diff options
author | Claude Paroz <claude@2xlibre.net> | 2020-02-13 20:55:48 +0100 |
---|---|---|
committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-04-15 12:49:14 +0200 |
commit | 71c4fb7beb8e3293243140e4bd74e53989196440 (patch) | |
tree | 543c9d7c08e5f2a5ab8e7b7a63d55cea3da983f3 /tests/signing | |
parent | 4bb33bb07450ea9b623877417c28e6489246f51c (diff) | |
download | django-71c4fb7beb8e3293243140e4bd74e53989196440.tar.gz |
Refs #27468 -- Changed default Signer algorithm to SHA-256.
Diffstat (limited to 'tests/signing')
-rw-r--r-- | tests/signing/tests.py | 47 |
1 files changed, 43 insertions, 4 deletions
diff --git a/tests/signing/tests.py b/tests/signing/tests.py index d0767c0703..6b7268179d 100644 --- a/tests/signing/tests.py +++ b/tests/signing/tests.py @@ -3,6 +3,7 @@ import datetime from django.core import signing from django.test import SimpleTestCase from django.test.utils import freeze_time +from django.utils.crypto import InvalidAlgorithm class TestSigner(SimpleTestCase): @@ -18,7 +19,12 @@ class TestSigner(SimpleTestCase): ): self.assertEqual( signer.signature(s), - signing.base64_hmac(signer.salt + 'signer', s, 'predictable-secret') + signing.base64_hmac( + signer.salt + 'signer', + s, + 'predictable-secret', + algorithm=signer.algorithm, + ) ) self.assertNotEqual(signer.signature(s), signer2.signature(s)) @@ -27,12 +33,39 @@ class TestSigner(SimpleTestCase): signer = signing.Signer('predictable-secret', salt='extra-salt') self.assertEqual( signer.signature('hello'), - signing.base64_hmac('extra-salt' + 'signer', 'hello', 'predictable-secret') + signing.base64_hmac( + 'extra-salt' + 'signer', + 'hello', + 'predictable-secret', + algorithm=signer.algorithm, + ) ) self.assertNotEqual( signing.Signer('predictable-secret', salt='one').signature('hello'), signing.Signer('predictable-secret', salt='two').signature('hello')) + def test_custom_algorithm(self): + signer = signing.Signer('predictable-secret', algorithm='sha512') + self.assertEqual( + signer.signature('hello'), + 'Usf3uVQOZ9m6uPfVonKR-EBXjPe7bjMbp3_Fq8MfsptgkkM1ojidN0BxYaT5HAEN1' + 'VzO9_jVu7R-VkqknHYNvw', + ) + + def test_invalid_algorithm(self): + signer = signing.Signer('predictable-secret', algorithm='whatever') + msg = "'whatever' is not an algorithm accepted by the hashlib module." + with self.assertRaisesMessage(InvalidAlgorithm, msg): + signer.sign('hello') + + def test_legacy_signature(self): + # RemovedInDjango40Warning: pre-Django 3.1 signatures won't be + # supported. + signer = signing.Signer() + sha1_sig = 'foo:l-EMM5FtewpcHMbKFeQodt3X9z8' + self.assertNotEqual(signer.sign('foo'), sha1_sig) + self.assertEqual(signer.unsign(sha1_sig), 'foo') + def test_sign_unsign(self): "sign/unsign should be reversible" signer = signing.Signer('predictable-secret') @@ -115,13 +148,19 @@ class TestSigner(SimpleTestCase): binary_key = b'\xe7' # Set some binary (non-ASCII key) s = signing.Signer(binary_key) - self.assertEqual('foo:6NB0fssLW5RQvZ3Y-MTerq2rX7w', s.sign('foo')) + self.assertEqual( + 'foo:EE4qGC5MEKyQG5msxYA0sBohAxLC0BJf8uRhemh0BGU', + s.sign('foo'), + ) def test_valid_sep(self): separators = ['/', '*sep*', ','] for sep in separators: signer = signing.Signer('predictable-secret', sep=sep) - self.assertEqual('foo%ssH9B01cZcJ9FoT_jEVkRkNULrl8' % sep, signer.sign('foo')) + self.assertEqual( + 'foo%sjZQoX_FtSO70jX9HLRGg2A_2s4kdDBxz1QoO_OpEQb0' % sep, + signer.sign('foo'), + ) def test_invalid_sep(self): """should warn on invalid separator""" |