def test_sign_uses_correct_key(self): "If a key is provided, sign should use it; otherwise, use SECRET_KEY" s = 'This is a string' self.assertEqual(signed.sign(s), s + '.' + signed.base64_hmac(s, settings.SECRET_KEY)) self.assertEqual(signed.sign(s, 'sekrit'), s + '.' + signed.base64_hmac(s, 'sekrit'))
def test_sign_uses_correct_key(self): "If a key is provided, sign should use it; otherwise, use SECRET_KEY" s = 'This is a string' self.assertEqual( signed.sign(s), s + '.' + signed.base64_hmac(s, settings.SECRET_KEY) ) self.assertEqual( signed.sign(s, 'sekrit'), s + '.' + signed.base64_hmac(s, 'sekrit') )
def unsign_detects_tampering(self): value = "Another string" signed_value = signed.sign(value) transforms = (lambda s: s.upper(), lambda s: s + "a", lambda s: "a" + s[1:], lambda s: s.replace(":", "")) self.assertEqual(value, signed.unsign(signed_value)) for transform in transforms: self.assertRaises(signed.BadSignature, signed.unsign, transform(signed_value))
def generate_recovery_code(self, user): # Code is {hex-days}.{hex-userid}.{signature} days = int_to_hex( (datetime.date.today() - self.recovery_origin_date).days) token = '%s.%s' % (days, int_to_hex(user.id)) return signed.sign( token, key=(self.recovery_link_secret or settings.SECRET_KEY) + self.recovery_link_salt)
def generate_recovery_code(self, user): # Code is {hex-days}.{hex-userid}.{signature} days = int_to_hex( (datetime.date.today() - self.recovery_origin_date).days ) token = '%s.%s' % (days, int_to_hex(user.id)) return signed.sign(token, key = ( self.recovery_link_secret or settings.SECRET_KEY ) + self.recovery_link_salt)
def sign_is_reversible(self): examples = ( 'q;wjmbk;wkmb', '3098247529087', '3098247:529:087:', 'jkw osanteuh ,rcuh nthu aou oauh ,ud du', u'\u2019'.encode('utf8'), ) for example in examples: self.assert_(example != signed.sign(example)) self.assertEqual(example, signed.unsign(utils.sign(example)))
def sign_is_reversible(self): examples = ( "q;wjmbk;wkmb", "3098247529087", "3098247:529:087:", "jkw osanteuh ,rcuh nthu aou oauh ,ud du", u"\u2019".encode("utf8"), ) for example in examples: self.assert_(example != signed.sign(example)) self.assertEqual(example, signed.unsign(utils.sign(example)))
def unsign_detects_tampering(self): value = 'Another string' signed_value = signed.sign(value) transforms = ( lambda s: s.upper(), lambda s: s + 'a', lambda s: 'a' + s[1:], lambda s: s.replace(':', ''), ) self.assertEqual(value, signed.unsign(signed_value)) for transform in transforms: self.assertRaises(signed.BadSignature, signed.unsign, transform(signed_value))
def unsign_detects_tampering(self): value = 'Another string' signed_value = signed.sign(value) transforms = ( lambda s: s.upper(), lambda s: s + 'a', lambda s: 'a' + s[1:], lambda s: s.replace(':', ''), ) self.assertEqual(value, signed.unsign(signed_value)) for transform in transforms: self.assertRaises( signed.BadSignature, signed.unsign, transform(signed_value) )
def generate_confirm_code(self, user): return signed.sign(str(user.id), key = ( self.confirm_link_secret or settings.SECRET_KEY ) + self.confirm_link_salt)
def generate_confirm_code(self, user): return signed.sign( int_to_hex(user.id), key=(self.confirm_link_secret or settings.SECRET_KEY) + self.confirm_link_salt)
def test_sign_uses_correct_key(self): "If a key is provided, sign should use it; otherwise, use SECRET_KEY" s = "This is a string" self.assertEqual(signed.sign(s), s + "." + signed.base64_sha1(s + settings.SECRET_KEY)) self.assertEqual(signed.sign(s, "sekrit"), s + "." + signed.base64_sha1(s + "sekrit"))