def test_login_token_failed_hax0r(self): fake_token = 'asdf;lhasdfdso' response = self.client.get(reverse('urlcrypt_redirect', args=(fake_token,))) self.assertRedirects(response, URLCRYPT_LOGIN_URL) fake_token = base64url_encode(encode_token([str(self.test_user.id), reverse('urlcrypt_test_view'), str(int(time.time()))])) response = self.client.get(reverse('urlcrypt_redirect', args=(fake_token,))) self.assertRedirects(response, URLCRYPT_LOGIN_URL)
def generate_login_token(user, url): strings = [str(user.id), url.strip(), str(int(time.time()))] token_byte_string = encode_token(strings) if URLCRYPT_USE_RSA_ENCRYPTION: token_byte_string = urlcrypt.rsa.encrypt(token_byte_string) return base64url_encode(token_byte_string)
def encr(): message = {'url': u'/users/following/', 'user_id': '12345'} token = urlcrypt.encode_token((message['user_id'], message['url'])) decoded_message = urlcrypt.decode_token(token, ('user_id', 'url', 'timestamp')) print decoded_message print token
def test_login_token_failed_hax0r(self): fake_token = 'asdf;lhasdfdso' response = self.client.get( reverse('urlcrypt_redirect', args=(fake_token, ))) self.assertRedirects(response, URLCRYPT_LOGIN_URL) fake_token = base64url_encode( encode_token([ str(self.test_user.id), reverse('urlcrypt_test_view'), str(int(time.time())) ])) response = self.client.get( reverse('urlcrypt_redirect', args=(fake_token, ))) self.assertRedirects(response, URLCRYPT_LOGIN_URL)
def decode_token(token, keys): packed_string = deobfuscate(token) strings = unpack(packed_string)[1:] assert token == encode_token(strings) return dict(zip(keys, strings))