def test_nonceexists(self):
"Test the failure of a pre-existing nonce"
nonce = Nonce(nonce="NONCE", timestamp=self.timestamp, credentials=self.rfc_credentials)
nonce.save()
self.signature.update(timestamp=self.now, nonce="NONCE")
c = Client()
response = c.get("/protected_resource",
HTTP_AUTHORIZATION=self.signature.get_header(),
HTTP_HOST="example.com")
self.assertEqual(response.status_code, 401)
self.assertIn("NONCE".upper(), response["WWW-Authenticate"].upper())
def validate_nonce(self):
"Validates that the nonce is not a repeat"
# Convert the timestamp to a datetime object
timestamp = datetime.datetime(1970,1,1) + \
datetime.timedelta(seconds=int(self.data["ts"]))
# Convert this timestamp to UTC if we are timezone-aware
timestamp = to_utc(timestamp)
# Try and get a nonce object with these values
try:
Nonce.objects.get(nonce=self.data["nonce"], timestamp=timestamp, credentials=self.credentials)
self.error = "Duplicate nonce"
return False
except Nonce.DoesNotExist:
# Create the nonce, then return true
nonce = Nonce(nonce=self.data["nonce"], timestamp=timestamp, credentials=self.credentials)
nonce.save()
return True
return False