Python CSRFProtector示例

编程语言: Python

命名空间/包名称: tiddlywebplugins.csrf

类/类型: CSRFProtector

hotexamples.com的示例: 4

Python CSRFProtector - 已找到4个示例。这些是从开源项目中提取的最受好评的tiddlywebplugins.csrf.CSRFProtector现实Python示例。您可以评价示例，以帮助我们提高示例质量。

常用方法

显示隐藏

check_csrf(4)

示例#1

显示文件

文件： test_post_validate.py 项目： tiddlyweb/tiddlywebplugins.csrf

def test_validator_no_nonce():
    """
    test the validator directly
    ensure that it fails when the nonce is not present
    """
    try:
        csrf = CSRFProtector({})
        csrf.check_csrf({}, None)
        raise AssertionError("check_csrf succeeded when no csrf_token supplied")
    except InvalidNonceError, exc:
        assert exc.message == "No csrf_token supplied"

示例#2

显示文件

文件： test_post_validate.py 项目： tiddlyweb/tiddlywebplugins.csrf

def test_validator_nonce_fail():
    """
    test the validator directly
    ensure that it fails when the nonce doesn't match
    """
    nonce = "dwaoiju277218ywdhdnakas72"
    username = u"f\u00F6o"
    secret = "12345"
    environ = {
        "tiddlyweb.usersign": {"name": username},
        "tiddlyweb.config": {"secret": secret, "server_host": {"host": "0.0.0.0", "port": "8080"}},
        "HTTP_HOST": "foo.0.0.0.0:8080",
    }

    try:
        csrf = CSRFProtector({})
        csrf.check_csrf(environ, nonce)
        raise AssertionError("check_csrf succeeded when nonce didn't match")
    except InvalidNonceError, exc:
        assert exc.message == BAD_MATCH_MESSAGE

示例#3

显示文件

文件： test_post_validate.py 项目： tiddlyweb/tiddlywebplugins.csrf

def test_validator_nonce_success():
    """
    test the validator directly
    ensure that it succeeds when the nonce passed in is correct
    """
    username = u"f\u00F6o"
    hostname = "foo.0.0.0.0:8080"
    secret = "12345"
    timestamp = datetime.utcnow().strftime("%Y%m%d%H")
    nonce = "%s:%s:%s" % (timestamp, username, sha("%s:%s:%s:%s" % (username, timestamp, hostname, secret)).hexdigest())
    environ = {
        "tiddlyweb.usersign": {"name": username},
        "tiddlyweb.config": {"secret": secret, "server_host": {"host": "0.0.0.0", "port": "8080"}},
        "HTTP_HOST": "foo.0.0.0.0:8080",
    }

    csrf = CSRFProtector({})
    result = csrf.check_csrf(environ, nonce)

    assert result is True

示例#4

显示文件

文件： test_post_validate.py 项目： tiddlyweb/tiddlywebplugins.csrf

def test_validator_nonce_hash_fail():
    """
    test the validator directly
    ensure that it fails when the hash section of the nonce is incorrect
    """
    username = u"f\u00F6o"
    hostname = "foo.0.0.0.0:8080"
    secret = "12345"
    timestamp = datetime.utcnow().strftime("%Y%m%d%H")
    nonce = "%s:%s:dwaoiju277218ywdhdnakas72" % (timestamp, username)
    environ = {
        "tiddlyweb.usersign": {"name": username},
        "tiddlyweb.config": {"secret": secret, "server_host": {"host": "0.0.0.0", "port": "8080"}},
        "HTTP_HOST": hostname,
    }

    try:
        csrf = CSRFProtector({})
        csrf.check_csrf(environ, nonce)
        raise AssertionError("check_csrf succeeded when nonce didn't match")
    except InvalidNonceError, exc:
        assert exc.message == BAD_MATCH_MESSAGE