← Back to branch summary

~ubuntu-branches/ubuntu/oneiric/python-django/oneiric

« back to all changes in this revision

Viewing changes to .pc/08_security_pasword_reset_dos.diff/django/contrib/auth/tests/tokens.py

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge
  • Date: 2011-02-17 13:34:07 UTC
  • mfrom: (1.1.13 upstream) (4.4.12 sid)
  • Revision ID: james.westby@ubuntu.com-20110217133407-rwr88elhhq6j7ba0
Tags: 1.2.5-1ubuntu1
https://launchpad.net/bugs/719031
* Merge from Debian for security fixes (LP: #719031). Remaining changes:
  - debian/control: don't Build-Depends on locales-all, which doesn't exist
    in natty
* Drop the following patches, now included upstream:
  - debian/patches/07_security_admin_infoleak.diff
  - debian/patches/08_security_pasword_reset_dos.diff

Show diffs side-by-side

added added

removed removed

Lines of Context:
.pc/08_security_pasword_reset_dos.diff/django/contrib/auth/tests/tokens.py
1
 
TOKEN_GENERATOR_TESTS = """
2
 
>>> from django.contrib.auth.models import User, AnonymousUser
3
 
>>> from django.contrib.auth.tokens import PasswordResetTokenGenerator
4
 
>>> from django.conf import settings
5
 
>>> u = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')
6
 
>>> p0 = PasswordResetTokenGenerator()
7
 
>>> tk1 = p0.make_token(u)
8
 
>>> p0.check_token(u, tk1)
9
 
True
10
 
 
11
 
>>> u = User.objects.create_user('comebackkid', 'test3@example.com', 'testpw')
12
 
>>> p0 = PasswordResetTokenGenerator()
13
 
>>> tk1 = p0.make_token(u)
14
 
>>> reload = User.objects.get(username='comebackkid')
15
 
>>> tk2 = p0.make_token(reload)
16
 
>>> tk1 == tk2
17
 
True
18
 
 
19
 
Tests to ensure we can use the token after n days, but no greater.
20
 
Use a mocked version of PasswordResetTokenGenerator so we can change
21
 
the value of 'today'
22
 
 
23
 
>>> class Mocked(PasswordResetTokenGenerator):
24
 
...     def __init__(self, today):
25
 
...         self._today_val = today
26
 
...     def _today(self):
27
 
...         return self._today_val
28
 
 
29
 
>>> from datetime import date, timedelta
30
 
>>> p1 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS))
31
 
>>> p1.check_token(u, tk1)
32
 
True
33
 
>>> p2 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1))
34
 
>>> p2.check_token(u, tk1)
35
 
False
36
 
 
37
 
"""