diff options
author | BonfaceKilz | 2020-10-29 16:12:13 +0300 |
---|---|---|
committer | GitHub | 2020-10-29 16:12:13 +0300 |
commit | 6e6911b466c2727b16a190d8b714f55d7842d7e2 (patch) | |
tree | bc395eceb7a58002286c9275d40d21a8c885d2be | |
parent | f3e01550a63238688a12152ab560db6d02e09a82 (diff) | |
parent | ca22bbfdd36351e2b7d8f346b5a3ab81c94f7203 (diff) | |
download | genenetwork2-6e6911b466c2727b16a190d8b714f55d7842d7e2.tar.gz |
Merge pull request #469 from BonfaceKilz/bug/fix-cookies-verification
Bug/Fix cookie verification bug
-rw-r--r-- | wqflask/tests/utility/test_hmac.py | 13 | ||||
-rw-r--r-- | wqflask/tests/wqflask/test_user_session.py | 15 | ||||
-rw-r--r-- | wqflask/utility/hmac.py | 2 |
3 files changed, 29 insertions, 1 deletions
diff --git a/wqflask/tests/utility/test_hmac.py b/wqflask/tests/utility/test_hmac.py index 7c61c0a6..4e3652f8 100644 --- a/wqflask/tests/utility/test_hmac.py +++ b/wqflask/tests/utility/test_hmac.py @@ -17,6 +17,19 @@ class TestHmacUtil(unittest.TestCase): """Test hmac creation with a utf-8 string""" self.assertEqual(hmac_creation("ファイ"), "7410466338cfe109e946") + @mock.patch("utility.hmac.app.config", + {'SECRET_HMAC_CODE': ('\x08\xdf\xfa\x93N\x80' + '\xd9\\H@\\\x9f`\x98d^' + '\xb4a;\xc6OM\x946a\xbc' + '\xfc\x80:*\xebc')}) + def test_hmac_creation_with_cookie(self): + """Test hmac creation with a cookie""" + cookie = "3f4c1dbf-5b56-4260-87d6-f35445bda37e:af4fcf5eace9e7c864ce" + uuid_, _, signature = cookie.partition(":") + self.assertEqual( + hmac_creation(uuid_), + "af4fcf5eace9e7c864ce") + @mock.patch("utility.hmac.app.config", {'SECRET_HMAC_CODE': "secret"}) def test_data_hmac(self): """Test data_hmac fn with a utf-8 string""" diff --git a/wqflask/tests/wqflask/test_user_session.py b/wqflask/tests/wqflask/test_user_session.py new file mode 100644 index 00000000..ebb0334a --- /dev/null +++ b/wqflask/tests/wqflask/test_user_session.py @@ -0,0 +1,15 @@ +"""Test cases for some methods in user_session.py""" + +import unittest +from wqflask.user_session import verify_cookie + + +class TestUserSession(unittest.TestCase): + def test_verify_cookie(self): + """ + Test cookie verification + """ + self.assertEqual( + "3f4c1dbf-5b56-4260-87d6-f35445bda37e", + verify_cookie(("3f4c1dbf-5b56-4260-87d6-" + "f35445bda37e:af4fcf5eace9e7c864ce"))) diff --git a/wqflask/utility/hmac.py b/wqflask/utility/hmac.py index 6623f69a..29891677 100644 --- a/wqflask/utility/hmac.py +++ b/wqflask/utility/hmac.py @@ -10,7 +10,7 @@ def hmac_creation(stringy): """Helper function to create the actual hmac""" secret = app.config['SECRET_HMAC_CODE'] - hmaced = hmac.new(bytearray(secret, "utf-8"), + hmaced = hmac.new(bytearray(secret, "latin-1"), bytearray(stringy, "utf-8"), hashlib.sha1) hm = hmaced.hexdigest() |