def test_validator_no_nonce():
    """
    test the validator directly
    ensure that it fails when the nonce is not present
    """
    try:
        csrf = CSRFProtector({})
        csrf.check_csrf({}, None)
        raise AssertionError("check_csrf succeeded when no csrf_token supplied")
    except InvalidNonceError, exc:
        assert exc.message == "No csrf_token supplied"
def test_validator_nonce_fail():
    """
    test the validator directly
    ensure that it fails when the nonce doesn't match
    """
    nonce = "dwaoiju277218ywdhdnakas72"
    username = u"f\u00F6o"
    secret = "12345"
    environ = {
        "tiddlyweb.usersign": {"name": username},
        "tiddlyweb.config": {"secret": secret, "server_host": {"host": "0.0.0.0", "port": "8080"}},
        "HTTP_HOST": "foo.0.0.0.0:8080",
    }

    try:
        csrf = CSRFProtector({})
        csrf.check_csrf(environ, nonce)
        raise AssertionError("check_csrf succeeded when nonce didn't match")
    except InvalidNonceError, exc:
        assert exc.message == BAD_MATCH_MESSAGE
def test_validator_nonce_success():
    """
    test the validator directly
    ensure that it succeeds when the nonce passed in is correct
    """
    username = u"f\u00F6o"
    hostname = "foo.0.0.0.0:8080"
    secret = "12345"
    timestamp = datetime.utcnow().strftime("%Y%m%d%H")
    nonce = "%s:%s:%s" % (timestamp, username, sha("%s:%s:%s:%s" % (username, timestamp, hostname, secret)).hexdigest())
    environ = {
        "tiddlyweb.usersign": {"name": username},
        "tiddlyweb.config": {"secret": secret, "server_host": {"host": "0.0.0.0", "port": "8080"}},
        "HTTP_HOST": "foo.0.0.0.0:8080",
    }

    csrf = CSRFProtector({})
    result = csrf.check_csrf(environ, nonce)

    assert result is True
def test_validator_nonce_hash_fail():
    """
    test the validator directly
    ensure that it fails when the hash section of the nonce is incorrect
    """
    username = u"f\u00F6o"
    hostname = "foo.0.0.0.0:8080"
    secret = "12345"
    timestamp = datetime.utcnow().strftime("%Y%m%d%H")
    nonce = "%s:%s:dwaoiju277218ywdhdnakas72" % (timestamp, username)
    environ = {
        "tiddlyweb.usersign": {"name": username},
        "tiddlyweb.config": {"secret": secret, "server_host": {"host": "0.0.0.0", "port": "8080"}},
        "HTTP_HOST": hostname,
    }

    try:
        csrf = CSRFProtector({})
        csrf.check_csrf(environ, nonce)
        raise AssertionError("check_csrf succeeded when nonce didn't match")
    except InvalidNonceError, exc:
        assert exc.message == BAD_MATCH_MESSAGE