def test_checkTokenCorruptBase64(self):
c = CsrfStopper("secret string")
i = "id"
token = c.makeToken(i)
self.assertRaises(RejectToken, lambda: c.checkToken(i, 'x' + token))
self.assertRaises(RejectToken, lambda: c.checkToken(i, 'xx' + token))
self.assertRaises(RejectToken, lambda: c.checkToken(i, token + 'x'))
def test_checkTokenCorruptBase64(self):
c = CsrfStopper("secret string")
i = "id"
token = c.makeToken(i)
self.assertRaises(RejectToken, lambda: c.checkToken(i, 'x' + token))
self.assertRaises(RejectToken, lambda: c.checkToken(i, 'xx' + token))
self.assertRaises(RejectToken, lambda: c.checkToken(i, token + 'x'))
def test_checkTokenWorks(self):
c = CsrfStopper("secret string")
i = "id"
token = c.makeToken(i)
# no exception
c.checkToken(i, token)
# wrong uuid
differentI = "id 2"
self.assertRaises(RejectToken, lambda: c.checkToken(differentI, token))
badToken = 'AAA' + token # still valid base64
self.assertRaises(RejectToken, lambda: c.checkToken(i, badToken))
def test_checkTokenWorks(self):
c = CsrfStopper("secret string")
i = "id"
token = c.makeToken(i)
# no exception
c.checkToken(i, token)
# wrong uuid
differentI = "id 2"
self.assertRaises(RejectToken, lambda: c.checkToken(differentI, token))
badToken = 'AAA' + token # still valid base64
self.assertRaises(RejectToken, lambda: c.checkToken(i, badToken))
def test_checkTokenWrongVersionIsRejected(self):
c = CsrfStopper("secret string")
i = "id"
token = c.makeToken(i)
bad = base64.urlsafe_b64decode(token)
bad = '\x00\x01' + bad[2:]
badToken2 = base64.urlsafe_b64encode(bad)
assert len(badToken2) == len(token)
self.assertRaises(RejectToken, lambda: c.checkToken(i, badToken2))
def test_checkTokenWrongVersionIsRejected(self):
c = CsrfStopper("secret string")
i = "id"
token = c.makeToken(i)
bad = base64.urlsafe_b64decode(token)
bad = '\x00\x01' + bad[2:]
badToken2 = base64.urlsafe_b64encode(bad)
assert len(badToken2) == len(token)
self.assertRaises(RejectToken, lambda: c.checkToken(i, badToken2))
