def test_it_returns_svg(self): sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY) sig = sig[:8].decode("utf-8") url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig) r = self.client.get(url) self.assertContains(r, "#4c1")
def store_path(previous, hashlink): if previous != hashlink: session_id = signing.base64_hmac(SESSION_ID_SALT, str(request.user.id or request.session.session_key), None) models.HashlinkPathDocument.objects.create(previous=previous, current=hashlink, session_id=session_id) else: # TODO: Log, redundant pass
def test_it_returns_svg(self): sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY) sig = sig[:8].decode("utf-8") url = "/badge/{}/{}/foo.svg".format(self.alice.username, sig) resp = self.client.get(url) self.assertContains(resp, "svg", status_code=200)
def test_signature(self): "signature() method should generate a signature" signer = signing.Signer("predictable-secret") signer2 = signing.Signer("predictable-secret2") for s in ("hello", "3098247:529:087:", u"\u2019".encode("utf8")): self.assertEqual(signer.signature(s), signing.base64_hmac(signer.salt + "signer", s, "predictable-secret")) self.assertNotEqual(signer.signature(s), signer2.signature(s))
def test_it_returns_svg(self): sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY) sig = sig[:8] url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig) r = self.client.get(url) self.assertEqual(r["Access-Control-Allow-Origin"], "*") self.assertContains(r, "#4c1")
def setUp(self): super(BadgeTestCase, self).setUp() self.check = Check.objects.create(user=self.alice, tags="foo bar") sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY) sig = sig[:8] self.svg_url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig) self.json_url = "/badge/%s/%s/foo.json" % (self.alice.username, sig)
def test_it_handles_options(self): sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY) sig = sig[:8] url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig) r = self.client.options(url) self.assertEqual(r.status_code, 204) self.assertEqual(r["Access-Control-Allow-Origin"], "*")
def setUp(self): super(BadgeTestCase, self).setUp() self.check = Check.objects.create(project=self.project, tags="foo bar") sig = base64_hmac(str(self.project.badge_key), "foo", settings.SECRET_KEY) sig = sig[:8] self.svg_url = "/badge/%s/%s/foo.svg" % (self.project.badge_key, sig) self.json_url = "/badge/%s/%s/foo.json" % (self.project.badge_key, sig)
def test_it_returns_svg(self): sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY) sig = sig[:8].decode("utf-8") url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig) r = self.client.get(url) # Assert that the svg is returned self.assertEqual(r.status_code, 200)
def get_badge_url(username, tag, fmt="svg"): sig = base64_hmac(str(username), tag, settings.SECRET_KEY) if tag == "*": url = reverse("hc-badge-all", args=[username, sig[:8], fmt]) else: url = reverse("hc-badge", args=[username, sig[:8], tag, fmt]) return settings.SITE_ROOT + url
def test_it_returns_svg(self): sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY) sig = sig[:8].decode("utf-8") # generate url with the required args url = reverse('hc-badge', args=[self.alice.username, sig, 'foo']) response = self.client.get(url) # Assert that the svg is returned self.assertContains(response, "svg") # Check for svg tag in xml
def test_it_returns_svg(self): sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY) sig = sig[:8].decode("utf-8") url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig) r = self.client.get(url) ### Assert that the svg is returned self.assertIn("image/svg+xml", str(r))
def test_it_returns_svg(self): sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY) sig = sig[:8].decode("utf-8") url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig) r = self.client.get(url) # Assert that the svg is returned #Check if result is svg with green color self.assertContains(r, "svg")
def test_signature_with_salt(self): "signature(value, salt=...) should work" signer = signing.Signer('predictable-secret', salt='extra-salt') self.assertEqual( signer.signature('hello'), signing.base64_hmac('extra-salt' + 'signer', 'hello', 'predictable-secret')) self.assertNotEqual( signing.Signer('predictable-secret', salt='one').signature('hello'), signing.Signer('predictable-secret', salt='two').signature('hello'))
def test_it_handles_special_characters(self): self.check.tags = "db@dc1" self.check.save() sig = base64_hmac(str(self.project.badge_key), "db@dc1", settings.SECRET_KEY) sig = sig[:8] url = "/badge/%s/%s/db%%2540dc1.svg" % (self.project.badge_key, sig) r = self.client.get(url) self.assertEqual(r.status_code, 200)
def test_signature_with_salt(self): "signature(value, salt=...) should work" signer = signing.Signer("predictable-secret", salt="extra-salt") self.assertEqual( signer.signature("hello"), signing.base64_hmac("extra-salt" + "signer", "hello", "predictable-secret") ) self.assertNotEqual( signing.Signer("predictable-secret", salt="one").signature("hello"), signing.Signer("predictable-secret", salt="two").signature("hello"), )
def get_badge_url(username, tag, format="svg"): sig = base64_hmac(str(username), tag, settings.SECRET_KEY) if tag == "*": view = "hc-badge-json-all" if format == "json" else "hc-badge-all" url = reverse(view, args=[username, sig[:8]]) else: view = "hc-badge-json" if format == "json" else "hc-badge" url = reverse(view, args=[username, sig[:8], tag]) return settings.SITE_ROOT + url
def test_it_returns_svg(self): sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY) sig = sig[:8].decode("utf-8") url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig) r = self.client.get(url) svg_content = str(r.__dict__['_container'][0]) ### Assert that the svg is returned self.assertIn("<svg", svg_content)
def get_badge_url(username, tag, fmt="svg", with_late=False): sig = base64_hmac(str(username), tag, settings.SECRET_KEY)[:8] if not with_late: sig += "-2" if tag == "*": url = reverse("hc-badge-all", args=[username, sig, fmt]) else: url = reverse("hc-badge", args=[username, sig, tag, fmt]) return settings.SITE_ROOT + url
def test_it_returns_svg(self): sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY) sig = sig[:8].decode("utf-8") url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig) r = self.client.get(url) ### Assert the expected response status code self.assertEquals(r.status_code, 200) # assert svg is returned in response self.assertIn("image/svg+xml", str(r))
def create_hmac(self, update=False): ''' Creates a hmac for the Thing Optionally, use update=True to force regeneration of HMAC (via salt regeneration) ''' t = self._get_thing() if t is None: return None self.create_salt(update) # This depends on setting.SECRET_KEY which should be configured for the instance # Changing that will invalidate all hmacs. Deleting the salt will invalidate # just hmacs for this thing. return base64_hmac(t.metadata['salt'], t.fullpath, settings.SECRET_KEY)
def test_signature(self): "signature() method should generate a signature" signer = signing.Signer('predictable-secret') signer2 = signing.Signer('predictable-secret2') for s in ( b'hello', b'3098247:529:087:', '\u2019'.encode('utf-8'), ): self.assertEqual( signer.signature(s), signing.base64_hmac(signer.salt + 'signer', s, 'predictable-secret').decode() ) self.assertNotEqual(signer.signature(s), signer2.signature(s))
def test_signature(self): "signature() method should generate a signature" signer = signing.Signer('predictable-secret') signer2 = signing.Signer('predictable-secret2') for s in ( b'hello', b'3098247:529:087:', '\u2019'.encode(), ): self.assertEqual( signer.signature(s), signing.base64_hmac(signer.salt + 'signer', s, 'predictable-secret')) self.assertNotEqual(signer.signature(s), signer2.signature(s))
def is_hmac_valid(self): ''' Returns True if the hmac is valid for the Thing. ''' t = self._get_thing() if t is None: return False if 'salt' not in t.metadata: return False # This depends on setting.SECRET_KEY which should be configured for the instance # Changing that will invalidate all hmacs. Deleting the salt will invalidate # just hmacs for this thing. testmac = base64_hmac(t.metadata['salt'], t.fullpath, settings.SECRET_KEY) if constant_time_compare(self.hmac, testmac): return True return False
def test_signature_with_salt(self): "signature(value, salt=...) should work" signer = signing.Signer("predictable-secret", salt="extra-salt") self.assertEqual( signer.signature("hello"), signing.base64_hmac( "extra-salt" + "signer", "hello", "predictable-secret", algorithm=signer.algorithm, ), ) self.assertNotEqual( signing.Signer("predictable-secret", salt="one").signature("hello"), signing.Signer("predictable-secret", salt="two").signature("hello"), )
def test_signature(self): "signature() method should generate a signature" signer = signing.Signer("predictable-secret") signer2 = signing.Signer("predictable-secret2") for s in ( b"hello", b"3098247:529:087:", "\u2019".encode(), ): self.assertEqual( signer.signature(s), signing.base64_hmac( signer.salt + "signer", s, "predictable-secret", algorithm=signer.algorithm, ), ) self.assertNotEqual(signer.signature(s), signer2.signature(s))
def get_badge_url(username, tag): sig = base64_hmac(str(username), tag, settings.SECRET_KEY) url = reverse("hc-badge", args=[username, sig[:8], tag]) return settings.SITE_ROOT + url
def check_signature(username, tag, sig): ours = base64_hmac(str(username), tag, settings.SECRET_KEY) ours = ours[:8] return ours == sig
def check_signature(username, tag, sig): ours = base64_hmac(str(username), tag, settings.SECRET_KEY) ours = ours[:8].decode("utf-8") return ours == sig
def signature(self, value): signature = base64_hmac(self.salt + 'signer', value, self.key) # Convert the signature from bytes to str only on Python 3 return force_str(signature)
def signature(self, value): signature = base64_hmac(self.salt + "signer", value, self.key) # Convert the signature from bytes to str only on Python 3 return force_str(signature)