def test_validate_request_returns_true_when_valid_token_in_params(self):
self.get_user_stub.return_value = 'test2@{}'.format(
loanertest.USER_DOMAIN)
self.request_webapp.params[constants.XSRF_PARAM] = (
xsrf._generate_token())
self.assertTrue(
xsrf.validate_request(request=self.request_webapp,
response=self.response))
def test_generate_token_using_user_id_and_secret(self):
self.get_user_stub.return_value = 'test@{}'.format(
loanertest.USER_DOMAIN)
token1 = xsrf._generate_token(time=42)
token2 = xsrf._generate_token(time=42)
self.assertEqual(token1, token2)
# Force a reload from datastore.
xsrf._xsrf_secret = None
token3 = xsrf._generate_token(time=42)
self.assertEqual(token1, token3)
# Different user.
self.get_user_stub.return_value = 'test2@{}'.format(
loanertest.USER_DOMAIN)
token4 = xsrf._generate_token(time=42)
self.assertNotEqual(token1, token4)
# Reset secret key.
self._reset_xsrf_secret()
self.get_user_stub.return_value = 'test@{}'.format(
loanertest.USER_DOMAIN)
token5 = xsrf._generate_token(time=42)
self.assertNotEqual(token1, token5)
def test_validate_request_returns_false_when_users_differ(self):
xsrf.constants.ON_GAE = True
self.get_user_stub.return_value = 'test@{}'.format(
loanertest.USER_DOMAIN)
self.request_webapp.headers[constants.XSRF_HEADER] = (
xsrf._generate_token())
self.get_user_stub.return_value = 'test2@{}'.format(
loanertest.USER_DOMAIN)
self.assertFalse(
xsrf.validate_request(request=self.request_webapp,
response=self.response))
self.response.delete_cookie.assert_called_once_with(
constants.XSRF_COOKIE_NAME)
def test_generate_token_returns_empty_string_when_no_current_user(self):
self.get_user_stub.return_value = None
self.assertEqual('', xsrf._generate_token(time=6))
def test_validate_request_returns_true_when_valid_token_in_headers(self):
self.get_user_stub.return_value = 'test@{}'.format(
loanertest.USER_DOMAIN)
self.request_webapp.headers[constants.XSRF_HEADER] = (
xsrf._generate_token())
self.assertTrue(xsrf.validate_request(request=self.request_webapp))