class SessionStoreTests(TestCase):
def setUp(self):
req = RequestFactory().get('/')
req.META['REMOTE_ADDR'] = '10.0.0.1'
if get_paranoid:
self.sess = SessionStore(request_meta=req.META.copy())
else:
self.sess = SessionStore()
def test_save_load(self):
self.sess['secret'] = 'laser beams'
self.sess.save()
stor = self.sess.load()
self.assertEqual(stor['secret'], 'laser beams')
def test_wrong_key(self):
with self.settings(ENCRYPTED_COOKIE_KEY='the first key'):
self.sess['secret'] = 'laser beams'
self.sess.save()
with self.settings(ENCRYPTED_COOKIE_KEY='the second key'):
stor = self.sess.load()
# The DecryptionError is ignored and the session is reset.
self.assertEqual(dict(stor.items()), {})
@mock.patch('encrypted_cookies.signing.loads')
def test_bad_signature(self, loader):
loader.side_effect = signing.BadSignature
self.sess['secret'] = 'laser beams'
self.sess.save()
stor = self.sess.load()
# The BadSignature error is ignored and the session is reset.
self.assertEqual(dict(stor.items()), {})
@mock.patch('encrypted_cookies.signing.loads')
def test_bad_signing_value(self, loader):
loader.side_effect = ValueError
self.sess['secret'] = 'laser beams'
self.sess.save()
stor = self.sess.load()
# The ValueError is ignored and the session is reset.
self.assertEqual(dict(stor.items()), {})
@mock.patch('encrypted_cookies.EncryptingPickleSerializer')
def test_use_encrypted_pickles(self, PicklerClass):
pickler = mock.Mock()
PicklerClass.return_value = pickler
pickler.dumps.return_value = '<data>'
self.sess.save()
self.sess.load()
# Because there is multiple inheritance going on now, make
# sure that the encrypted pickler is used.
assert pickler.dumps.called
assert pickler.loads.called
@skipUnless(get_paranoid, 'django_paranoia not installed')
def test_cache_key(self):
ck = self.sess.cache_key
assert ck.startswith('django_paranoid'), (
'Unexpected cache key: %s' % ck)
@skipUnless(get_paranoid, 'django_paranoia not installed')
def test_paranoia_catches_tampering(self):
req = RequestFactory().get('/')
req.META['REMOTE_ADDR'] = '192.168.1.1' # alter this value.
with mock.patch('django_paranoia.sessions.warning.send') as warn:
self.sess.save()
self.sess.check_request_data(request=req)
assert warn.called
class SessionStoreTests(Base):
def setUp(self):
req = RequestFactory().get('/')
req.META['REMOTE_ADDR'] = '10.0.0.1'
self.sess = SessionStore()
def test_save_load(self):
self.sess['secret'] = 'laser beams'
self.sess.save()
stor = self.sess.load()
self.assertEqual(stor['secret'], 'laser beams')
def test_wrong_key(self):
with self.settings(ENCRYPTED_COOKIE_KEYS=[Fernet.generate_key()]):
self.sess['secret'] = 'laser beams'
self.sess.save()
with self.settings(ENCRYPTED_COOKIE_KEYS=[Fernet.generate_key()]):
stor = self.sess.load()
# The decryption error is ignored and the session is reset.
self.assertEqual(dict(stor.items()), {})
def test_key_rotation(self):
key1 = Fernet.generate_key()
with self.settings(ENCRYPTED_COOKIE_KEYS=[key1]):
self.sess['secret'] = 'laser beams'
self.sess.save()
# Decrypt a value using an old key:
with self.settings(
ENCRYPTED_COOKIE_KEYS=[Fernet.generate_key(), key1]):
stor = self.sess.load()
self.assertEqual(dict(stor.items()), {'secret': 'laser beams'})
@mock.patch('encrypted_cookies.signing.loads')
def test_bad_signature(self, loader):
loader.side_effect = signing.BadSignature
self.sess['secret'] = 'laser beams'
self.sess.save()
stor = self.sess.load()
# The BadSignature error is ignored and the session is reset.
self.assertEqual(dict(stor.items()), {})
@mock.patch('encrypted_cookies.signing.loads')
def test_bad_signing_value(self, loader):
loader.side_effect = ValueError
self.sess['secret'] = 'laser beams'
self.sess.save()
stor = self.sess.load()
# The ValueError is ignored and the session is reset.
self.assertEqual(dict(stor.items()), {})
@mock.patch('encrypted_cookies.EncryptingPickleSerializer')
def test_use_encrypted_pickles(self, PicklerClass):
pickler = mock.Mock()
PicklerClass.return_value = pickler
pickler.dumps.return_value = '<data>'
self.sess.save()
self.sess.load()
# Because there is multiple inheritance going on now, make
# sure that the encrypted pickler is used.
assert pickler.dumps.called
assert pickler.loads.called
class SessionStoreTests(TestCase):
def setUp(self):
req = RequestFactory().get('/')
req.META['REMOTE_ADDR'] = '10.0.0.1'
if get_paranoid:
self.sess = SessionStore(request_meta=req.META.copy())
else:
self.sess = SessionStore()
def test_save_load(self):
self.sess['secret'] = 'laser beams'
self.sess.save()
stor = self.sess.load()
self.assertEqual(stor['secret'], 'laser beams')
def test_wrong_key(self):
with self.settings(ENCRYPTED_COOKIE_KEY='the first key'):
self.sess['secret'] = 'laser beams'
self.sess.save()
with self.settings(ENCRYPTED_COOKIE_KEY='the second key'):
stor = self.sess.load()
# The DecryptionError is ignored and the session is reset.
self.assertEqual(dict(stor.items()), {})
@mock.patch('encrypted_cookies.signing.loads')
def test_bad_signature(self, loader):
loader.side_effect = signing.BadSignature
self.sess['secret'] = 'laser beams'
self.sess.save()
stor = self.sess.load()
# The BadSignature error is ignored and the session is reset.
self.assertEqual(dict(stor.items()), {})
@mock.patch('encrypted_cookies.signing.loads')
def test_bad_signing_value(self, loader):
loader.side_effect = ValueError
self.sess['secret'] = 'laser beams'
self.sess.save()
stor = self.sess.load()
# The ValueError is ignored and the session is reset.
self.assertEqual(dict(stor.items()), {})
@mock.patch('encrypted_cookies.EncryptingPickleSerializer')
def test_use_encrypted_pickles(self, PicklerClass):
pickler = mock.Mock()
PicklerClass.return_value = pickler
pickler.dumps.return_value = '<data>'
self.sess.save()
self.sess.load()
# Because there is multiple inheritance going on now, make
# sure that the encrypted pickler is used.
assert pickler.dumps.called
assert pickler.loads.called
@skipUnless(get_paranoid, 'django_paranoia not installed')
def test_cache_key(self):
ck = self.sess.cache_key
assert ck.startswith('django_paranoid'), ('Unexpected cache key: %s' %
ck)
@skipUnless(get_paranoid, 'django_paranoia not installed')
def test_paranoia_catches_tampering(self):
req = RequestFactory().get('/')
req.META['REMOTE_ADDR'] = '192.168.1.1' # alter this value.
with mock.patch('django_paranoia.sessions.warning.send') as warn:
self.sess.save()
self.sess.check_request_data(request=req)
assert warn.called