def test_validator_nonce_success():
"""
test the validator directly
ensure that it succeeds when the nonce passed in is correct
"""
store = get_store(config)
username = '******'
spacename = 'foo'
secret = '12345'
timestamp = datetime.now().strftime('%Y%m%d%H')
nonce = '%s:%s:%s' % (
timestamp, username,
sha('%s:%s:%s:%s' %
(username, timestamp, spacename, secret)).hexdigest())
environ = {
'tiddlyweb.usersign': {
'name': username
},
'tiddlyweb.config': {
'secret': secret,
'server_host': {
'host': '0.0.0.0',
'port': '8080'
}
},
'HTTP_HOST': 'foo.0.0.0.0:8080'
}
make_fake_space(store, spacename)
csrf = CSRFProtector({})
result = csrf.check_csrf(environ, nonce)
assert result == True
def test_validator_nonce_fail():
"""
test the validator directly
ensure that it fails when the nonce doesn't match
"""
store = get_store(config)
nonce = 'dwaoiju277218ywdhdnakas72'
username = '******'
spacename = 'foo'
secret = '12345'
timestamp = datetime.now().strftime('%Y%m%d%H')
environ = {
'tiddlyweb.usersign': {
'name': username
},
'tiddlyweb.config': {
'secret': secret,
'server_host': {
'host': '0.0.0.0',
'port': '8080'
}
},
'HTTP_HOST': 'foo.0.0.0.0:8080'
}
make_fake_space(store, spacename)
try:
csrf = CSRFProtector({})
result = csrf.check_csrf(environ, nonce)
raise AssertionError('check_csrf succeeded when nonce didn\'t match')
except InvalidNonceError, exc:
assert exc.message == BAD_MATCH_MESSAGE
def test_validator_no_nonce():
"""
test the validator directly
ensure that it fails when the nonce is not present
"""
store = get_store(config)
try:
csrf = CSRFProtector({})
result = csrf.check_csrf({}, None)
raise AssertionError(
'check_csrf succeeded when no csrf_token supplied')
except InvalidNonceError, exc:
assert exc.message == 'No csrf_token supplied'