def test_validator_nonce_fail(): """ test the validator directly ensure that it fails when the nonce doesn't match """ store = get_store(config) nonce = 'dwaoiju277218ywdhdnakas72' username = '******' spacename = 'foo' secret = '12345' timestamp = datetime.now().strftime('%Y%m%d%H') environ = { 'tiddlyweb.usersign': { 'name': username }, 'tiddlyweb.config': { 'secret': secret, 'server_host': { 'host': '0.0.0.0', 'port': '8080' } }, 'HTTP_HOST': 'foo.0.0.0.0:8080' } make_fake_space(store, spacename) try: csrf = CSRFProtector({}) result = csrf.check_csrf(environ, nonce) raise AssertionError('check_csrf succeeded when nonce didn\'t match') except InvalidNonceError, exc: assert exc.message == BAD_MATCH_MESSAGE
def test_validator_nonce_success(): """ test the validator directly ensure that it succeeds when the nonce passed in is correct """ store = get_store(config) username = '******' spacename = 'foo' secret = '12345' timestamp = datetime.now().strftime('%Y%m%d%H') nonce = '%s:%s:%s' % ( timestamp, username, sha('%s:%s:%s:%s' % (username, timestamp, spacename, secret)).hexdigest()) environ = { 'tiddlyweb.usersign': { 'name': username }, 'tiddlyweb.config': { 'secret': secret, 'server_host': { 'host': '0.0.0.0', 'port': '8080' } }, 'HTTP_HOST': 'foo.0.0.0.0:8080' } make_fake_space(store, spacename) csrf = CSRFProtector({}) result = csrf.check_csrf(environ, nonce) assert result == True
def test_validator_nonce_fail(): """ test the validator directly ensure that it fails when the nonce doesn't match """ store = get_store(config) nonce = 'dwaoiju277218ywdhdnakas72' username = '******' spacename = 'foo' secret = '12345' timestamp = datetime.now().strftime('%Y%m%d%H') environ = { 'tiddlyweb.usersign': {'name': username}, 'tiddlyweb.config': { 'secret': secret, 'server_host': { 'host': '0.0.0.0', 'port': '8080' } }, 'HTTP_HOST': 'foo.0.0.0.0:8080' } make_fake_space(store, spacename) try: csrf = CSRFProtector({}) result = csrf.check_csrf(environ, nonce) raise AssertionError('check_csrf succeeded when nonce didn\'t match') except InvalidNonceError, exc: assert exc.message == BAD_MATCH_MESSAGE
def test_validator_nonce_success(): """ test the validator directly ensure that it succeeds when the nonce passed in is correct """ store = get_store(config) username = '******' spacename = 'foo' secret = '12345' timestamp = datetime.now().strftime('%Y%m%d%H') nonce = '%s:%s:%s' % (timestamp, username, sha('%s:%s:%s:%s' % (username, timestamp, spacename, secret)). hexdigest()) environ = { 'tiddlyweb.usersign': {'name': username}, 'tiddlyweb.config': { 'secret': secret, 'server_host': { 'host': '0.0.0.0', 'port': '8080' } }, 'HTTP_HOST': 'foo.0.0.0.0:8080' } make_fake_space(store, spacename) csrf = CSRFProtector({}) result = csrf.check_csrf(environ, nonce) assert result == True
def test_validator_no_nonce(): """ test the validator directly ensure that it fails when the nonce is not present """ store = get_store(config) try: csrf = CSRFProtector({}) result = csrf.check_csrf({}, None) raise AssertionError('check_csrf succeeded when no csrf_token supplied') except InvalidNonceError, exc: assert exc.message == 'No csrf_token supplied'
def test_validator_no_nonce(): """ test the validator directly ensure that it fails when the nonce is not present """ store = get_store(config) try: csrf = CSRFProtector({}) result = csrf.check_csrf({}, None) raise AssertionError( 'check_csrf succeeded when no csrf_token supplied') except InvalidNonceError, exc: assert exc.message == 'No csrf_token supplied'