예제 #1
0
def test_verify_signed_user_url_wrong_userid(dummy_user, create_user):
    # this test is a bit stupid, because the only way we can fail this
    # check is if two users have the same signing_secret AND someone
    # changes the user id at the beginning of the token
    user = create_user(123)
    user.signing_secret = dummy_user.signing_secret
    url = signed_url_for_user(dummy_user, 'core.contact')
    url = url.replace(f'user_token={dummy_user.id}', f'user_token={user.id}')
    with pytest.raises(BadRequest) as exc_info:
        verify_signed_user_url(url, 'GET')
    assert 'The persistent link you used is invalid' in str(exc_info.value)
예제 #2
0
def test_verify_signed_user_url(dummy_user, url):
    # valid signature
    dummy_user.signing_secret = 'sixtynine'
    assert verify_signed_user_url(url, 'GET') == dummy_user

    # invalid method
    with pytest.raises(BadRequest) as exc_info:
        verify_signed_user_url(url, 'POST')
    assert 'The persistent link you used is invalid' in str(exc_info.value)

    # invalid url
    with pytest.raises(BadRequest) as exc_info:
        verify_signed_user_url(url.replace('?', '?x=y&'), 'GET')
    assert 'The persistent link you used is invalid' in str(exc_info.value)

    # invalid signature
    dummy_user.signing_secret = 'somethingelse'
    with pytest.raises(BadRequest) as exc_info:
        verify_signed_user_url(url, 'GET')
    assert 'The persistent link you used is invalid' in str(exc_info.value)
예제 #3
0
def test_verify_signed_user_url_bad_userid():
    with pytest.raises(BadRequest) as exc_info:
        verify_signed_user_url('/contact?user_token=x', 'GET')
    assert 'The persistent link you used is invalid' in str(exc_info.value)
예제 #4
0
def test_verify_signed_user_url_no_token():
    assert verify_signed_user_url('/contact', 'GET') is None
예제 #5
0
def test_verify_signed_user_url_invalid_user(dummy_user):
    url = signed_url_for_user(dummy_user, 'core.contact')
    url = url.replace('user_token=', 'user_token=111')
    with pytest.raises(BadRequest) as exc_info:
        verify_signed_user_url(url, 'GET')
    assert 'The persistent link you used is invalid' in str(exc_info.value)
예제 #6
0
def test_verify_signed_user_url_lists(dummy_user, args):
    dummy_user.signing_secret = 'sixtynine'
    url = signed_url_for_user(dummy_user, 'core.contact', foo=args)
    assert verify_signed_user_url(url, 'GET') == dummy_user