def test_nonces_dont_keep_growing(self):
u = self.make_user('*****@*****.**')
# Subsequent calls for make_for overwrite existing nonce
# values of the same type.
value1 = UserNonce.make_for(u, "type1").value
value2 = UserNonce.make_for(u, "type1").value
self.assertNotEquals(value1, value2)
self.assertEquals(1, UserNonce.all().ancestor(u).count())
def validate_signature_for(self, user_data):
nonce_entity = UserNonce.get_for(user_data, "https_transfer")
if nonce_entity is None:
return False
nonce = nonce_entity.value
expected = BaseSecureToken.sign_payload(user_data, self.timestamp,
nonce)
return expected == self.signature
def make_token_signature(user_data, timestamp):
if not user_data.credential_version:
raise TokenError("Can't make password reset token for "
"user with no password.")
nonce = UserNonce.make_for(user_data, "pw_reset").value
return BaseSecureToken.sign_payload(user_data, timestamp, nonce,
user_data.credential_version)
def validate_signature_for(self, user_data):
nonce_entity = UserNonce.get_for(user_data, "https_transfer")
if nonce_entity is None:
return False
nonce = nonce_entity.value
expected = BaseSecureToken.sign_payload(user_data,
self.timestamp,
nonce)
return expected == self.signature
def validate_signature_for(self, user_data):
nonce_entity = UserNonce.get_for(user_data, "pw_reset")
if nonce_entity is None:
return False
nonce = nonce_entity.value
expected = BaseSecureToken.sign_payload(user_data, self.timestamp,
nonce,
user_data.credential_version)
return expected == self.signature
def make_token_signature(user_data, timestamp):
if not user_data.credential_version:
raise TokenError("Can't make password reset token for "
"user with no password.")
nonce = UserNonce.make_for(user_data, "pw_reset").value
return BaseSecureToken.sign_payload(user_data,
timestamp,
nonce,
user_data.credential_version)
def validate_signature_for(self, user_data):
nonce_entity = UserNonce.get_for(user_data, "pw_reset")
if nonce_entity is None:
return False
nonce = nonce_entity.value
expected = BaseSecureToken.sign_payload(user_data,
self.timestamp,
nonce,
user_data.credential_version)
return expected == self.signature
def test_nonce_values_are_user_specific(self):
bob = self.make_user('*****@*****.**')
joe = self.make_user('*****@*****.**')
UserNonce.make_for(bob, "type")
self.assertTrue(UserNonce.get_for(joe, "type") is None)
def test_nonce_types_distinct(self):
u = self.make_user('*****@*****.**')
type1 = UserNonce.make_for(u, "type1")
self.assertTrue(UserNonce.get_for(u, "type2") is None)
self.assertEquals(type1.value, UserNonce.get_for(u, "type1").value)
def make_token_signature(user_data, timestamp):
nonce = UserNonce.make_for(user_data, "https_transfer").value
return BaseSecureToken.sign_payload(user_data, timestamp, nonce)
def make_token_signature(user_data, timestamp):
nonce = UserNonce.make_for(user_data, "https_transfer").value
return BaseSecureToken.sign_payload(user_data, timestamp, nonce)
