Пример #1
0
    def getXsrfToken(cls,
                     path=None,
                     method='POST',
                     data={},
                     site=None,
                     **extra):
        """Returns an XSRF token for request context.

    It is signed by Melange XSRF middleware.
    Add this token to POST data in order to pass the validation check of
    Melange XSRF middleware for HTTP POST.
    """
        """
    request = HttpRequest()
    request.path = path
    request.method = method
    """

        # request is currently not used in _getSecretKey
        class SiteContainingRequest(object):
            def __init__(self, site):
                if site:
                    self.site = site

        request = SiteContainingRequest(site)
        xsrf = XsrfMiddleware()
        key = xsrf._getSecretKey(request)
        user_id = xsrfutil._getCurrentUserId()
        xsrf_token = xsrfutil._generateToken(key, user_id)
        return xsrf_token
Пример #2
0
    def getXsrfToken(cls, path=None, method="POST", data=None, site=None, **extra):
        """Returns an XSRF token for request context.

    It is signed by Melange XSRF middleware.
    Add this token to POST data in order to pass the validation check of
    Melange XSRF middleware for HTTP POST.
    """

        # TODO(nathaniel): What? Commented-out code?
        """
    request = HttpRequest()
    request.path = path
    request.method = method
    """
        # request is currently not used in _getSecretKey
        class SiteContainingRequest(object):
            def __init__(self, site):
                if site:
                    self.site = site

        request = SiteContainingRequest(site)
        # TODO(nathaniel): module API violation.
        key = xsrf_middleware._GetSecretKey(request)
        user_id = xsrfutil._getCurrentUserId()
        xsrf_token = xsrfutil._generateToken(key, user_id)
        return xsrf_token
Пример #3
0
    def testValidateToken(self):
        """Test the validate token function."""
        # No token.
        self.assertRaises(xsrfutil.InvalidTokenException,
                          xsrfutil._validateToken, self.secret_key, '',
                          self.user_id)

        # Not a base64 decodeable token.
        self.assertRaises(xsrfutil.InvalidTokenException,
                          xsrfutil._validateToken, self.secret_key,
                          'QNotBase64', self.user_id)

        # Not a well-formed token
        self.assertRaises(xsrfutil.InvalidTokenException,
                          xsrfutil._validateToken, self.secret_key, 'a123',
                          self.user_id)

        # An out of date token, generated at epoch
        old_token = xsrfutil._generateToken(self.secret_key,
                                            self.user_id,
                                            when=1)
        self.assertRaises(xsrfutil.InvalidTokenException,
                          xsrfutil._validateToken, self.secret_key, old_token,
                          self.user_id)

        # A valid token issued for another user.
        self.assertRaises(xsrfutil.InvalidTokenException,
                          xsrfutil._validateToken, self.secret_key,
                          self.valid_token, 'SomeOtherUserId')

        # A valid token.
        xsrfutil._validateToken(self.secret_key, self.valid_token,
                                self.user_id)
Пример #4
0
  def testValidateToken(self):
    """Test the validate token function."""
    # No token.
    self.assertRaises(xsrfutil.InvalidTokenException, xsrfutil._validateToken,
                      self.secret_key, '', self.user_id)

    # Not a base64 decodeable token.
    self.assertRaises(xsrfutil.InvalidTokenException, xsrfutil._validateToken,
                      self.secret_key, 'QNotBase64', self.user_id)

    # Not a well-formed token
    self.assertRaises(xsrfutil.InvalidTokenException, xsrfutil._validateToken,
                      self.secret_key, 'a123', self.user_id)

    # An out of date token, generated at epoch
    old_token = xsrfutil._generateToken(self.secret_key, self.user_id, when=1)
    self.assertRaises(xsrfutil.InvalidTokenException, xsrfutil._validateToken,
                      self.secret_key, old_token, self.user_id)

    # A valid token issued for another user.
    self.assertRaises(xsrfutil.InvalidTokenException, xsrfutil._validateToken,
                      self.secret_key, self.valid_token, 'SomeOtherUserId')

    # A valid token.
    xsrfutil._validateToken(self.secret_key, self.valid_token, self.user_id)
Пример #5
0
 def getXsrfToken(self):
     """Returns an XSRF token for POST requests.
 """
     request = None
     xsrf = XsrfMiddleware()
     key = xsrf._getSecretKey(request)
     user_id = xsrfutil._getCurrentUserId()
     xsrf_token = xsrfutil._generateToken(key, user_id)
     return xsrf_token
Пример #6
0
 def getXsrfToken(self):
   """Returns an XSRF token for POST requests.
   """
   request = None
   xsrf = XsrfMiddleware()
   key = xsrf._getSecretKey(request)
   user_id = xsrfutil._getCurrentUserId()
   xsrf_token = xsrfutil._generateToken(key, user_id)
   return xsrf_token
Пример #7
0
  def getXsrfToken(cls, path=None, method='POST', data={}, **extra):
    """Returns an XSRF token for request context.

    It is signed by Melange XSRF middleware.
    Add this token to POST data in order to pass the validation check of
    Melange XSRF middleware for HTTP POST.
    """

    """
    request = HttpRequest()
    request.path = path
    request.method = method
    """
    # request is currently not used in _getSecretKey
    request = None
    xsrf = XsrfMiddleware()
    key = xsrf._getSecretKey(request)
    user_id = xsrfutil._getCurrentUserId()
    xsrf_token = xsrfutil._generateToken(key, user_id)
    return xsrf_token
Пример #8
0
 def setUp(self):
     self.user_id = '42'
     self.secret_key = 'secret_key'
     self.valid_token = xsrfutil._generateToken(self.secret_key,
                                                self.user_id,
                                                when=int(time.time()))
Пример #9
0
 def setUp(self):
   self.user_id = '42'
   self.secret_key = 'secret_key'
   self.valid_token = xsrfutil._generateToken(self.secret_key, self.user_id,
                                              when=int(time.time()))