117 lines
4.1 KiB
Python
117 lines
4.1 KiB
Python
|
import time
|
||
|
|
||
|
from django.core import signing
|
||
|
from django.test import TestCase
|
||
|
from django.utils.encoding import force_unicode
|
||
|
|
||
|
class TestSigner(TestCase):
|
||
|
|
||
|
def test_signature(self):
|
||
|
"signature() method should generate a signature"
|
||
|
signer = signing.Signer('predictable-secret')
|
||
|
signer2 = signing.Signer('predictable-secret2')
|
||
|
for s in (
|
||
|
'hello',
|
||
|
'3098247:529:087:',
|
||
|
u'\u2019'.encode('utf8'),
|
||
|
):
|
||
|
self.assertEqual(
|
||
|
signer.signature(s),
|
||
|
signing.base64_hmac(signer.salt + 'signer', s,
|
||
|
'predictable-secret')
|
||
|
)
|
||
|
self.assertNotEqual(signer.signature(s), signer2.signature(s))
|
||
|
|
||
|
def test_signature_with_salt(self):
|
||
|
"signature(value, salt=...) should work"
|
||
|
signer = signing.Signer('predictable-secret', salt='extra-salt')
|
||
|
self.assertEqual(
|
||
|
signer.signature('hello'),
|
||
|
signing.base64_hmac('extra-salt' + 'signer',
|
||
|
'hello', 'predictable-secret'))
|
||
|
self.assertNotEqual(
|
||
|
signing.Signer('predictable-secret', salt='one').signature('hello'),
|
||
|
signing.Signer('predictable-secret', salt='two').signature('hello'))
|
||
|
|
||
|
def test_sign_unsign(self):
|
||
|
"sign/unsign should be reversible"
|
||
|
signer = signing.Signer('predictable-secret')
|
||
|
examples = (
|
||
|
'q;wjmbk;wkmb',
|
||
|
'3098247529087',
|
||
|
'3098247:529:087:',
|
||
|
'jkw osanteuh ,rcuh nthu aou oauh ,ud du',
|
||
|
u'\u2019',
|
||
|
)
|
||
|
for example in examples:
|
||
|
self.assertNotEqual(
|
||
|
force_unicode(example), force_unicode(signer.sign(example)))
|
||
|
self.assertEqual(example, signer.unsign(signer.sign(example)))
|
||
|
|
||
|
def unsign_detects_tampering(self):
|
||
|
"unsign should raise an exception if the value has been tampered with"
|
||
|
signer = signing.Signer('predictable-secret')
|
||
|
value = 'Another string'
|
||
|
signed_value = signer.sign(value)
|
||
|
transforms = (
|
||
|
lambda s: s.upper(),
|
||
|
lambda s: s + 'a',
|
||
|
lambda s: 'a' + s[1:],
|
||
|
lambda s: s.replace(':', ''),
|
||
|
)
|
||
|
self.assertEqual(value, signer.unsign(signed_value))
|
||
|
for transform in transforms:
|
||
|
self.assertRaises(
|
||
|
signing.BadSignature, signer.unsign, transform(signed_value))
|
||
|
|
||
|
def test_dumps_loads(self):
|
||
|
"dumps and loads be reversible for any JSON serializable object"
|
||
|
objects = (
|
||
|
['a', 'list'],
|
||
|
'a string',
|
||
|
u'a unicode string \u2019',
|
||
|
{'a': 'dictionary'},
|
||
|
)
|
||
|
for o in objects:
|
||
|
self.assertNotEqual(o, signing.dumps(o))
|
||
|
self.assertEqual(o, signing.loads(signing.dumps(o)))
|
||
|
|
||
|
def test_decode_detects_tampering(self):
|
||
|
"loads should raise exception for tampered objects"
|
||
|
transforms = (
|
||
|
lambda s: s.upper(),
|
||
|
lambda s: s + 'a',
|
||
|
lambda s: 'a' + s[1:],
|
||
|
lambda s: s.replace(':', ''),
|
||
|
)
|
||
|
value = {
|
||
|
'foo': 'bar',
|
||
|
'baz': 1,
|
||
|
}
|
||
|
encoded = signing.dumps(value)
|
||
|
self.assertEqual(value, signing.loads(encoded))
|
||
|
for transform in transforms:
|
||
|
self.assertRaises(
|
||
|
signing.BadSignature, signing.loads, transform(encoded))
|
||
|
|
||
|
class TestTimestampSigner(TestCase):
|
||
|
|
||
|
def test_timestamp_signer(self):
|
||
|
value = u'hello'
|
||
|
_time = time.time
|
||
|
time.time = lambda: 123456789
|
||
|
try:
|
||
|
signer = signing.TimestampSigner('predictable-key')
|
||
|
ts = signer.sign(value)
|
||
|
self.assertNotEqual(ts,
|
||
|
signing.Signer('predictable-key').sign(value))
|
||
|
|
||
|
self.assertEqual(signer.unsign(ts), value)
|
||
|
time.time = lambda: 123456800
|
||
|
self.assertEqual(signer.unsign(ts, max_age=12), value)
|
||
|
self.assertEqual(signer.unsign(ts, max_age=11), value)
|
||
|
self.assertRaises(
|
||
|
signing.SignatureExpired, signer.unsign, ts, max_age=10)
|
||
|
finally:
|
||
|
time.time = _time
|