def send(login, site, user):
cmd = gaecookie_facade.sign('ticket', login.key.id())
cmd.execute()
signed = cmd.result
link = settings.APP_HOME + router.to_path(redirect, lang, signed)
values = {'APP_NAME': settings.APP_NAME, 'site': site.domain, 'login_link': link}
body = _render('login_email.txt', values)
subject = _('%(site)s Login Link') % {'site': site.domain}
logging.info(user)
logging.info(body)
mail.send_mail(settings.SENDER_EMAIL,
user.email,
subject,
body)
def test_secure_angular_ajax_access(self):
handler = Mock()
csrf_code = 'abc'
token = facade.sign('XSRF-RANDOM', csrf_code).execute().result
handler.request.cookies.get = lambda k: token
handler.request.headers.get = lambda k: csrf_code
def secure():
pass
dependencies = {'_fcn': secure}
request_args = {}
csrf_middleware = CSRFMiddleware(handler, dependencies, request_args)
self.assertFalse(csrf_middleware.set_up())
def send(login, site, user):
cmd = gaecookie_facade.sign('ticket', login.key.id())
cmd.execute()
signed = cmd.result
link = settings.APP_HOME + router.to_path(redirect, lang, signed)
values = {
'APP_NAME': settings.APP_NAME,
'site': site.domain,
'login_link': link
}
body = _render('login_email.txt', values)
subject = _('%(site)s Login Link') % {'site': site.domain}
logging.info(user)
logging.info(body)
mail.send_mail(settings.SENDER_EMAIL, user.email, subject, body)
def test_success(self, hook='https://pswdless.appspot.com/foo', expected_query_string='?ticket=%s'):
lg = Login(status=LOGIN_EMAIL, hook=hook)
lg.put()
cmd = cookie_facade.sign('ticket', lg.key.id())
cmd.execute()
redirect_mock = Mock()
validate_cmd = facade.validate_login_link(cmd.result, redirect_mock)
validate_cmd.execute()
self.assertDictEqual({}, validate_cmd.errors)
login_db = validate_cmd.result
self.assertEqual(lg.key, login_db.key)
self.assertEqual(login_db.status, LOGIN_CLICK)
search = LoginStatusArcSearch(login_db)
search.execute()
self.assertEqual(1, len(search.result))
lg_status = search.result[0]
self.assertIsInstance(lg_status, LoginStatus)
self.assertEqual(lg_status.label, LOGIN_CLICK)
redirect_mock.assert_called_once_with(hook + (expected_query_string % lg.key.id()))
def test_secure_form_access(self):
handler = Mock()
csrf_code = 'abc'
token = facade.sign('XSRF-RANDOM', csrf_code).execute().result
def get_cookie(name):
if name == 'XSRF-RANDOM':
return token
handler.request.cookies.get = get_cookie
def secure():
pass
dependencies = {'_fcn': secure}
request_args = {'_csrf_code': csrf_code}
# removes _csrf_code from request_args to dependencies
CSRFInputToDependency(handler, dependencies, request_args).set_up()
csrf_middleware = CSRFMiddleware(handler, dependencies, request_args)
self.assertFalse(csrf_middleware.set_up())
self.assertDictEqual({}, request_args, '_csrf_code must be removed from request_args')
def test_success(self,
hook='https://pswdless.appspot.com/foo',
expected_query_string='?ticket=%s'):
lg = Login(status=LOGIN_EMAIL, hook=hook)
lg.put()
cmd = cookie_facade.sign('ticket', lg.key.id())
cmd.execute()
redirect_mock = Mock()
validate_cmd = facade.validate_login_link(cmd.result, redirect_mock)
validate_cmd.execute()
self.assertDictEqual({}, validate_cmd.errors)
login_db = validate_cmd.result
self.assertEqual(lg.key, login_db.key)
self.assertEqual(login_db.status, LOGIN_CLICK)
search = LoginStatusArcSearch(login_db)
search.execute()
self.assertEqual(1, len(search.result))
lg_status = search.result[0]
self.assertIsInstance(lg_status, LoginStatus)
self.assertEqual(lg_status.label, LOGIN_CLICK)
redirect_mock.assert_called_once_with(hook + (expected_query_string %
lg.key.id()))
def test_http_get_no_working_on_secure(self):
handler = Mock()
handler.request.method = 'GET'
# Making a perfect valid call but the http method GET
csrf_code = 'abc'
token = facade.sign('XSRF-RANDOM', csrf_code).execute().result
def get_cookie(name):
if name == 'XSRF-RANDOM':
return token
handler.request.cookies.get = get_cookie
def secure():
pass
dependencies = {'_fcn': secure}
request_args = {'_csrf_code': csrf_code}
# removes _csrf_code from request_args to dependencies
CSRFInputToDependency(handler, dependencies, request_args).set_up()
csrf_middleware = CSRFMiddleware(handler, dependencies, request_args)
self.assertTrue(csrf_middleware.set_up(), 'should be false because the http method is GET')
def test_not_existing_login(self):
cmd = cookie_facade.sign('ticket', 2)
cmd.execute()
self._assert_error(cmd.result)
def _assert_wrong_status(self, status):
login = Login(status=status, hook='https://pswdless.appspot.com/foo')
login.put()
cmd = cookie_facade.sign('ticket', login.key.id())
cmd.execute()
self._assert_error(cmd.result)
def test_success(self):
signed = facade.sign('foo', 'bar')()
renew()
signed_after_renew = facade.sign('foo', 'bar')()
self.assertNotEqual(signed, signed_after_renew)
def test_not_existing_login(self):
cmd = cookie_facade.sign('ticket', 2)
cmd.execute()
self._assert_error(cmd.result)
def _assert_wrong_status(self, status):
login = Login(status=status, hook='https://pswdless.appspot.com/foo')
login.put()
cmd = cookie_facade.sign('ticket', login.key.id())
cmd.execute()
self._assert_error(cmd.result)
