def test_nonce_validation(self): nm = SignedNonceManager(timeout=0.1) request = make_request(HTTP_USER_AGENT="good-user") # malformed nonces should be invalid self.failIf(nm.is_valid_nonce("", request)) self.failIf(nm.is_valid_nonce("IHACKYOU", request)) # immediately-generated nonces should be valid. nonce = nm.generate_nonce(request) self.failUnless(nm.is_valid_nonce(nonce, request)) # tampered-with nonces should be invalid self.failIf(nm.is_valid_nonce(nonce + "IHACKYOU", request)) # nonces are only valid for specific user-agent request2 = make_request(HTTP_USER_AGENT="nasty-hacker") self.failIf(nm.is_valid_nonce(nonce, request2)) # expired nonces should be invalid self.failUnless(nm.is_valid_nonce(nonce, request)) time.sleep(0.1) self.failIf(nm.is_valid_nonce(nonce, request))
def test_next_nonce_generation(self): nm = SignedNonceManager(soft_timeout=0.1) request = make_request() nonce1 = nm.generate_nonce(request) self.failUnless(nm.is_valid_nonce(nonce1, request)) # next-nonce is not generated until the soft timeout expires. self.assertEquals(nm.get_next_nonce(nonce1, request), None) time.sleep(0.1) nonce2 = nm.get_next_nonce(nonce1, request) self.assertNotEquals(nonce2, None) self.assertNotEquals(nonce2, nonce1) self.failUnless(nm.is_valid_nonce(nonce1, request)) self.failUnless(nm.is_valid_nonce(nonce2, request))
def test_auto_purging_of_expired_nonces(self): nm = SignedNonceManager(timeout=0.2) request = make_request() nonce1 = nm.generate_nonce(request) nm.set_nonce_count(nonce1, 1) time.sleep(0.1) # nonce1 hasn't expired, so adding a new one won't purge it nonce2 = nm.generate_nonce(request) nm.set_nonce_count(nonce2, 1) self.assertEquals(nm.get_nonce_count(nonce1), 1) time.sleep(0.1) # nonce1 has expired, it should be purged when adding another. # nonce2 hasn't expired so it should remain in memory. nonce3 = nm.generate_nonce(request) nm.set_nonce_count(nonce3, 1) self.assertEquals(nm.get_nonce_count(nonce1), None) self.assertEquals(nm.get_nonce_count(nonce2), 1)
def test_nonce_count_management(self): nm = SignedNonceManager(timeout=0.1) request = make_request() nonce1 = nm.generate_nonce(request) self.assertEquals(nm.get_nonce_count(nonce1), None) nm.set_nonce_count(nonce1, 1) self.assertEquals(nm.get_nonce_count(nonce1), 1) # purging won't remove it until it has expired. nm._purge_expired_nonces() self.assertEquals(nm.get_nonce_count(nonce1), 1) time.sleep(0.1) nm._purge_expired_nonces() self.assertEquals(nm.get_nonce_count(nonce1), None)