From 629553ec992c59500ef64b04b8fc9fb0500bcaee Mon Sep 17 00:00:00 2001 From: BonfaceKilz Date: Wed, 28 Oct 2020 23:11:59 +0300 Subject: Add tests for cookie verification --- wqflask/tests/wqflask/test_user_session.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 wqflask/tests/wqflask/test_user_session.py diff --git a/wqflask/tests/wqflask/test_user_session.py b/wqflask/tests/wqflask/test_user_session.py new file mode 100644 index 00000000..ebb0334a --- /dev/null +++ b/wqflask/tests/wqflask/test_user_session.py @@ -0,0 +1,15 @@ +"""Test cases for some methods in user_session.py""" + +import unittest +from wqflask.user_session import verify_cookie + + +class TestUserSession(unittest.TestCase): + def test_verify_cookie(self): + """ + Test cookie verification + """ + self.assertEqual( + "3f4c1dbf-5b56-4260-87d6-f35445bda37e", + verify_cookie(("3f4c1dbf-5b56-4260-87d6-" + "f35445bda37e:af4fcf5eace9e7c864ce"))) -- cgit v1.2.3 From 2120392705c6aa652bab280e98c84b9c33bc5902 Mon Sep 17 00:00:00 2001 From: BonfaceKilz Date: Wed, 28 Oct 2020 23:12:49 +0300 Subject: Add new test for hmac_creation with latin-1 secret * wqflask/tests/utility/test_hmac.py (test_hmac_creation_with_cookie): New test. For this test, use a secret that behaves differently when encoded to either utf-8 or latin-1. --- wqflask/tests/utility/test_hmac.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/wqflask/tests/utility/test_hmac.py b/wqflask/tests/utility/test_hmac.py index 7c61c0a6..4e3652f8 100644 --- a/wqflask/tests/utility/test_hmac.py +++ b/wqflask/tests/utility/test_hmac.py @@ -17,6 +17,19 @@ class TestHmacUtil(unittest.TestCase): """Test hmac creation with a utf-8 string""" self.assertEqual(hmac_creation("ファイ"), "7410466338cfe109e946") + @mock.patch("utility.hmac.app.config", + {'SECRET_HMAC_CODE': ('\x08\xdf\xfa\x93N\x80' + '\xd9\\H@\\\x9f`\x98d^' + '\xb4a;\xc6OM\x946a\xbc' + '\xfc\x80:*\xebc')}) + def test_hmac_creation_with_cookie(self): + """Test hmac creation with a cookie""" + cookie = "3f4c1dbf-5b56-4260-87d6-f35445bda37e:af4fcf5eace9e7c864ce" + uuid_, _, signature = cookie.partition(":") + self.assertEqual( + hmac_creation(uuid_), + "af4fcf5eace9e7c864ce") + @mock.patch("utility.hmac.app.config", {'SECRET_HMAC_CODE': "secret"}) def test_data_hmac(self): """Test data_hmac fn with a utf-8 string""" -- cgit v1.2.3 From ca22bbfdd36351e2b7d8f346b5a3ab81c94f7203 Mon Sep 17 00:00:00 2001 From: BonfaceKilz Date: Wed, 28 Oct 2020 23:14:35 +0300 Subject: Use latin-1 encoding when converting hmac secret to bytes * wqflask/utility/hmac.py (hmac_creation): Use latin-1 when serializing the hmac secret. This ensures that the behaviour of *verify_cookie* remains the same as in the python2 tip. --- wqflask/utility/hmac.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wqflask/utility/hmac.py b/wqflask/utility/hmac.py index 6623f69a..29891677 100644 --- a/wqflask/utility/hmac.py +++ b/wqflask/utility/hmac.py @@ -10,7 +10,7 @@ def hmac_creation(stringy): """Helper function to create the actual hmac""" secret = app.config['SECRET_HMAC_CODE'] - hmaced = hmac.new(bytearray(secret, "utf-8"), + hmaced = hmac.new(bytearray(secret, "latin-1"), bytearray(stringy, "utf-8"), hashlib.sha1) hm = hmaced.hexdigest() -- cgit v1.2.3