def test_plaintext_false_positives(self):
"""
Test verify_plaintext function will correctly detect invalid signatures.
"""
_ros = self.plaintext_client.resource_owner_secret
good_signature = \
sign_plaintext_with_client(
self.eg_signature_base_string,
self.plaintext_client)
bad_signature_produced_by_different_client_secret = \
sign_plaintext_with_client(
self.eg_signature_base_string,
MockClient(client_secret='wrong-secret',
resource_owner_secret=_ros))
bad_signature_produced_by_different_resource_owner_secret = \
sign_plaintext_with_client(
self.eg_signature_base_string,
MockClient(client_secret=self.plaintext_client.client_secret,
resource_owner_secret='wrong-secret'))
bad_signature_produced_with_no_resource_owner_secret = \
sign_plaintext_with_client(
self.eg_signature_base_string,
MockClient(client_secret=self.plaintext_client.client_secret))
bad_signature_produced_with_no_client_secret = \
sign_plaintext_with_client(
self.eg_signature_base_string,
MockClient(resource_owner_secret=_ros))
self.assertTrue(verify_plaintext(
MockRequest('POST',
'http://example.com/request',
self.eg_params,
good_signature),
self.plaintext_client.client_secret,
self.plaintext_client.resource_owner_secret))
for bad_signature in [
'',
'ZG9uJ3QgdHJ1c3QgbWUK', # random base64 encoded value
'altérer', # value with a non-ASCII character in it
bad_signature_produced_by_different_client_secret,
bad_signature_produced_by_different_resource_owner_secret,
bad_signature_produced_with_no_resource_owner_secret,
bad_signature_produced_with_no_client_secret,
]:
self.assertFalse(verify_plaintext(
MockRequest('POST',
'http://example.com/request',
self.eg_params,
bad_signature),
self.plaintext_client.client_secret,
self.plaintext_client.resource_owner_secret))
def test_sign_plaintext_with_client(self):
self.assertRaises(ValueError, sign_plaintext_with_client,
None, self.client)
self.client.decode()
sign = sign_plaintext_with_client(None, self.client)
self.assertEqual(sign, self.control_signature_plaintext)
def test_sign_plaintext_with_client(self):
self.assertRaises(ValueError, sign_plaintext_with_client,
None, self.client)
self.client.decode()
sign = sign_plaintext_with_client(None, self.client)
self.assertEqual(sign, self.control_signature_plaintext)
def test_sign_plaintext_with_client(self):
# With PLAINTEXT, the "signature" is always the same: regardless of the
# contents of the request. It is the concatenation of the encoded
# client_secret, an ampersand, and the encoded resource_owner_secret.
#
# That is why the spaces in the resource owner secret are "%20".
self.assertEqual(self.expected_signature_plaintext,
sign_plaintext_with_client(None, # request is ignored
self.plaintext_client))
self.assertTrue(verify_plaintext(
MockRequest('PUT',
'http://example.com/some-other-path',
[('description', 'request is ignored in PLAINTEXT')],
self.expected_signature_plaintext),
self.plaintext_client.client_secret,
self.plaintext_client.resource_owner_secret))