def test_attach_credentials(self):
# Set up a test user.
email = '*****@*****.**'
user = User(email=email)
# Attach the user's credentials to a test response.
response = http.HttpResponse('test')
auth.attach_credentials(response, user)
# Make sure the response now contains a cookie with the correct
# security token.
self.assertTrue(auth._CHIRP_SECURITY_TOKEN_COOKIE in response.cookies)
token = response.cookies[auth._CHIRP_SECURITY_TOKEN_COOKIE].value
cred = auth._parse_security_token(token)
self.assertEqual(email, cred.email)
def test_attach_credentials(self):
# Set up a test user.
email = '*****@*****.**'
user = User(email=email)
# Attach the user's credentials to a test response.
response = http.HttpResponse('test')
auth.attach_credentials(response, user)
# Make sure the response now contains a cookie with the correct
# security token.
self.assertTrue(auth._CHIRP_SECURITY_TOKEN_COOKIE in response.cookies)
token = response.cookies[auth._CHIRP_SECURITY_TOKEN_COOKIE].value
cred = auth._parse_security_token(token)
self.assertEqual(email, cred.email)
def test_security_token_create_and_parse(self):
# Set up a test user.
email = '*****@*****.**'
user = User(email=email)
token = auth._create_security_token(user)
# A new token should work fine and not be stale.
cred = auth._parse_security_token(token)
self.assertEqual(email, cred.email)
self.assertFalse(cred.security_token_is_stale)
# Don't accept time-traveling tokens.
self.now -= 60
self.assertEqual(None, auth._parse_security_token(token))
# This token is still valid, but is stale.
self.now += 0.75 * auth._TOKEN_TIMEOUT_S
cred = auth._parse_security_token(token)
self.assertEqual(email, cred.email)
self.assertTrue(cred.security_token_is_stale)
# Now the token has expired.
self.now += 0.75 * auth._TOKEN_TIMEOUT_S
self.assertEqual(None, auth._parse_security_token(token))
# Reject random garbage.
for garbage in (None, '', 'garbage'):
self.assertEqual(None, auth._parse_security_token(garbage))
def test_security_token_create_and_parse(self):
# Set up a test user.
email = '*****@*****.**'
user = User(email=email)
token = auth._create_security_token(user)
# A new token should work fine and not be stale.
cred = auth._parse_security_token(token)
self.assertEqual(email, cred.email)
self.assertFalse(cred.security_token_is_stale)
# Don't accept time-traveling tokens.
self.now -= 60
self.assertEqual(None, auth._parse_security_token(token))
# This token is still valid, but is stale.
self.now += 0.75 * auth._TOKEN_TIMEOUT_S
cred = auth._parse_security_token(token)
self.assertEqual(email, cred.email)
self.assertTrue(cred.security_token_is_stale)
# Now the token has expired.
self.now += 0.75 * auth._TOKEN_TIMEOUT_S
self.assertEqual(None, auth._parse_security_token(token))
# Reject random garbage.
for garbage in (None, '', 'garbage'):
self.assertEqual(None, auth._parse_security_token(garbage))
