def test_make_token(self): """ Ensure that we can make a token and that it is valid """ user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw') p0 = PasswordResetTokenGenerator() tk1 = p0.make_token(user) self.assertTrue(p0.check_token(user, tk1))
def test_date_length(self): """ Make sure we don't allow overly long dates, causing a potential DoS. """ user = User.objects.create_user('ima1337h4x0r', '*****@*****.**', 'p4ssw0rd') p0 = PasswordResetTokenGenerator() # This will put a 14-digit base36 timestamp into the token, which is too large. tk1 = p0._make_token_with_timestamp(user, 175455491841851871349) self.assertFalse(p0.check_token(user, tk1))
def test_django12_hash(self): """ Ensure we can use the hashes generated by Django 1.2 """ # Hard code in the Django 1.2 algorithm (not the result, as it is time # dependent) def _make_token(user): from django.utils.hashcompat import sha_constructor from django.utils.http import int_to_base36 timestamp = (date.today() - date(2001,1,1)).days ts_b36 = int_to_base36(timestamp) hash = sha_constructor(settings.SECRET_KEY + unicode(user.id) + user.password + user.last_login.strftime('%Y-%m-%d %H:%M:%S') + unicode(timestamp)).hexdigest()[::2] return "%s-%s" % (ts_b36, hash) user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw') p0 = PasswordResetTokenGenerator() tk1 = _make_token(user) self.assertTrue(p0.check_token(user, tk1))