def test_validtoken(self):
""" validate the token """
test_key, test_token = crypto.generate_token(
key='MoinMoin') # having some key value
result = crypto.valid_token(test_key, test_token)
assert result
test_key, test_token = crypto.generate_token() # key value is none
result = crypto.valid_token(test_key, test_token)
assert result
test_parts = test_token.split('-')
test_parts[0] = 'not_valid'
# changed value of the first part, should not be string
test_token_changed = '-'.join(test_parts)
result = crypto.valid_token(test_key, test_token_changed)
assert not result
test_key, test_token = 'MoinMoin', 'incorrect_token'
result = crypto.valid_token(test_key, test_token)
assert not result
def validate_session(self, token):
""" Check if the session token is valid.
Invalid session tokens happen for these cases:
a) there are multiple sessions (different machines, different browsers)
open for same user. the user then changes the password in one of
these, which creates a new session key in the profile also, which
invalidates all sessions everywhere else for this user.
b) the user profile is gone (e.g. due to erasing the storage), then
a invalid session key will be read from the profile (from cfg.user_defaults)
that will never validate against the session key read from the
session.
"""
# Ignore timeout, it's already handled by session cookie and session key should never timeout.
return valid_token(self.profile[SESSION_KEY], token, None)
def validate_recovery_token(self, token):
return valid_token(self.profile[RECOVERPASS_KEY], token)