def test_next_nonce_generation(self):
nm = SignedNonceManager(soft_timeout=0.1)
request = make_request()
nonce1 = nm.generate_nonce(request)
self.failUnless(nm.is_valid_nonce(nonce1, request))
# next-nonce is not generated until the soft timeout expires.
self.assertEquals(nm.get_next_nonce(nonce1, request), None)
time.sleep(0.1)
nonce2 = nm.get_next_nonce(nonce1, request)
self.assertNotEquals(nonce2, None)
self.assertNotEquals(nonce2, nonce1)
self.failUnless(nm.is_valid_nonce(nonce1, request))
self.failUnless(nm.is_valid_nonce(nonce2, request))
def test_nonce_validation(self):
nm = SignedNonceManager(timeout=0.1)
request = make_request(HTTP_USER_AGENT="good-user")
# malformed nonces should be invalid
self.failIf(nm.is_valid_nonce("", request))
self.failIf(nm.is_valid_nonce("IHACKYOU", request))
# immediately-generated nonces should be valid.
nonce = nm.generate_nonce(request)
self.failUnless(nm.is_valid_nonce(nonce, request))
# tampered-with nonces should be invalid
self.failIf(nm.is_valid_nonce(nonce + "IHACKYOU", request))
# nonces are only valid for specific user-agent
request2 = make_request(HTTP_USER_AGENT="nasty-hacker")
self.failIf(nm.is_valid_nonce(nonce, request2))
# expired nonces should be invalid
self.failUnless(nm.is_valid_nonce(nonce, request))
time.sleep(0.1)
self.failIf(nm.is_valid_nonce(nonce, request))