def test_full_urls(dummy_user):
dummy_user.signing_secret = 'aquarius'
url = signed_url_for(dummy_user, 'users.user_dashboard', url_params={'user_id': '71'}, _external=True)
assert url == 'http://localhost/user/71/dashboard/?token=OsONJbxTpPzUYtSxgykZP7NZUHg'
assert is_signed_url_valid(dummy_user, url)
# the hostname part, etc... shouldn't be included in the signature
assert is_signed_url_valid(dummy_user, 'http://indico.test/user/71/dashboard/?token=OsONJbxTpPzUYtSxgykZP7NZUHg')
def test_checking_signature(dummy_user):
dummy_user.signing_secret = 'sixtyten'
assert is_signed_url_valid(
dummy_user,
'/user/71/dashboard/?q=roygbiv&token=YNgcXP02LpIYCWMAN80xXg6l6jM')
assert not is_signed_url_valid(
dummy_user,
'/user/71/dashboard/?q=roygbeef&token=YNgcXP02LpIYCWMAN80xXg6l6jM')
assert not is_signed_url_valid(
dummy_user,
'/user/71/dashboard/?q=roygbiv&token=ZNgcXP02LpIYCWMAN80xXg6l6jM')
assert not is_signed_url_valid(dummy_user, '/user/71/dashboard/?q=roygbiv')
def _check_access(self):
token = request.args.get('token')
if not token or not is_signed_url_valid(self.user, request.full_path):
raise Forbidden