def test_sign_uses_correct_key(self):
"If a key is provided, sign should use it; otherwise, use SECRET_KEY"
s = 'This is a string'
self.assertEqual(signed.sign(s),
s + '.' + signed.base64_hmac(s, settings.SECRET_KEY))
self.assertEqual(signed.sign(s, 'sekrit'),
s + '.' + signed.base64_hmac(s, 'sekrit'))
def test_sign_uses_correct_key(self):
"If a key is provided, sign should use it; otherwise, use SECRET_KEY"
s = 'This is a string'
self.assertEqual(
signed.sign(s),
s + '.' + signed.base64_hmac(s, settings.SECRET_KEY)
)
self.assertEqual(
signed.sign(s, 'sekrit'),
s + '.' + signed.base64_hmac(s, 'sekrit')
)
def unsign_detects_tampering(self):
value = "Another string"
signed_value = signed.sign(value)
transforms = (lambda s: s.upper(), lambda s: s + "a", lambda s: "a" + s[1:], lambda s: s.replace(":", ""))
self.assertEqual(value, signed.unsign(signed_value))
for transform in transforms:
self.assertRaises(signed.BadSignature, signed.unsign, transform(signed_value))
def generate_recovery_code(self, user):
# Code is {hex-days}.{hex-userid}.{signature}
days = int_to_hex(
(datetime.date.today() - self.recovery_origin_date).days)
token = '%s.%s' % (days, int_to_hex(user.id))
return signed.sign(
token,
key=(self.recovery_link_secret or settings.SECRET_KEY) +
self.recovery_link_salt)
def generate_recovery_code(self, user):
# Code is {hex-days}.{hex-userid}.{signature}
days = int_to_hex(
(datetime.date.today() - self.recovery_origin_date).days
)
token = '%s.%s' % (days, int_to_hex(user.id))
return signed.sign(token, key = (
self.recovery_link_secret or settings.SECRET_KEY
) + self.recovery_link_salt)
def sign_is_reversible(self):
examples = (
'q;wjmbk;wkmb',
'3098247529087',
'3098247:529:087:',
'jkw osanteuh ,rcuh nthu aou oauh ,ud du',
u'\u2019'.encode('utf8'),
)
for example in examples:
self.assert_(example != signed.sign(example))
self.assertEqual(example, signed.unsign(utils.sign(example)))
def sign_is_reversible(self):
examples = (
'q;wjmbk;wkmb',
'3098247529087',
'3098247:529:087:',
'jkw osanteuh ,rcuh nthu aou oauh ,ud du',
u'\u2019'.encode('utf8'),
)
for example in examples:
self.assert_(example != signed.sign(example))
self.assertEqual(example, signed.unsign(utils.sign(example)))
def sign_is_reversible(self):
examples = (
"q;wjmbk;wkmb",
"3098247529087",
"3098247:529:087:",
"jkw osanteuh ,rcuh nthu aou oauh ,ud du",
u"\u2019".encode("utf8"),
)
for example in examples:
self.assert_(example != signed.sign(example))
self.assertEqual(example, signed.unsign(utils.sign(example)))
def unsign_detects_tampering(self):
value = 'Another string'
signed_value = signed.sign(value)
transforms = (
lambda s: s.upper(),
lambda s: s + 'a',
lambda s: 'a' + s[1:],
lambda s: s.replace(':', ''),
)
self.assertEqual(value, signed.unsign(signed_value))
for transform in transforms:
self.assertRaises(signed.BadSignature, signed.unsign,
transform(signed_value))
def unsign_detects_tampering(self):
value = 'Another string'
signed_value = signed.sign(value)
transforms = (
lambda s: s.upper(),
lambda s: s + 'a',
lambda s: 'a' + s[1:],
lambda s: s.replace(':', ''),
)
self.assertEqual(value, signed.unsign(signed_value))
for transform in transforms:
self.assertRaises(
signed.BadSignature, signed.unsign, transform(signed_value)
)
def generate_confirm_code(self, user):
return signed.sign(str(user.id), key = (
self.confirm_link_secret or settings.SECRET_KEY
) + self.confirm_link_salt)
def generate_confirm_code(self, user):
return signed.sign(
int_to_hex(user.id),
key=(self.confirm_link_secret or settings.SECRET_KEY) +
self.confirm_link_salt)
def test_sign_uses_correct_key(self):
"If a key is provided, sign should use it; otherwise, use SECRET_KEY"
s = "This is a string"
self.assertEqual(signed.sign(s), s + "." + signed.base64_sha1(s + settings.SECRET_KEY))
self.assertEqual(signed.sign(s, "sekrit"), s + "." + signed.base64_sha1(s + "sekrit"))
