def inner(request, *args, **kwargs): from debug_toolbar.forms import SignedDataForm data = request.GET if request.method == "GET" else request.POST signed_form = SignedDataForm(data) if signed_form.is_valid(): return view(request, *args, verified_data=signed_form.verified_data(), **kwargs) return HttpResponseBadRequest("Invalid signature")
def test_prevents_tampering(self): data = { "signed": SIGNED_DATA.replace('"value": "foo"', '"value": "bar"') } form = SignedDataForm(data=data) self.assertFalse(form.is_valid())
def test_signed_data(self): data = {"signed": SignedDataForm.sign(DATA)} form = SignedDataForm(data=data) self.assertTrue(form.is_valid()) # Check the signature value self.assertEqual(data["signed"], SIGNED_DATA)