = self.jar._key # Peeking... mac = binascii.b2a_base64( EVP.hmac(key, mix(self.exp, self.data), 'sha1'))[:-1] self.failUnlessEqual(digest, mac) def test_cookie_str(self): c = self.jar.makeCookie(self.exp, self.data) self.failUnless(self.jar.isGoodCookieString(c.output())) def test_cookie_str2(self): c = self.jar.makeCookie(self.exp, self.data) s = Cookie.SmartCookie() s.load(c.output()) self.failUnless(self.jar.isGoodCookieString(s.output())) def test_cookie_str_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) s = Cookie.SmartCookie() s.load(c.output()) self.failIf(self.jar.isGoodCookieString(s.output())) def test_cookie_str_arbitrary_change(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() str = cout[:32] + 'this is bad' + cout[32:] s = Cookie.SmartCookie() s.load(str) self.failIf(self.jar.isGoodCookieString(s.output())) def test_cookie_str_changed_exp(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() str = cout[:26] + chr(ord(cout[26]) ^ 1) + cout[27:] s = Cookie.SmartCookie() s.load(str) self.failIf(self.jar.isGoodCookieString(s.output())) def test_cookie_str_changed_data(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() str = cout[:36] + chr(ord(cout[36]) ^ 1) + cout[37:] s = Cookie.SmartCookie() s.load(str) self.failIf(self.jar.isGoodCookieString(s.output())) def test_cookie_str_changed_mac(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() str = cout[:76] + chr(ord(cout[76]) ^ 1) + cout[77:] s = Cookie.SmartCookie() s.load(str) self.failIf(self.jar.isGoodCookieString(s.output()))
class AuthCookieTestCase(unittest.TestCase): _format = 'Set-Cookie: _M2AUTH_="exp=%f&data=%s&digest=%s"' _token = '_M2AUTH_' def setUp(self): self.data = 'cogitoergosum' self.exp = time.time() + 3600 self.jar = AuthCookieJar() def tearDown(self): pass def _corrupt_part_str(self, s, fr, to): # type: (str, int, int) -> str out = s[:fr] + ''.join([chr(ord(x) + 13) for x in s[fr:to]]) + s[to:] self.assertNotEqual(s, out) return out def test_encode_part_str(self): a_str = 'a1b2c3d4e5f6h7i8j9' self.assertEqual(self._corrupt_part_str(a_str, 3, 5), 'a1b?p3d4e5f6h7i8j9') def test_mix_unmix(self): dough = mix(self.exp, self.data) exp, data = unmix(dough) self.assertEqual(data, self.data) # we are comparing seconds here, ten-thousandth # second should be enough. self.assertAlmostEqual(exp, self.exp, places=4) def test_make_cookie(self): c = self.jar.makeCookie(self.exp, self.data) self.assertTrue(isinstance(c, AuthCookie)) self.assertEqual(c.expiry(), self.exp) self.assertEqual(c.data(), self.data) # Peek inside the cookie jar... key = self.jar._key # pylint: disable=protected-access mac = util.bin_to_hex( EVP.hmac(key, six.ensure_binary(mix(self.exp, self.data)), 'sha1')) self.assertEqual(c.mac(), mac) # Ok, stop peeking now. cookie_str = self._format % (self.exp, self.data, mac) self.assertEqual(c.output(), cookie_str) def test_make_cookie_invalid(self): with self.assertRaises(ValueError): self.jar.makeCookie("complete nonsense", self.data) def test_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) self.assertTrue(c.isExpired()) def test_not_expired(self): c = self.jar.makeCookie(self.exp, self.data) self.assertFalse(c.isExpired()) def test_is_valid(self): c = self.jar.makeCookie(self.exp, self.data) self.assertTrue(self.jar.isGoodCookie(c)) def test_is_invalid_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) self.assertFalse(self.jar.isGoodCookie(c)) def test_is_invalid_changed_exp(self): c = self.jar.makeCookie(self.exp, self.data) c._expiry = 0 # pylint: disable=protected-access self.assertFalse(self.jar.isGoodCookie(c)) def test_is_invalid_changed_data(self): c = self.jar.makeCookie(self.exp, self.data) c._data = 'this is bad' # pylint: disable=protected-access self.assertFalse(self.jar.isGoodCookie(c)) def test_is_invalid_changed_mac(self): c = self.jar.makeCookie(self.exp, self.data) c._mac = 'this is bad' # pylint: disable=protected-access self.assertFalse(self.jar.isGoodCookie(c)) def test_mix_unmix3(self): c = self.jar.makeCookie(self.exp, self.data) s = SimpleCookie() s.load(c.output(header="")) exp, data, digest = unmix3(s[self._token].value) self.assertEqual(data, self.data) # see comment in test_mix_unmix self.assertAlmostEqual(exp, self.exp, places=4) key = self.jar._key # pylint: disable=protected-access mac = util.bin_to_hex( EVP.hmac(key, six.ensure_binary(mix(self.exp, self.data)), 'sha1')) self.assertEqual(digest, mac) def test_cookie_str(self): c = self.jar.makeCookie(self.exp, self.data) self.assertTrue(self.jar.isGoodCookieString(c.output(header=""))) def test_cookie_str2(self): c = self.jar.makeCookie(self.exp, self.data) s = SimpleCookie() s.load(c.output(header="")) self.assertTrue(self.jar.isGoodCookieString(s.output(header=""))) def test_cookie_str_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) s = SimpleCookie() s.load(c.output(header="")) self.assertFalse(self.jar.isGoodCookieString(s.output(header=""))) def test_cookie_str_arbitrary_change(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output(header="") cout_str = cout[:20] + 'this is bad' + cout[20:] s = SimpleCookie() s.load(cout_str) self.assertFalse(self.jar.isGoodCookieString(s.output(header=""))) def test_cookie_str_changed_exp(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output(header="") cout_str = self._corrupt_part_str(cout, 14, 16) s = SimpleCookie() s.load(cout_str) self.assertFalse(self.jar.isGoodCookieString(s.output(header=""))) def test_cookie_str_changed_data(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output(header="") cout_str = self._corrupt_part_str(cout, 24, 26) s = SimpleCookie() s.load(cout_str) self.assertFalse(self.jar.isGoodCookieString(s.output(header=""))) def test_cookie_str_changed_mac(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output(header="") cout_str = self._corrupt_part_str(cout, 64, 66) s = SimpleCookie() s.load(cout_str) self.assertFalse(self.jar.isGoodCookieString(s.output(header="")))
class AuthCookieTestCase(unittest.TestCase): _format = 'Set-Cookie: _M2AUTH_="exp=%f&data=%s&digest=%s"' _token = '_M2AUTH_' def setUp(self): self.data = 'cogitoergosum' self.exp = time.time() + 3600 self.jar = AuthCookieJar() def tearDown(self): pass def test_mix_unmix(self): dough = mix(self.exp, self.data) exp, data = unmix(dough) self.assertEqual(data, self.data) # we are comparing seconds here, ten-thousandth # second should be enough. self.assertAlmostEqual(exp, self.exp, places=4) def test_make_cookie(self): c = self.jar.makeCookie(self.exp, self.data) self.assertTrue(isinstance(c, AuthCookie)) self.assertEqual(c.expiry(), self.exp) self.assertEqual(c.data(), self.data) # Peek inside the cookie jar... key = self.jar._key # pylint: disable=protected-access mac = util.bin_to_hex( EVP.hmac(key, util.py3bytes(mix(self.exp, self.data)), 'sha1')) self.assertEqual(c.mac(), mac) # Ok, stop peeking now. cookie_str = self._format % (self.exp, self.data, mac) self.assertEqual(c.output(), cookie_str) def test_make_cookie_invalid(self): with self.assertRaises(ValueError): self.jar.makeCookie("complete nonsense", self.data) def test_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) self.assertTrue(c.isExpired()) def test_not_expired(self): c = self.jar.makeCookie(self.exp, self.data) self.assertFalse(c.isExpired()) def test_is_valid(self): c = self.jar.makeCookie(self.exp, self.data) self.assertTrue(self.jar.isGoodCookie(c)) def test_is_invalid_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) self.assertFalse(self.jar.isGoodCookie(c)) def test_is_invalid_changed_exp(self): c = self.jar.makeCookie(self.exp, self.data) c._expiry = 0 # pylint: disable=protected-access self.assertFalse(self.jar.isGoodCookie(c)) def test_is_invalid_changed_data(self): c = self.jar.makeCookie(self.exp, self.data) c._data = 'this is bad' # pylint: disable=protected-access self.assertFalse(self.jar.isGoodCookie(c)) def test_is_invalid_changed_mac(self): c = self.jar.makeCookie(self.exp, self.data) c._mac = 'this is bad' # pylint: disable=protected-access self.assertFalse(self.jar.isGoodCookie(c)) def test_mix_unmix3(self): c = self.jar.makeCookie(self.exp, self.data) s = SimpleCookie() s.load(c.output(header="")) exp, data, digest = unmix3(s[self._token].value) self.assertEqual(data, self.data) # see comment in test_mix_unmix self.assertAlmostEqual(exp, self.exp, places=4) key = self.jar._key # pylint: disable=protected-access mac = util.bin_to_hex( EVP.hmac(key, util.py3bytes(mix(self.exp, self.data)), 'sha1')) self.assertEqual(digest, mac) def test_cookie_str(self): c = self.jar.makeCookie(self.exp, self.data) self.assertTrue(self.jar.isGoodCookieString(c.output(header=""))) def test_cookie_str2(self): c = self.jar.makeCookie(self.exp, self.data) s = SimpleCookie() s.load(c.output(header="")) self.assertTrue(self.jar.isGoodCookieString(s.output(header=""))) def test_cookie_str_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) s = SimpleCookie() s.load(c.output(header="")) self.assertFalse(self.jar.isGoodCookieString(s.output(header=""))) def test_cookie_str_arbitrary_change(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output(header="") cout_str = cout[:20] + 'this is bad' + cout[20:] s = SimpleCookie() s.load(cout_str) self.assertFalse(self.jar.isGoodCookieString(s.output(header=""))) def test_cookie_str_changed_exp(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output(header="") cout_str = cout[:14] + '2' + cout[15:] s = SimpleCookie() s.load(cout_str) self.assertFalse(self.jar.isGoodCookieString(s.output(header=""))) def test_cookie_str_changed_data(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output(header="") cout_str = cout[:24] + 'X' + cout[25:] s = SimpleCookie() s.load(cout_str) self.assertFalse(self.jar.isGoodCookieString(s.output(header=""))) def test_cookie_str_changed_mac(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output(header="") cout_str = cout[:64] + 'X' + cout[65:] s = SimpleCookie() s.load(cout_str) self.assertFalse(self.jar.isGoodCookieString(s.output(header="")))
class AuthCookieTestCase(unittest.TestCase): _format = 'Set-Cookie: _M2AUTH_="exp=%s&data=%s&digest=%s"' if sys.version_info < (2,5): _format += ';' _token = '_M2AUTH_' def setUp(self): self.data = 'cogitoergosum' self.exp = time.time() + 3600 self.jar = AuthCookieJar() def tearDown(self): pass def test_mix_unmix(self): dough = mix(self.exp, self.data) exp, data = unmix(dough) self.failUnlessEqual(data, self.data) self.failUnlessEqual(exp, self.exp) def test_make_cookie(self): c = self.jar.makeCookie(self.exp, self.data) self.failUnless(isinstance(c, AuthCookie)) self.failUnlessEqual(c.expiry(), self.exp) self.failUnlessEqual(c.data(), self.data) # Peek inside the cookie jar... key = self.jar._key mac = binascii.b2a_base64(EVP.hmac(key, mix(self.exp, self.data), 'sha1'))[:-1] self.failUnlessEqual(c.mac(), mac) # Ok, stop peeking now. cookie_str = self._format % (repr(self.exp), self.data, mac) self.failUnlessEqual(c.output(), cookie_str) def test_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) self.failUnless(c.isExpired()) def test_not_expired(self): c = self.jar.makeCookie(self.exp, self.data) self.failIf(c.isExpired()) def test_is_valid(self): c = self.jar.makeCookie(self.exp, self.data) self.failUnless(self.jar.isGoodCookie(c)) def test_is_invalid_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) self.failIf(self.jar.isGoodCookie(c)) def test_is_invalid_changed_exp(self): c = self.jar.makeCookie(self.exp, self.data) c._expiry = 'this is bad' self.failIf(self.jar.isGoodCookie(c)) def test_is_invalid_changed_data(self): c = self.jar.makeCookie(self.exp, self.data) c._data = 'this is bad' self.failIf(self.jar.isGoodCookie(c)) def test_is_invalid_changed_mac(self): c = self.jar.makeCookie(self.exp, self.data) c._mac = 'this is bad' self.failIf(self.jar.isGoodCookie(c)) def test_mix_unmix3(self): c = self.jar.makeCookie(self.exp, self.data) s = Cookie.SmartCookie() s.load(c.output()) exp, data, digest = unmix3(s[self._token].value) self.failUnlessEqual(data, self.data) self.failUnlessEqual(float(exp), self.exp) key = self.jar._key # Peeking... mac = binascii.b2a_base64(EVP.hmac(key, mix(self.exp, self.data), 'sha1'))[:-1] self.failUnlessEqual(digest, mac) def test_cookie_str(self): c = self.jar.makeCookie(self.exp, self.data) self.failUnless(self.jar.isGoodCookieString(c.output())) def test_cookie_str2(self): c = self.jar.makeCookie(self.exp, self.data) s = Cookie.SmartCookie() s.load(c.output()) self.failUnless(self.jar.isGoodCookieString(s.output())) def test_cookie_str_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) s = Cookie.SmartCookie() s.load(c.output()) self.failIf(self.jar.isGoodCookieString(s.output())) def test_cookie_str_arbitrary_change(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() str = cout[:32] + 'this is bad' + cout[32:] s = Cookie.SmartCookie() s.load(str) self.failIf(self.jar.isGoodCookieString(s.output())) def test_cookie_str_changed_exp(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() str = cout[:26] + chr(ord(cout[26])^1) + cout[27:] s = Cookie.SmartCookie() s.load(str) self.failIf(self.jar.isGoodCookieString(s.output())) def test_cookie_str_changed_data(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() str = cout[:36] + chr(ord(cout[36])^1) + cout[37:] s = Cookie.SmartCookie() s.load(str) self.failIf(self.jar.isGoodCookieString(s.output())) def test_cookie_str_changed_mac(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() str = cout[:76] + chr(ord(cout[76])^1) + cout[77:] s = Cookie.SmartCookie() s.load(str) self.failIf(self.jar.isGoodCookieString(s.output()))
class AuthCookieTestCase(unittest.TestCase): _format = 'Set-Cookie: _M2AUTH_="exp=%s&data=%s&digest=%s"' _token = '_M2AUTH_' def setUp(self): self.data = 'cogitoergosum' self.exp = time.time() + 3600 self.jar = AuthCookieJar() def tearDown(self): pass def test_mix_unmix(self): dough = mix(self.exp, self.data) exp, data = unmix(dough) self.assertEqual(data, self.data) self.assertEqual(exp, self.exp) def test_make_cookie(self): c = self.jar.makeCookie(self.exp, self.data) self.assertTrue(isinstance(c, AuthCookie)) self.assertEqual(c.expiry(), self.exp) self.assertEqual(c.data(), self.data) # Peek inside the cookie jar... key = self.jar._key mac = util.bin_to_hex( EVP.hmac(key, util.py3bytes(mix(self.exp, self.data)), 'sha1')) self.assertEqual(c.mac(), mac) # Ok, stop peeking now. cookie_str = self._format % (repr(self.exp), self.data, mac) self.assertEqual(c.output(), cookie_str) def test_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) self.assertTrue(c.isExpired()) def test_not_expired(self): c = self.jar.makeCookie(self.exp, self.data) self.assertFalse(c.isExpired()) def test_is_valid(self): c = self.jar.makeCookie(self.exp, self.data) self.assertTrue(self.jar.isGoodCookie(c)) def test_is_invalid_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) self.assertFalse(self.jar.isGoodCookie(c)) def test_is_invalid_changed_exp(self): c = self.jar.makeCookie(self.exp, self.data) c._expiry = 'this is bad' self.assertFalse(self.jar.isGoodCookie(c)) def test_is_invalid_changed_data(self): c = self.jar.makeCookie(self.exp, self.data) c._data = 'this is bad' self.assertFalse(self.jar.isGoodCookie(c)) def test_is_invalid_changed_mac(self): c = self.jar.makeCookie(self.exp, self.data) c._mac = 'this is bad' self.assertFalse(self.jar.isGoodCookie(c)) def test_mix_unmix3(self): c = self.jar.makeCookie(self.exp, self.data) s = SimpleCookie() s.load(c.output()) exp, data, digest = unmix3(s[self._token].value) self.assertEqual(data, self.data) self.assertEqual(float(exp), self.exp) key = self.jar._key # Peeking... mac = util.bin_to_hex( EVP.hmac(key, util.py3bytes(mix(self.exp, self.data)), 'sha1')) self.assertEqual(digest, mac) def test_cookie_str(self): c = self.jar.makeCookie(self.exp, self.data) self.assertTrue(self.jar.isGoodCookieString(c.output())) def test_cookie_str2(self): c = self.jar.makeCookie(self.exp, self.data) s = SimpleCookie() s.load(c.output()) self.assertTrue(self.jar.isGoodCookieString(s.output())) def test_cookie_str_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) s = SimpleCookie() s.load(c.output()) self.assertFalse(self.jar.isGoodCookieString(s.output())) def test_cookie_str_arbitrary_change(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() cout_str = cout[:32] + 'this is bad' + cout[32:] s = SimpleCookie() s.load(cout_str) self.assertFalse(self.jar.isGoodCookieString(s.output())) def test_cookie_str_changed_exp(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() cout_str = cout[:26] + '2' + cout[27:] s = SimpleCookie() s.load(cout_str) self.assertFalse(self.jar.isGoodCookieString(s.output())) def test_cookie_str_changed_data(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() cout_str = cout[:36] + 'X' + cout[37:] s = SimpleCookie() s.load(cout_str) self.assertFalse(self.jar.isGoodCookieString(s.output())) def test_cookie_str_changed_mac(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() cout_str = cout[:76] + 'X' + cout[77:] s = SimpleCookie() s.load(cout_str) self.assertFalse(self.jar.isGoodCookieString(s.output()))