def testSignBlank(self):
"""Test round-trip sign, verify"""
k = UserKey(active=True)
k.save()
sig = k.sign('', 'yyy')
self.assertEqual(len(sig), 32)
self.assert_(k.verify('', 'yyy', sig))
def testSign(self):
"""Test round-trip sign, verify"""
k = UserKey(active=True)
k.save()
sig = k.sign('testing testing testing', 'xxx')
self.assertEqual(len(sig), 32)
self.assert_(k.verify('testing testing testing', 'xxx', sig))
def testAnonymousSeedReuse(self):
"""Test invalid reuse of seed"""
k = UserKey(active=True, user=None)
k.save()
url = 'http://localhost/test/'
signed = k.sign_url(url, 'reusemenot')
self.assert_(k.verify_url(signed)[0])
# seed shouldn't work twice
self.assertFalse(k.verify_url(signed)[0])
def testSignUrlAnonymous(self):
"""Test round-trip sign, verify"""
k = UserKey(active=True, user=None)
k.save()
url = 'http://localhost/test/'
signed = k.sign_url(url, 'zzz')
parsed = urlparse.urlsplit(signed)
qs = parse_qs(parsed.query)
self.assert_('seed' in qs)
self.assert_('user' not in qs)
self.assert_('sig' in qs)
self.assertEqual(qs['seed'][0], 'zzz')
self.assert_(k.verify_url(signed)[0])
def testSignUrlBadUser(self):
"""Test signature roundtrip with a real user"""
user = User.objects.create(username='******', is_active=True)
k = UserKey(active=True, user=user)
k.save()
url = 'http://localhost/test/'
signed = k.sign_url(url, 'uuu')
# bad username
bad = signed.replace('joe', 'bob')
self.assertFalse(k.verify_url(bad)[0])
# bad seed
bad = signed.replace('uuu','badseed')
self.assertFalse(k.verify_url(bad)[0])
def testSignUrlUser(self):
"""Test signature roundtrip with a real user"""
user = User.objects.create(username='******', is_active=True)
k = UserKey(active=True, user=user)
k.save()
url = 'http://localhost/test/'
signed = k.sign_url(url, 'uuu')
parsed = urlparse.urlsplit(signed)
qs = parse_qs(parsed.query)
self.assert_('seed' in qs)
self.assert_('user' in qs)
self.assertEqual(qs['user'][0], 'joe')
self.assert_('sig' in qs)
self.assertEqual(qs['seed'][0], 'uuu')
self.assert_(k.verify_url(signed)[0])
def testSignUrlAnonymousQuery(self):
"""Test round-trip sign, verify with GET params"""
k = UserKey(active=True, user=None)
k.save()
url = 'http://localhost/test/?arg=this&arg2=that'
signed = k.sign_url(url, '123')
parsed = urlparse.urlsplit(signed)
qs = parse_qs(parsed.query)
self.assert_('seed' in qs)
self.assert_('user' not in qs)
self.assert_('sig' in qs)
self.assertEqual(qs['seed'][0], '123')
self.assert_('arg' in qs)
self.assert_('arg2' in qs)
self.assert_(k.verify_url(signed)[0])
