Open Source Monorail

appengine/monorail/framework/test/xsrf_test.py

Index: appengine/monorail/framework/test/xsrf_test.py
diff --git a/appengine/monorail/framework/test/xsrf_test.py b/appengine/monorail/framework/test/xsrf_test.py
new file mode 100644
index 0000000000000000000000000000000000000000..2a4b96d11e130e30c36daa31df21f8baf0006e24
--- /dev/null
+++ b/appengine/monorail/framework/test/xsrf_test.py
@@ -0,0 +1,88 @@
+# Copyright 2016 The Chromium Authors. All rights reserved.
+# Use of this source code is govered by a BSD-style
+# license that can be found in the LICENSE file or at
+# https://developers.google.com/open-source/licenses/bsd
+
+"""Tests for XSRF utility functions."""
+
+import time
+import unittest
+
+from google.appengine.ext import testbed
+
+import settings
+from framework import xsrf
+
+
+class XsrfTest(unittest.TestCase):
+  """Set of unit tests for blocking XSRF attacks."""
+
+  def setUp(self):
+    self.testbed = testbed.Testbed()
+    self.testbed.activate()
+    self.testbed.init_memcache_stub()
+    self.testbed.init_datastore_v3_stub()
+
+  def testGenerateToken_AnonUserGetsNoToken(self):
+    self.assertEqual('', xsrf.GenerateToken(0L, '/path'))
+
+  def testGenerateToken_DifferentUsersGetDifferentTokens(self):
+    self.assertNotEqual(
+        xsrf.GenerateToken(111L, '/path'),
+        xsrf.GenerateToken(222L, '/path'))
+
+  def testGenerateToken_DifferentPathsGetDifferentTokens(self):
+    self.assertNotEqual(
+        xsrf.GenerateToken(111L, '/path/one'),
+        xsrf.GenerateToken(111L, '/path/two'))
+
+  def testGenerateToken_DifferentTimesGetDifferentTokens(self):
+    test_time = int(time.time())
+    self.assertNotEqual(
+        xsrf.GenerateToken(111L, '/path', token_time=test_time),
+        xsrf.GenerateToken(111L, '/path', token_time=test_time + 1))
+
+  def testValidToken(self):
+    token = xsrf.GenerateToken(111L, '/path')
+    xsrf.ValidateToken(token, 111L, '/path')  # no exception raised
+
+  def testMalformedToken(self):
+    self.assertRaises(
+      xsrf.TokenIncorrect,
+      xsrf.ValidateToken, 'bad', 111L, '/path')
+    self.assertRaises(
+      xsrf.TokenIncorrect,
+      xsrf.ValidateToken, '', 111L, '/path')
+
+    self.assertRaises(
+        xsrf.TokenIncorrect,
+        xsrf.ValidateToken, '098a08fe08b08c08a05e:9721973123', 111L, '/path')
+
+  def testWrongUser(self):
+    token = xsrf.GenerateToken(111L, '/path')
+    self.assertRaises(
+      xsrf.TokenIncorrect,
+      xsrf.ValidateToken, token, 222L, '/path')
+
+  def testWrongPath(self):
+    token = xsrf.GenerateToken(111L, '/path/one')
+    self.assertRaises(
+      xsrf.TokenIncorrect,
+      xsrf.ValidateToken, token, 111L, '/path/two')
+
+  def testValidateToken_Expiration(self):
+    test_time = int(time.time())
+    token = xsrf.GenerateToken(111L, '/path', token_time=test_time)
+    xsrf.ValidateToken(token, 111L, '/path', now=test_time)
+    xsrf.ValidateToken(token, 111L, '/path', now=test_time + 1)
+    xsrf.ValidateToken(
+        token, 111L, '/path', now=test_time + xsrf.TOKEN_TIMEOUT_SEC)
+
+    self.assertRaises(
+      xsrf.TokenIncorrect,
+      xsrf.ValidateToken, token, 11L, '/path',
+      now=test_time + xsrf.TOKEN_TIMEOUT_SEC + 1)
+
+
+if __name__ == '__main__':
+  unittest.main()