def test_attach_credentials(self): # Set up a test user. email = '*****@*****.**' user = User(email=email) # Attach the user's credentials to a test response. response = http.HttpResponse('test') auth.attach_credentials(response, user) # Make sure the response now contains a cookie with the correct # security token. self.assertTrue(auth._CHIRP_SECURITY_TOKEN_COOKIE in response.cookies) token = response.cookies[auth._CHIRP_SECURITY_TOKEN_COOKIE].value cred = auth._parse_security_token(token) self.assertEqual(email, cred.email)
def test_security_token_create_and_parse(self): # Set up a test user. email = '*****@*****.**' user = User(email=email) token = auth._create_security_token(user) # A new token should work fine and not be stale. cred = auth._parse_security_token(token) self.assertEqual(email, cred.email) self.assertFalse(cred.security_token_is_stale) # Don't accept time-traveling tokens. self.now -= 60 self.assertEqual(None, auth._parse_security_token(token)) # This token is still valid, but is stale. self.now += 0.75 * auth._TOKEN_TIMEOUT_S cred = auth._parse_security_token(token) self.assertEqual(email, cred.email) self.assertTrue(cred.security_token_is_stale) # Now the token has expired. self.now += 0.75 * auth._TOKEN_TIMEOUT_S self.assertEqual(None, auth._parse_security_token(token)) # Reject random garbage. for garbage in (None, '', 'garbage'): self.assertEqual(None, auth._parse_security_token(garbage))