Exemplo n.º 1
0
	def test_checkTokenCorruptBase64(self):
		c = CsrfStopper("secret string")
		i = "id"
		token = c.makeToken(i)

		self.assertRaises(RejectToken, lambda: c.checkToken(i, 'x' + token))
		self.assertRaises(RejectToken, lambda: c.checkToken(i, 'xx' + token))

		self.assertRaises(RejectToken, lambda: c.checkToken(i, token + 'x'))
Exemplo n.º 2
0
    def test_checkTokenCorruptBase64(self):
        c = CsrfStopper("secret string")
        i = "id"
        token = c.makeToken(i)

        self.assertRaises(RejectToken, lambda: c.checkToken(i, 'x' + token))
        self.assertRaises(RejectToken, lambda: c.checkToken(i, 'xx' + token))

        self.assertRaises(RejectToken, lambda: c.checkToken(i, token + 'x'))
Exemplo n.º 3
0
	def test_checkTokenWorks(self):
		c = CsrfStopper("secret string")
		i = "id"

		token = c.makeToken(i)
		# no exception
		c.checkToken(i, token)

		# wrong uuid
		differentI = "id 2"
		self.assertRaises(RejectToken, lambda: c.checkToken(differentI, token))

		badToken = 'AAA' + token # still valid base64
		self.assertRaises(RejectToken, lambda: c.checkToken(i, badToken))
Exemplo n.º 4
0
    def test_checkTokenWorks(self):
        c = CsrfStopper("secret string")
        i = "id"

        token = c.makeToken(i)
        # no exception
        c.checkToken(i, token)

        # wrong uuid
        differentI = "id 2"
        self.assertRaises(RejectToken, lambda: c.checkToken(differentI, token))

        badToken = 'AAA' + token  # still valid base64
        self.assertRaises(RejectToken, lambda: c.checkToken(i, badToken))
Exemplo n.º 5
0
	def test_checkTokenWrongVersionIsRejected(self):
		c = CsrfStopper("secret string")
		i = "id"
		token = c.makeToken(i)

		bad = base64.urlsafe_b64decode(token)
		bad = '\x00\x01' + bad[2:]
		badToken2 = base64.urlsafe_b64encode(bad)
		assert len(badToken2) == len(token)

		self.assertRaises(RejectToken, lambda: c.checkToken(i, badToken2))
Exemplo n.º 6
0
    def test_checkTokenWrongVersionIsRejected(self):
        c = CsrfStopper("secret string")
        i = "id"
        token = c.makeToken(i)

        bad = base64.urlsafe_b64decode(token)
        bad = '\x00\x01' + bad[2:]
        badToken2 = base64.urlsafe_b64encode(bad)
        assert len(badToken2) == len(token)

        self.assertRaises(RejectToken, lambda: c.checkToken(i, badToken2))