def test_checkTokenCorruptBase64(self): c = CsrfStopper("secret string") i = "id" token = c.makeToken(i) self.assertRaises(RejectToken, lambda: c.checkToken(i, 'x' + token)) self.assertRaises(RejectToken, lambda: c.checkToken(i, 'xx' + token)) self.assertRaises(RejectToken, lambda: c.checkToken(i, token + 'x'))
def test_checkTokenWorks(self): c = CsrfStopper("secret string") i = "id" token = c.makeToken(i) # no exception c.checkToken(i, token) # wrong uuid differentI = "id 2" self.assertRaises(RejectToken, lambda: c.checkToken(differentI, token)) badToken = 'AAA' + token # still valid base64 self.assertRaises(RejectToken, lambda: c.checkToken(i, badToken))
def test_checkTokenWrongVersionIsRejected(self): c = CsrfStopper("secret string") i = "id" token = c.makeToken(i) bad = base64.urlsafe_b64decode(token) bad = '\x00\x01' + bad[2:] badToken2 = base64.urlsafe_b64encode(bad) assert len(badToken2) == len(token) self.assertRaises(RejectToken, lambda: c.checkToken(i, badToken2))