| # Copyright 2016 The Chromium Authors. All rights reserved. |
| # Use of this source code is govered by a BSD-style |
| # license that can be found in the LICENSE file or at |
| # https://developers.google.com/open-source/licenses/bsd |
| |
| """Tests for XSRF utility functions.""" |
| |
| import time |
| import unittest |
| |
| from google.appengine.ext import testbed |
| |
| import settings |
| from framework import xsrf |
| |
| |
| class XsrfTest(unittest.TestCase): |
| """Set of unit tests for blocking XSRF attacks.""" |
| |
| def setUp(self): |
| self.testbed = testbed.Testbed() |
| self.testbed.activate() |
| self.testbed.init_memcache_stub() |
| self.testbed.init_datastore_v3_stub() |
| |
| def testGenerateToken_AnonUserGetsNoToken(self): |
| self.assertEqual('', xsrf.GenerateToken(0L, '/path')) |
| |
| def testGenerateToken_DifferentUsersGetDifferentTokens(self): |
| self.assertNotEqual( |
| xsrf.GenerateToken(111L, '/path'), |
| xsrf.GenerateToken(222L, '/path')) |
| |
| def testGenerateToken_DifferentPathsGetDifferentTokens(self): |
| self.assertNotEqual( |
| xsrf.GenerateToken(111L, '/path/one'), |
| xsrf.GenerateToken(111L, '/path/two')) |
| |
| def testGenerateToken_DifferentTimesGetDifferentTokens(self): |
| test_time = int(time.time()) |
| self.assertNotEqual( |
| xsrf.GenerateToken(111L, '/path', token_time=test_time), |
| xsrf.GenerateToken(111L, '/path', token_time=test_time + 1)) |
| |
| def testValidToken(self): |
| token = xsrf.GenerateToken(111L, '/path') |
| xsrf.ValidateToken(token, 111L, '/path') # no exception raised |
| |
| def testMalformedToken(self): |
| self.assertRaises( |
| xsrf.TokenIncorrect, |
| xsrf.ValidateToken, 'bad', 111L, '/path') |
| self.assertRaises( |
| xsrf.TokenIncorrect, |
| xsrf.ValidateToken, '', 111L, '/path') |
| |
| self.assertRaises( |
| xsrf.TokenIncorrect, |
| xsrf.ValidateToken, '098a08fe08b08c08a05e:9721973123', 111L, '/path') |
| |
| def testWrongUser(self): |
| token = xsrf.GenerateToken(111L, '/path') |
| self.assertRaises( |
| xsrf.TokenIncorrect, |
| xsrf.ValidateToken, token, 222L, '/path') |
| |
| def testWrongPath(self): |
| token = xsrf.GenerateToken(111L, '/path/one') |
| self.assertRaises( |
| xsrf.TokenIncorrect, |
| xsrf.ValidateToken, token, 111L, '/path/two') |
| |
| def testValidateToken_Expiration(self): |
| test_time = int(time.time()) |
| token = xsrf.GenerateToken(111L, '/path', token_time=test_time) |
| xsrf.ValidateToken(token, 111L, '/path', now=test_time) |
| xsrf.ValidateToken(token, 111L, '/path', now=test_time + 1) |
| xsrf.ValidateToken( |
| token, 111L, '/path', now=test_time + xsrf.TOKEN_TIMEOUT_SEC) |
| |
| self.assertRaises( |
| xsrf.TokenIncorrect, |
| xsrf.ValidateToken, token, 11L, '/path', |
| now=test_time + xsrf.TOKEN_TIMEOUT_SEC + 1) |
| |
| |
| if __name__ == '__main__': |
| unittest.main() |