def send(login, site, user): cmd = gaecookie_facade.sign('ticket', login.key.id()) cmd.execute() signed = cmd.result link = settings.APP_HOME + router.to_path(redirect, lang, signed) values = {'APP_NAME': settings.APP_NAME, 'site': site.domain, 'login_link': link} body = _render('login_email.txt', values) subject = _('%(site)s Login Link') % {'site': site.domain} logging.info(user) logging.info(body) mail.send_mail(settings.SENDER_EMAIL, user.email, subject, body)
def test_secure_angular_ajax_access(self): handler = Mock() csrf_code = 'abc' token = facade.sign('XSRF-RANDOM', csrf_code).execute().result handler.request.cookies.get = lambda k: token handler.request.headers.get = lambda k: csrf_code def secure(): pass dependencies = {'_fcn': secure} request_args = {} csrf_middleware = CSRFMiddleware(handler, dependencies, request_args) self.assertFalse(csrf_middleware.set_up())
def send(login, site, user): cmd = gaecookie_facade.sign('ticket', login.key.id()) cmd.execute() signed = cmd.result link = settings.APP_HOME + router.to_path(redirect, lang, signed) values = { 'APP_NAME': settings.APP_NAME, 'site': site.domain, 'login_link': link } body = _render('login_email.txt', values) subject = _('%(site)s Login Link') % {'site': site.domain} logging.info(user) logging.info(body) mail.send_mail(settings.SENDER_EMAIL, user.email, subject, body)
def test_success(self, hook='https://pswdless.appspot.com/foo', expected_query_string='?ticket=%s'): lg = Login(status=LOGIN_EMAIL, hook=hook) lg.put() cmd = cookie_facade.sign('ticket', lg.key.id()) cmd.execute() redirect_mock = Mock() validate_cmd = facade.validate_login_link(cmd.result, redirect_mock) validate_cmd.execute() self.assertDictEqual({}, validate_cmd.errors) login_db = validate_cmd.result self.assertEqual(lg.key, login_db.key) self.assertEqual(login_db.status, LOGIN_CLICK) search = LoginStatusArcSearch(login_db) search.execute() self.assertEqual(1, len(search.result)) lg_status = search.result[0] self.assertIsInstance(lg_status, LoginStatus) self.assertEqual(lg_status.label, LOGIN_CLICK) redirect_mock.assert_called_once_with(hook + (expected_query_string % lg.key.id()))
def test_secure_form_access(self): handler = Mock() csrf_code = 'abc' token = facade.sign('XSRF-RANDOM', csrf_code).execute().result def get_cookie(name): if name == 'XSRF-RANDOM': return token handler.request.cookies.get = get_cookie def secure(): pass dependencies = {'_fcn': secure} request_args = {'_csrf_code': csrf_code} # removes _csrf_code from request_args to dependencies CSRFInputToDependency(handler, dependencies, request_args).set_up() csrf_middleware = CSRFMiddleware(handler, dependencies, request_args) self.assertFalse(csrf_middleware.set_up()) self.assertDictEqual({}, request_args, '_csrf_code must be removed from request_args')
def test_http_get_no_working_on_secure(self): handler = Mock() handler.request.method = 'GET' # Making a perfect valid call but the http method GET csrf_code = 'abc' token = facade.sign('XSRF-RANDOM', csrf_code).execute().result def get_cookie(name): if name == 'XSRF-RANDOM': return token handler.request.cookies.get = get_cookie def secure(): pass dependencies = {'_fcn': secure} request_args = {'_csrf_code': csrf_code} # removes _csrf_code from request_args to dependencies CSRFInputToDependency(handler, dependencies, request_args).set_up() csrf_middleware = CSRFMiddleware(handler, dependencies, request_args) self.assertTrue(csrf_middleware.set_up(), 'should be false because the http method is GET')
def test_not_existing_login(self): cmd = cookie_facade.sign('ticket', 2) cmd.execute() self._assert_error(cmd.result)
def _assert_wrong_status(self, status): login = Login(status=status, hook='https://pswdless.appspot.com/foo') login.put() cmd = cookie_facade.sign('ticket', login.key.id()) cmd.execute() self._assert_error(cmd.result)
def test_success(self): signed = facade.sign('foo', 'bar')() renew() signed_after_renew = facade.sign('foo', 'bar')() self.assertNotEqual(signed, signed_after_renew)