def test_it_returns_svg(self):
sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY)
sig = sig[:8].decode("utf-8")
url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig)
r = self.client.get(url)
self.assertContains(r, "#4c1")
def test_it_returns_svg(self):
sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY)
sig = sig[:8].decode("utf-8")
url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig)
r = self.client.get(url)
self.assertContains(r, "#4c1")
def store_path(previous, hashlink):
if previous != hashlink:
session_id = signing.base64_hmac(SESSION_ID_SALT, str(request.user.id or request.session.session_key), None)
models.HashlinkPathDocument.objects.create(previous=previous, current=hashlink, session_id=session_id)
else:
# TODO: Log, redundant
pass
def test_it_returns_svg(self):
sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY)
sig = sig[:8].decode("utf-8")
url = "/badge/{}/{}/foo.svg".format(self.alice.username, sig)
resp = self.client.get(url)
self.assertContains(resp, "svg", status_code=200)
def test_signature(self):
"signature() method should generate a signature"
signer = signing.Signer("predictable-secret")
signer2 = signing.Signer("predictable-secret2")
for s in ("hello", "3098247:529:087:", u"\u2019".encode("utf8")):
self.assertEqual(signer.signature(s), signing.base64_hmac(signer.salt + "signer", s, "predictable-secret"))
self.assertNotEqual(signer.signature(s), signer2.signature(s))
def test_it_returns_svg(self):
sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY)
sig = sig[:8]
url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig)
r = self.client.get(url)
self.assertEqual(r["Access-Control-Allow-Origin"], "*")
self.assertContains(r, "#4c1")
def setUp(self):
super(BadgeTestCase, self).setUp()
self.check = Check.objects.create(user=self.alice, tags="foo bar")
sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY)
sig = sig[:8]
self.svg_url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig)
self.json_url = "/badge/%s/%s/foo.json" % (self.alice.username, sig)
def test_it_handles_options(self):
sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY)
sig = sig[:8]
url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig)
r = self.client.options(url)
self.assertEqual(r.status_code, 204)
self.assertEqual(r["Access-Control-Allow-Origin"], "*")
def setUp(self):
super(BadgeTestCase, self).setUp()
self.check = Check.objects.create(project=self.project, tags="foo bar")
sig = base64_hmac(str(self.project.badge_key), "foo", settings.SECRET_KEY)
sig = sig[:8]
self.svg_url = "/badge/%s/%s/foo.svg" % (self.project.badge_key, sig)
self.json_url = "/badge/%s/%s/foo.json" % (self.project.badge_key, sig)
def test_it_returns_svg(self):
sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY)
sig = sig[:8].decode("utf-8")
url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig)
r = self.client.get(url)
# Assert that the svg is returned
self.assertEqual(r.status_code, 200)
def get_badge_url(username, tag, fmt="svg"):
sig = base64_hmac(str(username), tag, settings.SECRET_KEY)
if tag == "*":
url = reverse("hc-badge-all", args=[username, sig[:8], fmt])
else:
url = reverse("hc-badge", args=[username, sig[:8], tag, fmt])
return settings.SITE_ROOT + url
def test_it_returns_svg(self):
sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY)
sig = sig[:8].decode("utf-8")
# generate url with the required args
url = reverse('hc-badge', args=[self.alice.username, sig, 'foo'])
response = self.client.get(url)
# Assert that the svg is returned
self.assertContains(response, "svg") # Check for svg tag in xml
def test_it_returns_svg(self):
sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY)
sig = sig[:8].decode("utf-8")
url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig)
r = self.client.get(url)
### Assert that the svg is returned
self.assertIn("image/svg+xml", str(r))
def test_it_returns_svg(self):
sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY)
sig = sig[:8].decode("utf-8")
url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig)
r = self.client.get(url)
# Assert that the svg is returned
#Check if result is svg with green color
self.assertContains(r, "svg")
def test_signature_with_salt(self):
"signature(value, salt=...) should work"
signer = signing.Signer('predictable-secret', salt='extra-salt')
self.assertEqual(
signer.signature('hello'),
signing.base64_hmac('extra-salt' + 'signer',
'hello', 'predictable-secret'))
self.assertNotEqual(
signing.Signer('predictable-secret', salt='one').signature('hello'),
signing.Signer('predictable-secret', salt='two').signature('hello'))
def test_it_handles_special_characters(self):
self.check.tags = "db@dc1"
self.check.save()
sig = base64_hmac(str(self.project.badge_key), "db@dc1", settings.SECRET_KEY)
sig = sig[:8]
url = "/badge/%s/%s/db%%2540dc1.svg" % (self.project.badge_key, sig)
r = self.client.get(url)
self.assertEqual(r.status_code, 200)
def test_signature_with_salt(self):
"signature(value, salt=...) should work"
signer = signing.Signer("predictable-secret", salt="extra-salt")
self.assertEqual(
signer.signature("hello"), signing.base64_hmac("extra-salt" + "signer", "hello", "predictable-secret")
)
self.assertNotEqual(
signing.Signer("predictable-secret", salt="one").signature("hello"),
signing.Signer("predictable-secret", salt="two").signature("hello"),
)
def get_badge_url(username, tag, format="svg"):
sig = base64_hmac(str(username), tag, settings.SECRET_KEY)
if tag == "*":
view = "hc-badge-json-all" if format == "json" else "hc-badge-all"
url = reverse(view, args=[username, sig[:8]])
else:
view = "hc-badge-json" if format == "json" else "hc-badge"
url = reverse(view, args=[username, sig[:8], tag])
return settings.SITE_ROOT + url
def test_it_returns_svg(self):
sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY)
sig = sig[:8].decode("utf-8")
url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig)
r = self.client.get(url)
svg_content = str(r.__dict__['_container'][0])
### Assert that the svg is returned
self.assertIn("<svg", svg_content)
def get_badge_url(username, tag, fmt="svg", with_late=False):
sig = base64_hmac(str(username), tag, settings.SECRET_KEY)[:8]
if not with_late:
sig += "-2"
if tag == "*":
url = reverse("hc-badge-all", args=[username, sig, fmt])
else:
url = reverse("hc-badge", args=[username, sig, tag, fmt])
return settings.SITE_ROOT + url
def get_badge_url(username, tag, format="svg"):
sig = base64_hmac(str(username), tag, settings.SECRET_KEY)
if tag == "*":
view = "hc-badge-json-all" if format == "json" else "hc-badge-all"
url = reverse(view, args=[username, sig[:8]])
else:
view = "hc-badge-json" if format == "json" else "hc-badge"
url = reverse(view, args=[username, sig[:8], tag])
return settings.SITE_ROOT + url
def test_it_returns_svg(self):
sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY)
sig = sig[:8].decode("utf-8")
url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig)
r = self.client.get(url)
### Assert the expected response status code
self.assertEquals(r.status_code, 200)
# assert svg is returned in response
self.assertIn("image/svg+xml", str(r))
def create_hmac(self, update=False):
'''
Creates a hmac for the Thing
Optionally, use update=True to force regeneration of HMAC (via salt regeneration)
'''
t = self._get_thing()
if t is None:
return None
self.create_salt(update)
# This depends on setting.SECRET_KEY which should be configured for the instance
# Changing that will invalidate all hmacs. Deleting the salt will invalidate
# just hmacs for this thing.
return base64_hmac(t.metadata['salt'], t.fullpath, settings.SECRET_KEY)
def test_signature(self):
"signature() method should generate a signature"
signer = signing.Signer('predictable-secret')
signer2 = signing.Signer('predictable-secret2')
for s in (
b'hello',
b'3098247:529:087:',
'\u2019'.encode('utf-8'),
):
self.assertEqual(
signer.signature(s),
signing.base64_hmac(signer.salt + 'signer', s, 'predictable-secret').decode()
)
self.assertNotEqual(signer.signature(s), signer2.signature(s))
def test_signature(self):
"signature() method should generate a signature"
signer = signing.Signer('predictable-secret')
signer2 = signing.Signer('predictable-secret2')
for s in (
b'hello',
b'3098247:529:087:',
'\u2019'.encode(),
):
self.assertEqual(
signer.signature(s),
signing.base64_hmac(signer.salt + 'signer', s,
'predictable-secret'))
self.assertNotEqual(signer.signature(s), signer2.signature(s))
def is_hmac_valid(self):
'''
Returns True if the hmac is valid for the Thing.
'''
t = self._get_thing()
if t is None:
return False
if 'salt' not in t.metadata:
return False
# This depends on setting.SECRET_KEY which should be configured for the instance
# Changing that will invalidate all hmacs. Deleting the salt will invalidate
# just hmacs for this thing.
testmac = base64_hmac(t.metadata['salt'], t.fullpath,
settings.SECRET_KEY)
if constant_time_compare(self.hmac, testmac):
return True
return False
def test_signature_with_salt(self):
"signature(value, salt=...) should work"
signer = signing.Signer("predictable-secret", salt="extra-salt")
self.assertEqual(
signer.signature("hello"),
signing.base64_hmac(
"extra-salt" + "signer",
"hello",
"predictable-secret",
algorithm=signer.algorithm,
),
)
self.assertNotEqual(
signing.Signer("predictable-secret",
salt="one").signature("hello"),
signing.Signer("predictable-secret",
salt="two").signature("hello"),
)
def test_signature(self):
"signature() method should generate a signature"
signer = signing.Signer("predictable-secret")
signer2 = signing.Signer("predictable-secret2")
for s in (
b"hello",
b"3098247:529:087:",
"\u2019".encode(),
):
self.assertEqual(
signer.signature(s),
signing.base64_hmac(
signer.salt + "signer",
s,
"predictable-secret",
algorithm=signer.algorithm,
),
)
self.assertNotEqual(signer.signature(s), signer2.signature(s))
def get_badge_url(username, tag):
sig = base64_hmac(str(username), tag, settings.SECRET_KEY)
url = reverse("hc-badge", args=[username, sig[:8], tag])
return settings.SITE_ROOT + url
def get_badge_url(username, tag):
sig = base64_hmac(str(username), tag, settings.SECRET_KEY)
url = reverse("hc-badge", args=[username, sig[:8], tag])
return settings.SITE_ROOT + url
def check_signature(username, tag, sig):
ours = base64_hmac(str(username), tag, settings.SECRET_KEY)
ours = ours[:8]
return ours == sig
def check_signature(username, tag, sig):
ours = base64_hmac(str(username), tag, settings.SECRET_KEY)
ours = ours[:8].decode("utf-8")
return ours == sig
def signature(self, value):
signature = base64_hmac(self.salt + 'signer', value, self.key)
# Convert the signature from bytes to str only on Python 3
return force_str(signature)
def signature(self, value):
signature = base64_hmac(self.salt + "signer", value, self.key)
# Convert the signature from bytes to str only on Python 3
return force_str(signature)
