Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(303)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/monorail/framework/test/xsrf_test.py

Issue 1868553004: Open Source Monorail (Closed) Base URL: https://chromium.googlesource.com/infra/infra.git@master
Patch Set: Rebase Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « appengine/monorail/framework/test/validate_test.py ('k') | appengine/monorail/framework/timestr.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 # Copyright 2016 The Chromium Authors. All rights reserved.
2 # Use of this source code is govered by a BSD-style
3 # license that can be found in the LICENSE file or at
4 # https://developers.google.com/open-source/licenses/bsd
5
6 """Tests for XSRF utility functions."""
7
8 import time
9 import unittest
10
11 from google.appengine.ext import testbed
12
13 import settings
14 from framework import xsrf
15
16
17 class XsrfTest(unittest.TestCase):
18 """Set of unit tests for blocking XSRF attacks."""
19
20 def setUp(self):
21 self.testbed = testbed.Testbed()
22 self.testbed.activate()
23 self.testbed.init_memcache_stub()
24 self.testbed.init_datastore_v3_stub()
25
26 def testGenerateToken_AnonUserGetsNoToken(self):
27 self.assertEqual('', xsrf.GenerateToken(0L, '/path'))
28
29 def testGenerateToken_DifferentUsersGetDifferentTokens(self):
30 self.assertNotEqual(
31 xsrf.GenerateToken(111L, '/path'),
32 xsrf.GenerateToken(222L, '/path'))
33
34 def testGenerateToken_DifferentPathsGetDifferentTokens(self):
35 self.assertNotEqual(
36 xsrf.GenerateToken(111L, '/path/one'),
37 xsrf.GenerateToken(111L, '/path/two'))
38
39 def testGenerateToken_DifferentTimesGetDifferentTokens(self):
40 test_time = int(time.time())
41 self.assertNotEqual(
42 xsrf.GenerateToken(111L, '/path', token_time=test_time),
43 xsrf.GenerateToken(111L, '/path', token_time=test_time + 1))
44
45 def testValidToken(self):
46 token = xsrf.GenerateToken(111L, '/path')
47 xsrf.ValidateToken(token, 111L, '/path') # no exception raised
48
49 def testMalformedToken(self):
50 self.assertRaises(
51 xsrf.TokenIncorrect,
52 xsrf.ValidateToken, 'bad', 111L, '/path')
53 self.assertRaises(
54 xsrf.TokenIncorrect,
55 xsrf.ValidateToken, '', 111L, '/path')
56
57 self.assertRaises(
58 xsrf.TokenIncorrect,
59 xsrf.ValidateToken, '098a08fe08b08c08a05e:9721973123', 111L, '/path')
60
61 def testWrongUser(self):
62 token = xsrf.GenerateToken(111L, '/path')
63 self.assertRaises(
64 xsrf.TokenIncorrect,
65 xsrf.ValidateToken, token, 222L, '/path')
66
67 def testWrongPath(self):
68 token = xsrf.GenerateToken(111L, '/path/one')
69 self.assertRaises(
70 xsrf.TokenIncorrect,
71 xsrf.ValidateToken, token, 111L, '/path/two')
72
73 def testValidateToken_Expiration(self):
74 test_time = int(time.time())
75 token = xsrf.GenerateToken(111L, '/path', token_time=test_time)
76 xsrf.ValidateToken(token, 111L, '/path', now=test_time)
77 xsrf.ValidateToken(token, 111L, '/path', now=test_time + 1)
78 xsrf.ValidateToken(
79 token, 111L, '/path', now=test_time + xsrf.TOKEN_TIMEOUT_SEC)
80
81 self.assertRaises(
82 xsrf.TokenIncorrect,
83 xsrf.ValidateToken, token, 11L, '/path',
84 now=test_time + xsrf.TOKEN_TIMEOUT_SEC + 1)
85
86
87 if __name__ == '__main__':
88 unittest.main()
OLDNEW
« no previous file with comments | « appengine/monorail/framework/test/validate_test.py ('k') | appengine/monorail/framework/timestr.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698