def test_multiple_application_are_supported(self):
apps = "foo-1.1,bar-2.0,baz-2.1"
manager = SignedTokenManager(timeout=0.2, applications=apps)
# this should work as we have an application specified
request = FakeRequest({"application": "foo", "version": "1.1"})
token, secret, extra = manager.make_token(request, {"email": "tester"})
# asking for an unknown application should raise a 404
request = FakeRequest({"application": "undefined"})
self.assertRaises(HTTPNotFound, manager.make_token, request,
{"email": "tester"})
def test_multiple_application_are_supported(self):
apps = "foo-1.1,bar-2.0,baz-2.1"
manager = SignedTokenManager(timeout=0.2, applications=apps)
# this should work as we have an application specified
request = FakeRequest({"application": "foo", "version": "1.1"})
token, secret, extra = manager.make_token(request, {"email": "tester"})
# asking for an unknown application should raise a 404
request = FakeRequest({"application": "undefined"})
self.assertRaises(HTTPNotFound, manager.make_token, request,
{"email": "tester"})
def __init__(self,
audiences,
token_url=None,
token_manager=None,
verifier=None,
nonce_timeout=None):
if isinstance(audiences, basestring):
raise ValueError("\"audiences\" must be a list of strings")
# Fill in default values for any unspecified arguments.
# I'm not declaring defaults on the arguments themselves because
# we would then have to duplicate those defaults into make_plugin.
if token_url is None:
token_url = "/request_token"
if token_manager is None:
token_manager = SignedTokenManager()
if verifier is None:
verifier = vep.RemoteVerifier()
if nonce_timeout is None:
nonce_timeout = 60
# Now we can initialize.
self.audiences = audiences
if audiences:
audience_patterns = map(self._compile_audience_pattern, audiences)
self._audience_patterns = audience_patterns
self.token_url = token_url
self.token_manager = token_manager
self.verifier = verifier
try:
token_timeout = token_manager.timeout
except AttributeError:
token_timeout = None
self.nonce_timeout = nonce_timeout
self.nonce_manager = NonceManager(nonce_timeout, token_timeout)
def test_token_validation(self):
manager = SignedTokenManager(timeout=0.2)
token, secret = manager.make_token({"email":"tester"})
# Proper token == valid.
data, secret2 = manager.parse_token(token)
self.assertEquals(data["repoze.who.userid"], "tester")
self.assertEquals(secret, secret2)
# Bad signature == not valid.
bad_token = token[:-1] + ("X" if token[-1] == "Z" else "Z")
self.assertRaises(ValueError, manager.parse_token, bad_token)
bad_token = ("X"*50).encode("base64").strip()
self.assertRaises(ValueError, manager.parse_token, bad_token)
# Modified payload == not valid.
bad_token = "admin" + token[6:]
self.assertRaises(ValueError, manager.parse_token, bad_token)
# Expired token == not valid.
time.sleep(0.2)
self.assertRaises(ValueError, manager.parse_token, token)
def test_token_validation(self):
manager = SignedTokenManager(timeout=0.2)
request = FakeRequest()
token, secret, _ = manager.make_token(request, {"email": "tester"})
# Proper token == valid.
data, secret2 = manager.parse_token(token)
self.assertEquals(data["repoze.who.userid"], "tester")
self.assertEquals(secret, secret2)
# Bad signature == not valid.
bad_token = token[:-1] + ("X" if token[-1] == "Z" else "Z")
self.assertRaises(ValueError, manager.parse_token, bad_token)
bad_token = ("X" * 50).encode("base64").strip()
self.assertRaises(ValueError, manager.parse_token, bad_token)
# Modified payload == not valid.
bad_token = "admin" + token[6:]
self.assertRaises(ValueError, manager.parse_token, bad_token)
# Expired token == not valid.
time.sleep(0.2)
self.assertRaises(ValueError, manager.parse_token, token)
def test_token_dont_validate_without_a_userid(self):
manager = SignedTokenManager()
token, secret = manager.make_token({"permissions":"all"})
self.assertRaises(ValueError, manager.parse_token, token)
def test_loading_hashmod_by_string_name(self):
manager = SignedTokenManager(hashmod="md5")
self.assertTrue(manager.hashmod is hashlib.md5)
def test_token_dont_validate_without_a_userid(self):
manager = SignedTokenManager()
request = FakeRequest()
token, secret, _ = manager.make_token(request, {"permissions": "all"})
self.assertRaises(ValueError, manager.parse_token, token)
def test_specifying_no_applications_works(self):
manager = SignedTokenManager(timeout=0.2)
manager.make_token(FakeRequest(), {"email": "tester"})
def test_specifying_no_applications_works(self):
manager = SignedTokenManager(timeout=0.2)
manager.make_token(FakeRequest(), {"email": "tester"})
