def testDoublyEncodedCookieWithIncorrectPadding(self): from urllib import quote from base64 import encodestring from collective.usernamelogger import username TEST_USERNAME = '******' TEST_PASSWORD = '******' hex_credentials = ':'.join([token.encode('hex') for token in \ (TEST_USERNAME, TEST_PASSWORD)]) # base64 encode credentials - this will add '='s for padding b64encoded_credentials = encodestring(hex_credentials).strip() # Quote the base64 encoded string *twice* # This will mess up the padding unless it's unquoted twice broken_cookie = "__ac=%s" % quote(quote(b64encoded_credentials)) self.assertTrue(username(broken_cookie) == TEST_USERNAME)
def username(self, value): from collective.usernamelogger import username from base64 import encodestring return username('__ac=%s' % encodestring(value))