def inner(request, *args, **kwargs):
from debug_toolbar.forms import SignedDataForm
data = request.GET if request.method == "GET" else request.POST
signed_form = SignedDataForm(data)
if signed_form.is_valid():
return view(request,
*args,
verified_data=signed_form.verified_data(),
**kwargs)
return HttpResponseBadRequest("Invalid signature")
def test_prevents_tampering(self):
data = {
"signed": SIGNED_DATA.replace('"value": "foo"', '"value": "bar"')
}
form = SignedDataForm(data=data)
self.assertFalse(form.is_valid())
def test_signed_data(self):
data = {"signed": SignedDataForm.sign(DATA)}
form = SignedDataForm(data=data)
self.assertTrue(form.is_valid())
# Check the signature value
self.assertEqual(data["signed"], SIGNED_DATA)