| Joe Gregorio | 6ceea2d | 2012-08-24 11:57:58 -0400 | [diff] [blame^] | 1 | # Copyright 2012 Google Inc. |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | """Tests for oauth2client.xsrfutil. |
| 15 | |
| 16 | Unit tests for oauth2client.xsrfutil. |
| 17 | """ |
| 18 | |
| 19 | __author__ = 'jcgregorio@google.com (Joe Gregorio)' |
| 20 | |
| 21 | import unittest |
| 22 | |
| 23 | from oauth2client import xsrfutil |
| 24 | |
| 25 | # Jan 17 2008, 5:40PM |
| 26 | TEST_KEY = 'test key' |
| 27 | TEST_TIME = 1200609642081230 |
| 28 | TEST_USER_ID_1 = 123832983 |
| 29 | TEST_USER_ID_2 = 938297432 |
| 30 | TEST_ACTION_ID_1 = 'some_action' |
| 31 | TEST_ACTION_ID_2 = 'some_other_action' |
| 32 | TEST_EXTRA_INFO_1 = 'extra_info_1' |
| 33 | TEST_EXTRA_INFO_2 = 'more_extra_info' |
| 34 | |
| 35 | |
| 36 | class XsrfUtilTests(unittest.TestCase): |
| 37 | """Test xsrfutil functions.""" |
| 38 | |
| 39 | def testGenerateAndValidateToken(self): |
| 40 | """Test generating and validating a token.""" |
| 41 | token = xsrfutil.generate_token(TEST_KEY, |
| 42 | TEST_USER_ID_1, |
| 43 | action_id=TEST_ACTION_ID_1, |
| 44 | when=TEST_TIME) |
| 45 | |
| 46 | # Check that the token is considered valid when it should be. |
| 47 | self.assertTrue(xsrfutil.validate_token(TEST_KEY, |
| 48 | token, |
| 49 | TEST_USER_ID_1, |
| 50 | action_id=TEST_ACTION_ID_1, |
| 51 | current_time=TEST_TIME)) |
| 52 | |
| 53 | # Should still be valid 15 minutes later. |
| 54 | later15mins = TEST_TIME + 15*60 |
| 55 | self.assertTrue(xsrfutil.validate_token(TEST_KEY, |
| 56 | token, |
| 57 | TEST_USER_ID_1, |
| 58 | action_id=TEST_ACTION_ID_1, |
| 59 | current_time=later15mins)) |
| 60 | |
| 61 | # But not if beyond the timeout. |
| 62 | later2hours = TEST_TIME + 2*60*60 |
| 63 | self.assertFalse(xsrfutil.validate_token(TEST_KEY, |
| 64 | token, |
| 65 | TEST_USER_ID_1, |
| 66 | action_id=TEST_ACTION_ID_1, |
| 67 | current_time=later2hours)) |
| 68 | |
| 69 | # Or if the key is different. |
| 70 | self.assertFalse(xsrfutil.validate_token('another key', |
| 71 | token, |
| 72 | TEST_USER_ID_1, |
| 73 | action_id=TEST_ACTION_ID_1, |
| 74 | current_time=later15mins)) |
| 75 | |
| 76 | # Or the user ID.... |
| 77 | self.assertFalse(xsrfutil.validate_token(TEST_KEY, |
| 78 | token, |
| 79 | TEST_USER_ID_2, |
| 80 | action_id=TEST_ACTION_ID_1, |
| 81 | current_time=later15mins)) |
| 82 | |
| 83 | # Or the action ID... |
| 84 | self.assertFalse(xsrfutil.validate_token(TEST_KEY, |
| 85 | token, |
| 86 | TEST_USER_ID_1, |
| 87 | action_id=TEST_ACTION_ID_2, |
| 88 | current_time=later15mins)) |
| 89 | |
| 90 | # Invalid when truncated |
| 91 | self.assertFalse(xsrfutil.validate_token(TEST_KEY, |
| 92 | token[:-1], |
| 93 | TEST_USER_ID_1, |
| 94 | action_id=TEST_ACTION_ID_1, |
| 95 | current_time=later15mins)) |
| 96 | |
| 97 | # Invalid with extra garbage |
| 98 | self.assertFalse(xsrfutil.validate_token(TEST_KEY, |
| 99 | token + 'x', |
| 100 | TEST_USER_ID_1, |
| 101 | action_id=TEST_ACTION_ID_1, |
| 102 | current_time=later15mins)) |
| 103 | |
| 104 | # Invalid with token of None |
| 105 | self.assertFalse(xsrfutil.validate_token(TEST_KEY, |
| 106 | None, |
| 107 | TEST_USER_ID_1, |
| 108 | action_id=TEST_ACTION_ID_1)) |
| 109 | |
| 110 | if __name__ == '__main__': |
| 111 | unittest.main() |