def test_validate_request_returns_true_when_valid_token_in_params(self): self.get_user_stub.return_value = 'test2@{}'.format( loanertest.USER_DOMAIN) self.request_webapp.params[constants.XSRF_PARAM] = ( xsrf._generate_token()) self.assertTrue( xsrf.validate_request(request=self.request_webapp, response=self.response))
def test_generate_token_using_user_id_and_secret(self): self.get_user_stub.return_value = 'test@{}'.format( loanertest.USER_DOMAIN) token1 = xsrf._generate_token(time=42) token2 = xsrf._generate_token(time=42) self.assertEqual(token1, token2) # Force a reload from datastore. xsrf._xsrf_secret = None token3 = xsrf._generate_token(time=42) self.assertEqual(token1, token3) # Different user. self.get_user_stub.return_value = 'test2@{}'.format( loanertest.USER_DOMAIN) token4 = xsrf._generate_token(time=42) self.assertNotEqual(token1, token4) # Reset secret key. self._reset_xsrf_secret() self.get_user_stub.return_value = 'test@{}'.format( loanertest.USER_DOMAIN) token5 = xsrf._generate_token(time=42) self.assertNotEqual(token1, token5)
def test_validate_request_returns_false_when_users_differ(self): xsrf.constants.ON_GAE = True self.get_user_stub.return_value = 'test@{}'.format( loanertest.USER_DOMAIN) self.request_webapp.headers[constants.XSRF_HEADER] = ( xsrf._generate_token()) self.get_user_stub.return_value = 'test2@{}'.format( loanertest.USER_DOMAIN) self.assertFalse( xsrf.validate_request(request=self.request_webapp, response=self.response)) self.response.delete_cookie.assert_called_once_with( constants.XSRF_COOKIE_NAME)
def test_generate_token_returns_empty_string_when_no_current_user(self): self.get_user_stub.return_value = None self.assertEqual('', xsrf._generate_token(time=6))
def test_validate_request_returns_true_when_valid_token_in_headers(self): self.get_user_stub.return_value = 'test@{}'.format( loanertest.USER_DOMAIN) self.request_webapp.headers[constants.XSRF_HEADER] = ( xsrf._generate_token()) self.assertTrue(xsrf.validate_request(request=self.request_webapp))