Mercurial > p > roundup > code
comparison test/test_cgi.py @ 5488:52cb53eedf77
reworked random number use
prefer secrets module from Python 3.6+, random.SystemRandom and finally plain random
| author | Christof Meerwald <cmeerw@cmeerw.org> |
|---|---|
| date | Sat, 04 Aug 2018 22:40:16 +0100 |
| parents | b0359a7c5b6d |
| children | 19bd4b413ed6 |
comparison
equal
deleted
inserted
replaced
| 5487:ce171c81d823 | 5488:52cb53eedf77 |
|---|---|
| 951 print("result of subtest 7:", out[0]) | 951 print("result of subtest 7:", out[0]) |
| 952 self.assertEqual(match_at, 36) | 952 self.assertEqual(match_at, 36) |
| 953 del(out[0]) | 953 del(out[0]) |
| 954 | 954 |
| 955 form2 = copy.copy(form) | 955 form2 = copy.copy(form) |
| 956 nonce = anti_csrf_nonce(cl, cl) | 956 nonce = anti_csrf_nonce(cl) |
| 957 # verify that we can see the nonce | 957 # verify that we can see the nonce |
| 958 otks = cl.db.getOTKManager() | 958 otks = cl.db.getOTKManager() |
| 959 isitthere = otks.exists(nonce) | 959 isitthere = otks.exists(nonce) |
| 960 print("result of subtest 8:", isitthere) | 960 print("result of subtest 8:", isitthere) |
| 961 print("otks: user, session", otks.get(nonce, 'uid', default=None), | 961 print("otks: user, session", otks.get(nonce, 'uid', default=None), |
| 983 | 983 |
| 984 # make sure that a get deletes the csrf. | 984 # make sure that a get deletes the csrf. |
| 985 cl.env['REQUEST_METHOD'] = 'GET' | 985 cl.env['REQUEST_METHOD'] = 'GET' |
| 986 cl.env['HTTP_REFERER'] = 'http://whoami.com/path/' | 986 cl.env['HTTP_REFERER'] = 'http://whoami.com/path/' |
| 987 form2 = copy.copy(form) | 987 form2 = copy.copy(form) |
| 988 nonce = anti_csrf_nonce(cl, cl) | 988 nonce = anti_csrf_nonce(cl) |
| 989 form2.update({'@csrf': nonce}) | 989 form2.update({'@csrf': nonce}) |
| 990 # add a real csrf field to the form and rerun the inner_main | 990 # add a real csrf field to the form and rerun the inner_main |
| 991 cl.form = db_test_base.makeForm(form2) | 991 cl.form = db_test_base.makeForm(form2) |
| 992 cl.inner_main() | 992 cl.inner_main() |
| 993 # csrf passes but fail creating new issue because not a post | 993 # csrf passes but fail creating new issue because not a post |