def test_random_token(): random_data = ( b"\xc3_.S\x17u\xa0_b\xa8P\xd9\xe0|j\xe0#\xb9\x9f\xef\x11\xdb\xdf\xf6" b"\xa1\xd9[R\xd6\xde'\xef") urandom = pretend.call_recorder(lambda size: random_data) assert (random_token( _urandom=urandom) == "w18uUxd1oF9iqFDZ4Hxq4CO5n-8R29_2odlbUtbeJ-8") assert urandom.calls == [pretend.call(32)]
def test_random_token(): random_data = ( b"\xc3_.S\x17u\xa0_b\xa8P\xd9\xe0|j\xe0#\xb9\x9f\xef\x11\xdb\xdf\xf6" b"\xa1\xd9[R\xd6\xde'\xef" ) urandom = pretend.call_recorder(lambda size: random_data) assert (random_token(_urandom=urandom) == "w18uUxd1oF9iqFDZ4Hxq4CO5n-8R29_2odlbUtbeJ-8") assert urandom.calls == [pretend.call(32)]
def _ensure_csrf_token(request): # Store a token in the session if one doesn't exist there already # Note: We have to use the private request._session because # request.session is not guaranteed to exist when this function is # called. if not request._session.get("user.csrf"): request._session["user.csrf"] = random_token() # Store the fact that CSRF is in use for this request on the request request._csrf = True
def csrf_cycle(session): # Store a token in the session if one doesn't exist there already # Note: We have to use the session inside of the environ dictionary # because request.session does not exist when this function runs session["user.csrf"] = random_token()