我们从Python开源项目中,提取了以下50个代码示例,用于说明如何使用tornado.web.decode_signed_value()。
def test_signature_tampering(self): prefix = "2|1:0|10:1300000000|3:key|8:dmFsdWU=|" def validate(sig): return (b'value' == decode_signed_value(SignedValueTest.SECRET, "key", prefix + sig, clock=self.present)) self.assertTrue(validate( "3d4e60b996ff9c5d5788e333a0cba6f238a22c6c0f94788870e1a9ecd482e152")) # All zeros self.assertFalse(validate("0" * 32)) # Change one character self.assertFalse(validate( "4d4e60b996ff9c5d5788e333a0cba6f238a22c6c0f94788870e1a9ecd482e152")) # Change another character self.assertFalse(validate( "3d4e60b996ff9c5d5788e333a0cba6f238a22c6c0f94788870e1a9ecd482e153")) # Truncate self.assertFalse(validate( "3d4e60b996ff9c5d5788e333a0cba6f238a22c6c0f94788870e1a9ecd482e15")) # Lengthen self.assertFalse(validate( "3d4e60b996ff9c5d5788e333a0cba6f238a22c6c0f94788870e1a9ecd482e1538"))
def current_user_id(self): if CONFIG.COOKIE_SECRET: user_id = self.get_secure_cookie('user_id', min_version=2) if user_id: return user_id # user_id = self.get_secure_cookie("user_id") # user_id # fixed no cookie value in User-Agent for Shockwave Flash and for lua upload if not user_id: secure_code = self.get_argument('code', '') # code = self.get_cookie('user_id') if secure_code: secure_user_id = unquote(secure_code) user_id = decode_signed_value(self.application.settings["cookie_secret"], 'user_id', secure_user_id) return user_id
def test_known_values(self): signed_v1 = create_signed_value(SignedValueTest.SECRET, "key", "value", version=1, clock=self.present) self.assertEqual( signed_v1, b"dmFsdWU=|1300000000|31c934969f53e48164c50768b40cbd7e2daaaa4f") signed_v2 = create_signed_value(SignedValueTest.SECRET, "key", "value", version=2, clock=self.present) self.assertEqual( signed_v2, b"2|1:0|10:1300000000|3:key|8:dmFsdWU=|" b"3d4e60b996ff9c5d5788e333a0cba6f238a22c6c0f94788870e1a9ecd482e152") signed_default = create_signed_value(SignedValueTest.SECRET, "key", "value", clock=self.present) self.assertEqual(signed_default, signed_v2) decoded_v1 = decode_signed_value(SignedValueTest.SECRET, "key", signed_v1, min_version=1, clock=self.present) self.assertEqual(decoded_v1, b"value") decoded_v2 = decode_signed_value(SignedValueTest.SECRET, "key", signed_v2, min_version=2, clock=self.present) self.assertEqual(decoded_v2, b"value")
def test_name_swap(self): signed1 = create_signed_value(SignedValueTest.SECRET, "key1", "value", clock=self.present) signed2 = create_signed_value(SignedValueTest.SECRET, "key2", "value", clock=self.present) # Try decoding each string with the other's "name" decoded1 = decode_signed_value(SignedValueTest.SECRET, "key2", signed1, clock=self.present) self.assertIs(decoded1, None) decoded2 = decode_signed_value(SignedValueTest.SECRET, "key1", signed2, clock=self.present) self.assertIs(decoded2, None)
def test_expired(self): signed = create_signed_value(SignedValueTest.SECRET, "key1", "value", clock=self.past) decoded_past = decode_signed_value(SignedValueTest.SECRET, "key1", signed, clock=self.past) self.assertEqual(decoded_past, b"value") decoded_present = decode_signed_value(SignedValueTest.SECRET, "key1", signed, clock=self.present) self.assertIs(decoded_present, None)
def test_payload_tampering(self): # These cookies are variants of the one in test_known_values. sig = "3d4e60b996ff9c5d5788e333a0cba6f238a22c6c0f94788870e1a9ecd482e152" def validate(prefix): return (b'value' == decode_signed_value(SignedValueTest.SECRET, "key", prefix + sig, clock=self.present)) self.assertTrue(validate("2|1:0|10:1300000000|3:key|8:dmFsdWU=|")) # Change key version self.assertFalse(validate("2|1:1|10:1300000000|3:key|8:dmFsdWU=|")) # length mismatch (field too short) self.assertFalse(validate("2|1:0|10:130000000|3:key|8:dmFsdWU=|")) # length mismatch (field too long) self.assertFalse(validate("2|1:0|10:1300000000|3:keey|8:dmFsdWU=|"))
def test_key_versioning_read_write_default_key(self): value = b"\xe9" signed = create_signed_value(SignedValueTest.SECRET_DICT, "key", value, clock=self.present, key_version=0) decoded = decode_signed_value(SignedValueTest.SECRET_DICT, "key", signed, clock=self.present) self.assertEqual(value, decoded)
def test_key_versioning_read_write_non_default_key(self): value = b"\xe9" signed = create_signed_value(SignedValueTest.SECRET_DICT, "key", value, clock=self.present, key_version=1) decoded = decode_signed_value(SignedValueTest.SECRET_DICT, "key", signed, clock=self.present) self.assertEqual(value, decoded)
def test_key_versioning_invalid_key(self): value = b"\xe9" signed = create_signed_value(SignedValueTest.SECRET_DICT, "key", value, clock=self.present, key_version=0) newkeys = SignedValueTest.SECRET_DICT.copy() newkeys.pop(0) decoded = decode_signed_value(newkeys, "key", signed, clock=self.present) self.assertEqual(None, decoded)
def test_non_ascii(self): value = b"\xe9" signed = create_signed_value(SignedValueTest.SECRET, "key", value, clock=self.present) decoded = decode_signed_value(SignedValueTest.SECRET, "key", signed, clock=self.present) self.assertEqual(value, decoded)
