def test_multiple_application_are_supported(self): apps = "foo-1.1,bar-2.0,baz-2.1" manager = SignedTokenManager(timeout=0.2, applications=apps) # this should work as we have an application specified request = FakeRequest({"application": "foo", "version": "1.1"}) token, secret, extra = manager.make_token(request, {"email": "tester"}) # asking for an unknown application should raise a 404 request = FakeRequest({"application": "undefined"}) self.assertRaises(HTTPNotFound, manager.make_token, request, {"email": "tester"})
def test_multiple_application_are_supported(self): apps = "foo-1.1,bar-2.0,baz-2.1" manager = SignedTokenManager(timeout=0.2, applications=apps) # this should work as we have an application specified request = FakeRequest({"application": "foo", "version": "1.1"}) token, secret, extra = manager.make_token(request, {"email": "tester"}) # asking for an unknown application should raise a 404 request = FakeRequest({"application": "undefined"}) self.assertRaises(HTTPNotFound, manager.make_token, request, {"email": "tester"})
def __init__(self, audiences, token_url=None, token_manager=None, verifier=None, nonce_timeout=None): if isinstance(audiences, basestring): raise ValueError("\"audiences\" must be a list of strings") # Fill in default values for any unspecified arguments. # I'm not declaring defaults on the arguments themselves because # we would then have to duplicate those defaults into make_plugin. if token_url is None: token_url = "/request_token" if token_manager is None: token_manager = SignedTokenManager() if verifier is None: verifier = vep.RemoteVerifier() if nonce_timeout is None: nonce_timeout = 60 # Now we can initialize. self.audiences = audiences if audiences: audience_patterns = map(self._compile_audience_pattern, audiences) self._audience_patterns = audience_patterns self.token_url = token_url self.token_manager = token_manager self.verifier = verifier try: token_timeout = token_manager.timeout except AttributeError: token_timeout = None self.nonce_timeout = nonce_timeout self.nonce_manager = NonceManager(nonce_timeout, token_timeout)
def test_token_validation(self): manager = SignedTokenManager(timeout=0.2) token, secret = manager.make_token({"email":"tester"}) # Proper token == valid. data, secret2 = manager.parse_token(token) self.assertEquals(data["repoze.who.userid"], "tester") self.assertEquals(secret, secret2) # Bad signature == not valid. bad_token = token[:-1] + ("X" if token[-1] == "Z" else "Z") self.assertRaises(ValueError, manager.parse_token, bad_token) bad_token = ("X"*50).encode("base64").strip() self.assertRaises(ValueError, manager.parse_token, bad_token) # Modified payload == not valid. bad_token = "admin" + token[6:] self.assertRaises(ValueError, manager.parse_token, bad_token) # Expired token == not valid. time.sleep(0.2) self.assertRaises(ValueError, manager.parse_token, token)
def test_token_validation(self): manager = SignedTokenManager(timeout=0.2) request = FakeRequest() token, secret, _ = manager.make_token(request, {"email": "tester"}) # Proper token == valid. data, secret2 = manager.parse_token(token) self.assertEquals(data["repoze.who.userid"], "tester") self.assertEquals(secret, secret2) # Bad signature == not valid. bad_token = token[:-1] + ("X" if token[-1] == "Z" else "Z") self.assertRaises(ValueError, manager.parse_token, bad_token) bad_token = ("X" * 50).encode("base64").strip() self.assertRaises(ValueError, manager.parse_token, bad_token) # Modified payload == not valid. bad_token = "admin" + token[6:] self.assertRaises(ValueError, manager.parse_token, bad_token) # Expired token == not valid. time.sleep(0.2) self.assertRaises(ValueError, manager.parse_token, token)
def test_token_dont_validate_without_a_userid(self): manager = SignedTokenManager() token, secret = manager.make_token({"permissions":"all"}) self.assertRaises(ValueError, manager.parse_token, token)
def test_loading_hashmod_by_string_name(self): manager = SignedTokenManager(hashmod="md5") self.assertTrue(manager.hashmod is hashlib.md5)
def test_token_dont_validate_without_a_userid(self): manager = SignedTokenManager() request = FakeRequest() token, secret, _ = manager.make_token(request, {"permissions": "all"}) self.assertRaises(ValueError, manager.parse_token, token)
def test_specifying_no_applications_works(self): manager = SignedTokenManager(timeout=0.2) manager.make_token(FakeRequest(), {"email": "tester"})
def test_specifying_no_applications_works(self): manager = SignedTokenManager(timeout=0.2) manager.make_token(FakeRequest(), {"email": "tester"})