def test_token_validation(self):
manager = SignedTokenManager(timeout=0.2)
token, secret = manager.make_token({"email":"tester"})
# Proper token == valid.
data, secret2 = manager.parse_token(token)
self.assertEquals(data["repoze.who.userid"], "tester")
self.assertEquals(secret, secret2)
# Bad signature == not valid.
bad_token = token[:-1] + ("X" if token[-1] == "Z" else "Z")
self.assertRaises(ValueError, manager.parse_token, bad_token)
bad_token = ("X"*50).encode("base64").strip()
self.assertRaises(ValueError, manager.parse_token, bad_token)
# Modified payload == not valid.
bad_token = "admin" + token[6:]
self.assertRaises(ValueError, manager.parse_token, bad_token)
# Expired token == not valid.
time.sleep(0.2)
self.assertRaises(ValueError, manager.parse_token, token)
def test_token_validation(self):
manager = SignedTokenManager(timeout=0.2)
request = FakeRequest()
token, secret, _ = manager.make_token(request, {"email": "tester"})
# Proper token == valid.
data, secret2 = manager.parse_token(token)
self.assertEquals(data["repoze.who.userid"], "tester")
self.assertEquals(secret, secret2)
# Bad signature == not valid.
bad_token = token[:-1] + ("X" if token[-1] == "Z" else "Z")
self.assertRaises(ValueError, manager.parse_token, bad_token)
bad_token = ("X" * 50).encode("base64").strip()
self.assertRaises(ValueError, manager.parse_token, bad_token)
# Modified payload == not valid.
bad_token = "admin" + token[6:]
self.assertRaises(ValueError, manager.parse_token, bad_token)
# Expired token == not valid.
time.sleep(0.2)
self.assertRaises(ValueError, manager.parse_token, token)
