def test_credentials(self): logging.debug('') logging.debug('test_credentials') # Basic form. owner = Credentials() if sys.platform == 'win32' and not HAVE_PYWIN32: self.assertEqual('%s' % owner, owner.user + ' (transient)') else: self.assertEqual('%s' % owner, owner.user) # Comparison. user = Credentials() self.assertEqual(user, owner) user.user = '******' self.assertNotEqual(user, owner) self.assertNotEqual(user, 'xyzzy') # Thread storage. try: del threading.current_thread().credentials # Ensure empty. except AttributeError: pass self.assertEqual(get_credentials(), owner) # Sign/verify. encoded = owner.encode() Credentials.verify(encoded, allowed_users=None) # 'First sighting'. Credentials.verify(encoded, allowed_users=None) # Cached verification. data, signature, client_creds = encoded encoded = (data[:1], signature, client_creds) assert_raises(self, 'Credentials.verify(encoded, None)', globals(), locals(), CredentialsError, 'Invalid data') encoded = (data[:-1], signature, client_creds) assert_raises(self, 'Credentials.verify(encoded, None)', globals(), locals(), CredentialsError, 'Invalid signature') encoded = (data, signature[:-1], client_creds) assert_raises(self, 'Credentials.verify(encoded, None)', globals(), locals(), CredentialsError, 'Invalid signature') newline = data.find('\n') # .user newline = data.find('\n', newline + 1) # .transient # Expecting '-' mangled = data[:newline + 1] + '*' + data[newline + 2:] encoded = (mangled, signature, client_creds) assert_raises(self, 'Credentials.verify(encoded, None)', globals(), locals(), CredentialsError, 'Invalid key') # Detect mismatched key. get_key_pair(owner.user, overwrite_cache=True) spook = Credentials() encoded = spook.encode() assert_raises(self, 'Credentials.verify(encoded, None)', globals(), locals(), CredentialsError, 'Public key mismatch') # Check if remote access. self.assertFalse(remote_access())
def post(self): server_creds = Credentials() print 'server creds:\n', server_creds # single user... only allow same user@host as the server to log in allowed_users = {server_creds.user: server_creds.public_key} encoded = self.get_argument('encoded') client_creds = Credentials.verify(encoded, allowed_users) print 'client creds:\n', client_creds if client_creds: self.set_secure_cookie('user', client_creds.user) self.redirect('/')
def test_credentials(self): logging.debug('') logging.debug('test_credentials') # Basic form. owner = Credentials() if sys.platform == 'win32' and not HAVE_PYWIN32: self.assertEqual('%s' % owner, owner.user+' (transient)') else: self.assertEqual('%s' % owner, owner.user) # Comparison. user = Credentials() self.assertEqual(user, owner) user.user = '******' self.assertNotEqual(user, owner) self.assertNotEqual(user, 'xyzzy') # Thread storage. try: del threading.current_thread().credentials # Ensure empty. except AttributeError: pass self.assertEqual(get_credentials(), owner) # Sign/verify. encoded = owner.encode() Credentials.verify(encoded, allowed_users=None) # 'First sighting'. Credentials.verify(encoded, allowed_users=None) # Cached verification. data, signature, client_creds = encoded encoded = (data[:1], signature, client_creds) assert_raises(self, 'Credentials.verify(encoded, None)', globals(), locals(), CredentialsError, 'Invalid data') encoded = (data[:-1], signature, client_creds) assert_raises(self, 'Credentials.verify(encoded, None)', globals(), locals(), CredentialsError, 'Invalid signature') encoded = (data, signature[:-1], client_creds) assert_raises(self, 'Credentials.verify(encoded, None)', globals(), locals(), CredentialsError, 'Invalid signature') newline = data.find('\n') # .user newline = data.find('\n', newline+1) # .transient # Expecting '-' mangled = data[:newline+1] + '*' + data[newline+2:] encoded = (mangled, signature, client_creds) assert_raises(self, 'Credentials.verify(encoded, None)', globals(), locals(), CredentialsError, 'Invalid key') # Detect mismatched key. get_key_pair(owner.user, overwrite_cache=True) spook = Credentials() encoded = spook.encode() assert_raises(self, 'Credentials.verify(encoded, None)', globals(), locals(), CredentialsError, 'Public key mismatch') # Check if remote access. self.assertFalse(remote_access())