本文整理汇总了Python中plone.protect.authenticator.AuthenticatorView.split方法的典型用法代码示例。如果您正苦于以下问题:Python AuthenticatorView.split方法的具体用法?Python AuthenticatorView.split怎么用?Python AuthenticatorView.split使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类plone.protect.authenticator.AuthenticatorView的用法示例。
在下文中一共展示了AuthenticatorView.split方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: testCSRF
# 需要导入模块: from plone.protect.authenticator import AuthenticatorView [as 别名]
# 或者: from plone.protect.authenticator.AuthenticatorView import split [as 别名]
def testCSRF(self):
""" test csrf protection """
# for this test, we need a bit more serious request simulation
from ZPublisher.HTTPRequest import HTTPRequest
from ZPublisher.HTTPResponse import HTTPResponse
environ = {}
environ.setdefault("SERVER_NAME", "foo")
environ.setdefault("SERVER_PORT", "80")
environ.setdefault("REQUEST_METHOD", "POST")
request = HTTPRequest(sys.stdin, environ, HTTPResponse(stdout=sys.stdout))
request.form = {"topic": "test subject", "replyto": "[email protected]", "comments": "test comments"}
self.ff1.checkAuthenticator = True
self.assertRaises(zExceptions.Forbidden, self.ff1.fgvalidate, request)
# with authenticator... no error
tag = AuthenticatorView("context", "request").authenticator()
token = tag.split('"')[5]
request.form["_authenticator"] = token
errors = self.ff1.fgvalidate(REQUEST=request)
self.assertEqual(errors, {})
# sneaky GET request
environ["REQUEST_METHOD"] = "GET"
request = HTTPRequest(sys.stdin, environ, HTTPResponse(stdout=sys.stdout))
self.assertRaises(zExceptions.Forbidden, self.ff1.fgvalidate, request)
# bad authenticator
request.form["_authenticator"] = "inauthentic"
request = HTTPRequest(sys.stdin, environ, HTTPResponse(stdout=sys.stdout))
self.assertRaises(zExceptions.Forbidden, self.ff1.fgvalidate, request)示例2: testCSRF
# 需要导入模块: from plone.protect.authenticator import AuthenticatorView [as 别名]
# 或者: from plone.protect.authenticator.AuthenticatorView import split [as 别名]
def testCSRF(self):
""" test CSRF check on data clear """
# create a saver and add a record
self.ff1.invokeFactory('FormSaveDataAdapter', 'saver')
saver = self.ff1.saver
self.ff1.setActionAdapter( ('saver',) )
request = FakeRequest(topic = 'test subject', replyto='[email protected]', comments='test comments')
errors = self.ff1.fgvalidate(REQUEST=request)
self.assertEqual( errors, {} )
# for the rest of this test, we need a bit more serious request simulation
environ = {}
environ.setdefault('SERVER_NAME', 'foo')
environ.setdefault('SERVER_PORT', '80')
environ.setdefault('REQUEST_METHOD', 'POST')
request = HTTPRequest(sys.stdin,
environ,
HTTPResponse(stdout=sys.stdout))
# clearSavedFormInput is part of the API, so it should work if there's no
# request
saver.clearSavedFormInput()
# But, if this is from a form, we should need a valid authenticator
request.form = {'clearSavedFormInput':'1',}
self.assertRaises(zExceptions.Forbidden, saver.clearSavedFormInput, **{'request':request})
# with authenticator... no error
tag = AuthenticatorView('context', 'request').authenticator()
token = tag.split('"')[5]
request.form['_authenticator'] = token
saver.clearSavedFormInput(request=request)示例3: checkAuthenticator
# 需要导入模块: from plone.protect.authenticator import AuthenticatorView [as 别名]
# 或者: from plone.protect.authenticator.AuthenticatorView import split [as 别名]
def checkAuthenticator(self, path, query='', status=200):
credentials = '%s:%s' % (ptc.default_user, ptc.default_password)
path = '/' + self.portal.absolute_url(relative=True) + path
data = StringIO(query)
# without authenticator...
response = self.publish(path=path, basic=credentials, env={},
request_method='POST', stdin=data)
self.assertEqual(response.getStatus(), 403)
# with authenticator...
tag = AuthenticatorView('context', 'request').authenticator()
token = tag.split('"')[5]
data = StringIO(query + '&_authenticator=%s' % token)
response = self.publish(path=path, basic=credentials, env={},
request_method='POST', stdin=data)
self.assertEqual(response.getStatus(), status)示例4: testCSRF
# 需要导入模块: from plone.protect.authenticator import AuthenticatorView [as 别名]
# 或者: from plone.protect.authenticator.AuthenticatorView import split [as 别名]
def testCSRF(self):
""" test csrf protection """
# for this test, we need a bit more serious request simulation
from ZPublisher.HTTPRequest import HTTPRequest
from ZPublisher.HTTPResponse import HTTPResponse
environ = {}
environ.setdefault('SERVER_NAME', 'foo')
environ.setdefault('SERVER_PORT', '80')
environ.setdefault('REQUEST_METHOD', 'POST')
request = HTTPRequest(sys.stdin,
environ,
HTTPResponse(stdout=sys.stdout))
request.form = {
'topic': 'test subject',
'replyto': '[email protected]',
'comments': 'test comments',
}
self.ff1.CSRFProtection = True
self.assertRaises(zExceptions.Forbidden, self.ff1.fgvalidate, request)
# with authenticator... no error
tag = AuthenticatorView('context', 'request').authenticator()
token = tag.split('"')[5]
request.form['_authenticator'] = token
errors = self.ff1.fgvalidate(REQUEST=request)
self.assertEqual(errors, {})
# sneaky GET request
environ['REQUEST_METHOD'] = 'GET'
request = HTTPRequest(sys.stdin,
environ,
HTTPResponse(stdout=sys.stdout))
self.assertRaises(zExceptions.Forbidden, self.ff1.fgvalidate, request)
# bad authenticator
request.form['_authenticator'] = 'inauthentic'
request = HTTPRequest(sys.stdin,
environ,
HTTPResponse(stdout=sys.stdout))
self.assertRaises(zExceptions.Forbidden, self.ff1.fgvalidate, request)