Gitiles
Code Review Sign In
gerrit.avm99963.com / monorail-avm99963 / e3e91653e1ad8cbd38f657fdaa12885676e1553c / . / framework / test / xsrf_test.py
blob: aa0457021b5249f08d1667150da873fcfeaab691 [file] [log] [blame]
Copybara854996b2021-09-07 19:36:02 +0000[diff] [blame]1# Copyright 2016 The Chromium Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style
3# license that can be found in the LICENSE file or at
4# https://developers.google.com/open-source/licenses/bsd
5
6"""Tests for XSRF utility functions."""
7from __future__ import print_function
8from __future__ import division
9from __future__ import absolute_import
10
11import time
12import unittest
13
14from mock import patch
15
16from google.appengine.ext import testbed
17
18import settings
19from framework import xsrf
20
21
22class XsrfTest(unittest.TestCase):
23 """Set of unit tests for blocking XSRF attacks."""
24
25 def setUp(self):
26 self.testbed = testbed.Testbed()
27 self.testbed.activate()
28 self.testbed.init_memcache_stub()
29 self.testbed.init_datastore_v3_stub()
30
31 def tearDown(self):
32 self.testbed.deactivate()
33
34 def testGenerateToken_AnonUserGetsAToken(self):
35 self.assertNotEqual('', xsrf.GenerateToken(0, '/path'))
36
37 def testGenerateToken_DifferentUsersGetDifferentTokens(self):
38 self.assertNotEqual(
39 xsrf.GenerateToken(111, '/path'),
40 xsrf.GenerateToken(222, '/path'))
41
42 self.assertNotEqual(
43 xsrf.GenerateToken(111, '/path'),
44 xsrf.GenerateToken(0, '/path'))
45
46 def testGenerateToken_DifferentPathsGetDifferentTokens(self):
47 self.assertNotEqual(
48 xsrf.GenerateToken(111, '/path/one'),
49 xsrf.GenerateToken(111, '/path/two'))
50
51 def testValidToken(self):
52 token = xsrf.GenerateToken(111, '/path')
53 xsrf.ValidateToken(token, 111, '/path') # no exception raised
54
55 def testMalformedToken(self):
56 self.assertRaises(
57 xsrf.TokenIncorrect,
58 xsrf.ValidateToken, 'bad', 111, '/path')
59 self.assertRaises(
60 xsrf.TokenIncorrect,
61 xsrf.ValidateToken, '', 111, '/path')
62
63 self.assertRaises(
64 xsrf.TokenIncorrect,
65 xsrf.ValidateToken, '098a08fe08b08c08a05e:9721973123', 111, '/path')
66
67 def testWrongUser(self):
68 token = xsrf.GenerateToken(111, '/path')
69 self.assertRaises(
70 xsrf.TokenIncorrect,
71 xsrf.ValidateToken, token, 222, '/path')
72
73 def testWrongPath(self):
74 token = xsrf.GenerateToken(111, '/path/one')
75 self.assertRaises(
76 xsrf.TokenIncorrect,
77 xsrf.ValidateToken, token, 111, '/path/two')
78
79 @patch('time.time')
80 def testValidateToken_Expiration(self, mockTime):
81 test_time = 1526671379
82 mockTime.return_value = test_time
83 token = xsrf.GenerateToken(111, '/path')
84 xsrf.ValidateToken(token, 111, '/path')
85
86 mockTime.return_value = test_time + 1
87 xsrf.ValidateToken(token, 111, '/path')
88
89 mockTime.return_value = test_time + xsrf.TOKEN_TIMEOUT_SEC
90 xsrf.ValidateToken(token, 111, '/path')
91
92 mockTime.return_value = test_time + xsrf.TOKEN_TIMEOUT_SEC + 1
93 self.assertRaises(
94 xsrf.TokenIncorrect,
95 xsrf.ValidateToken, token, 11, '/path')
96
97 @patch('time.time')
98 def testValidateToken_Future(self, mockTime):
99 """We reject tokens from the future."""
100 test_time = 1526671379
101 mockTime.return_value = test_time
102 token = xsrf.GenerateToken(111, '/path')
103 xsrf.ValidateToken(token, 111, '/path')
104
105 # The clock of the GAE instance doing the checking might be slightly slow.
106 mockTime.return_value = test_time - 1
107 xsrf.ValidateToken(token, 111, '/path')
108
109 # But, if the difference is too much, someone is trying to fake a token.
110 mockTime.return_value = test_time - xsrf.CLOCK_SKEW_SEC - 1
111 self.assertRaises(
112 xsrf.TokenIncorrect,
113 xsrf.ValidateToken, token, 111, '/path')