class TestAuth: def setup_method(self): self.request = Request(generate_wsgi()) self.auth = Auth(self.request, MockUser()) def test_auth(self): assert self.auth def test_login_user(self): assert isinstance(self.auth.login('*****@*****.**', 'secret'), MockUser) assert self.request.get_cookie('token') def test_get_user(self): assert self.auth.login_by_id(1) assert isinstance(self.auth.user(), MockUser) def test_get_user_returns_false_if_not_loggedin(self): self.auth.login('*****@*****.**', 'wrong_secret') assert self.auth.user() is False def test_logout_user(self): assert isinstance(self.auth.login('*****@*****.**', 'secret'), MockUser) assert self.request.get_cookie('token') self.auth.logout() assert not self.request.get_cookie('token') assert not self.auth.user() def test_login_user_fails(self): assert self.auth.login('*****@*****.**', 'bad_password') is False def test_login_by_id(self): assert isinstance(self.auth.login_by_id(1), MockUser) assert self.request.get_cookie('token') assert self.auth.login_by_id(2) is False def test_login_once_does_not_set_cookie(self): assert isinstance(self.auth.once().login_by_id(1), MockUser) assert self.request.get_cookie('token') is None
class TestCSRFMiddleware: def setup_method(self): self.app = App() self.request = Request(generate_wsgi()) self.view = View(self.app) self.app.bind('Request', self.request) self.request = self.app.make('Request') self.middleware = CsrfMiddleware(self.request, Csrf(self.request), self.view) def test_middleware_shares_correct_input(self): self.middleware.before() assert 'csrf_field' in self.view._shared assert self.view._shared['csrf_field'].startswith( "<input type='hidden' name='__token' value='") def test_middleware_throws_exception_on_post(self): self.request.environ['REQUEST_METHOD'] = 'POST' self.middleware.exempt = [] with pytest.raises(InvalidCSRFToken): self.middleware.before() def test_incoming_token_does_not_throw_exception_with_token(self): self.request.environ['REQUEST_METHOD'] = 'POST' self.request.request_variables.update( {'__token': self.request.get_cookie('csrf_token')}) self.middleware.exempt = [] self.middleware.before() def test_generates_csrf_token(self): assert len(self.middleware.generate_token()) == 30 def test_generates_token_every_request(self): token1 = self.middleware.verify_token() token2 = self.middleware.verify_token() assert len(token1) == 30 assert len(token2) == 30 assert token1 != token2 def test_does_not_generate_token_every_request(self): self.middleware.every_request = False token1 = self.middleware.verify_token() token2 = self.middleware.verify_token() assert len(token1) == 30 assert len(token2) == 30 assert token1 == token2
class TestCookieSigning(unittest.TestCase): def setUp(self): self.secret_key = 'pK1tLuZA8-upZGz-NiSCP_UVt-fxpxd796TaG6-dp8Y=' self.request = Request(generate_wsgi()).key(self.secret_key) def test_set_and_get_cookie(self): self.request.cookie('test', 'testvalue') self.assertEqual(self.request.get_cookie('test'), 'testvalue') def test_set_and_get_multiple_cookies(self): self.request.cookie('cookie1', 'cookie1value') self.request.cookie('cookie2', 'cookie2value') self.assertEqual(self.request.get_cookie('cookie1'), 'cookie1value') self.assertEqual(self.request.get_cookie('cookie2'), 'cookie2value') def test_set_cookie_without_encryption(self): self.request.cookie('notencrypted', 'value', False) self.assertEqual(self.request.get_cookie('notencrypted', False), 'value') def test_set_and_get_cookie_with_no_existing_cookies(self): self.request.environ['HTTP_COOKIE'] = '' self.request.cookie('test', 'testvalue') self.assertEqual(self.request.get_cookie('test'), 'testvalue') def test_set_and_get_cookie_with_existing_cookie(self): self.request.environ['HTTP_COOKIE'] = 'cookie=true' self.request.cookie('test', 'testvalue') self.assertEqual(self.request.get_cookie('test'), 'testvalue') def test_set_and_get_cookie_with_http_only(self): self.request.cookies = [] self.request.cookie('test', 'testvalue', encrypt=False) self.assertEqual(self.request.get_cookie('test', decrypt=False), 'testvalue') self.assertTrue(self.request.get_raw_cookie('test')['httponly']) self.assertIn('/', self.request.get_raw_cookie('test')['path']) self.assertIn('testvalue', self.request.get_raw_cookie('test').value) def test_set_and_get_cookie_without_http_only(self): self.request.cookies = [] self.request.cookie('test', 'testvalue', http_only=False, encrypt=False) self.assertEqual(self.request.get_cookie('test', decrypt=False), 'testvalue') self.assertIn('/', self.request.get_raw_cookie('test')['path']) self.assertIn('testvalue', self.request.get_raw_cookie('test').value)
class TestCookieSigning: def setup_method(self): self.secret_key = 'pK1tLuZA8-upZGz-NiSCP_UVt-fxpxd796TaG6-dp8Y=' self.request = Request(generate_wsgi()).key(self.secret_key) def test_set_and_get_cookie(self): self.request.cookie('test', 'testvalue') assert self.request.get_cookie('test') == 'testvalue' def test_set_and_get_multiple_cookies(self): self.request.cookie('cookie1', 'cookie1value') self.request.cookie('cookie2', 'cookie2value') assert self.request.get_cookie('cookie1') == 'cookie1value' assert self.request.get_cookie('cookie2') == 'cookie2value' def test_set_cookie_without_encryption(self): self.request.cookie('notencrypted', 'value', False) assert self.request.get_cookie('notencrypted', False) == 'value' def test_set_and_get_cookie_with_no_existing_cookies(self): self.request.environ['HTTP_COOKIE'] = '' self.request.cookie('test', 'testvalue') assert self.request.get_cookie('test') == 'testvalue' def test_set_and_get_cookie_with_existing_cookie(self): self.request.environ['HTTP_COOKIE'] = 'cookie=true' self.request.cookie('test', 'testvalue') assert self.request.get_cookie('test') == 'testvalue' def test_set_and_get_cookie_with_http_only(self): self.request.cookies = [] self.request.cookie('test', 'testvalue', encrypt=False) assert self.request.get_cookie('test', decrypt=False) == 'testvalue' assert 'HttpOnly' in self.request.cookies[0][1] assert 'test=testvalue; HttpOnly;Path=/' in self.request.cookies[0][1] def test_set_and_get_cookie_without_http_only(self): self.request.cookies = [] self.request.cookie('test', 'testvalue', http_only=False, encrypt=False) assert self.request.get_cookie('test', decrypt=False) == 'testvalue' assert 'test=testvalue; Path=/' in self.request.cookies[0][1]
def oauthcallback(self, view: View, request: Request, auth: Auth): nylas_access_token = request.input('access_token') nylas_account_id = request.input('account_id') email_address = request.input('email_address') provider = request.input('provider') # a cookie is set so we can identify where the user started the auth process start_page_type = request.get_cookie('callbackpage', decrypt=False) user = auth.user() #we want to treat this as a master token so it doesnt change when auth'ing with different scopes if start_page_type == 'connect_personal': user.access_token = nylas_access_token user.nylas_account_id = nylas_account_id user.save() try: Account.update_or_create( { "user_id": user.id, "nylas_account_id": nylas_account_id, "type": start_page_type }, { "access_token": nylas_access_token, "email": email_address, "nylas_account_id": nylas_account_id, "type": start_page_type, "scopes": start_page_type, "provider": provider, "valid": 1 }) except Exception as e: print(str(e)) return view.render( 'auth.callback', { 'email_address': email_address, 'provider': provider, 'nylas_access_token': nylas_access_token, 'nylas_account_id': nylas_account_id })
class TestRequest: def setup_method(self): self.request = Request(wsgi_request).key( 'NCTpkICMlTXie5te9nJniMj9aVbPM6lsjeq5iDZ0dqY=') def test_request_is_callable(self): """ Request should be callable """ if callable(self.request): assert True def test_request_input_should_return_input_on_get_request(self): assert self.request.input('application') == 'Masonite' assert self.request.input('application', 'foo') == 'Masonite' def test_request_input_should_return_default_when_not_exists(self): assert self.request.input('foo', 'bar') == 'bar' def test_request_all_should_return_params(self): assert self.request.all() == {'application': 'Masonite'} def test_request_all_without_internal_request_variables(self): self.request.request_variables.update({ '__token': 'testing', 'application': 'Masonite' }) assert self.request.all() == { '__token': 'testing', 'application': 'Masonite' } assert self.request.all(internal_variables=False) == { 'application': 'Masonite' } def test_request_has_should_return_bool(self): assert self.request.has('application') == True assert self.request.has('shouldreturnfalse') == False def test_request_has_should_accept_multiple_values(self): self.request.request_variables.update({ '__token': 'testing', 'application': 'Masonite' }) assert self.request.has('application') == True assert self.request.has('shouldreturnfalse') == False assert self.request.has('__token') == True assert self.request.has('__token', 'shouldreturnfalse') == False assert self.request.has('__token', 'application') == True assert self.request.has('__token', 'application', 'shouldreturnfalse') == False def test_request_set_params_should_return_self(self): assert self.request.set_params({'value': 'new'}) == self.request assert self.request.url_params == {'value': 'new'} def test_request_param_returns_parameter_set_or_false(self): self.request.set_params({'value': 'new'}) assert self.request.param('value') == 'new' assert self.request.param('nullvalue') == False def test_request_appends_cookie(self): assert self.request.cookie('appendcookie', 'value') == self.request assert 'appendcookie' in self.request.environ['HTTP_COOKIE'] def test_request_sets_and_gets_cookies(self): self.request.cookie('setcookie', 'value') assert self.request.get_cookie('setcookie') == 'value' def test_request_sets_expiration_cookie_2_months(self): self.request.cookies = [] self.request.cookie('setcookie_expiration', 'value', expires='2 months') time = cookie_expire_time('2 months') assert self.request.get_cookie('setcookie_expiration') == 'value' assert 'Expires={0}'.format(time) in self.request.cookies[0][1] def test_delete_cookie(self): self.request.cookies = [] self.request.cookie('delete_cookie', 'value') assert self.request.get_cookie('delete_cookie') == 'value' self.request.delete_cookie('delete_cookie') assert not self.request.get_cookie('delete_cookie') def test_delete_cookie_with_wrong_key(self): self.request.cookies = [] self.request.cookie('cookie', 'value') self.request.key('wrongkey_TXie5te9nJniMj9aVbPM6lsjeq5iDZ0dqY=') assert self.request.get_cookie('cookie') is None def test_redirect_returns_request(self): assert self.request.redirect('newurl') == self.request assert self.request.redirect_url == '/newurl' def test_request_no_input_returns_false(self): assert self.request.input('notavailable') == False def test_request_mini_field_storage_returns_single_value(self): storages = {'test': [MiniFieldStorage('key', '1')]} self.request._set_standardized_request_variables(storages) assert self.request.input('test') == '1' def test_request_mini_field_storage_doesnt_return_brackets(self): storages = {'test[]': [MiniFieldStorage('key', '1')]} self.request._set_standardized_request_variables(storages) assert self.request.input('test') == '1' def test_request_mini_field_storage_index(self): storages = {'test[index]': [MiniFieldStorage('key', '1')]} self.request._set_standardized_request_variables(storages) assert self.request.input('test[index]') == '1' def test_request_mini_field_storage_with_dot_notation(self): storages = {'test[index]': [MiniFieldStorage('key', '1')]} self.request._set_standardized_request_variables(storages) assert self.request.input('test.index') == '1' def test_request_mini_field_storage_returns_a_list(self): storages = { 'test': [MiniFieldStorage('key', '1'), MiniFieldStorage('key', '2')] } self.request._set_standardized_request_variables(storages) assert self.request.input('test') == ['1', '2'] def test_request_get_cookies_returns_cookies(self): assert self.request.get_cookies() == self.request.cookies def test_request_set_user_sets_object(self): assert self.request.set_user(object) == self.request assert self.request.user_model == object assert self.request.user() == object def test_request_loads_app(self): app = App() app.bind('Request', self.request) app.make('Request').load_app(app) assert self.request.app() == app assert app.make('Request').app() == app def test_request_gets_input_from_container(self): container = App() container.bind('Application', application) container.bind('Providers', providers) container.bind('WSGI', object) container.bind('Environ', wsgi_request) for provider in container.make('Providers').PROVIDERS: container.resolve(provider().load_app(container).register) container.bind('Response', 'test') container.bind('WebRoutes', [ Get().route('url', None), Get().route('url/', None), Get().route('url/@firstname', None), ]) container.bind('Response', 'Route not found. Error 404') for provider in container.make('Providers').PROVIDERS: located_provider = provider().load_app(container) container.resolve(provider().load_app(container).boot) assert container.make('Request').input('application') == 'Masonite' assert container.make('Request').all() == {'application': 'Masonite'} container.make('Request').environ['REQUEST_METHOD'] = 'POST' assert container.make('Request').environ['REQUEST_METHOD'] == 'POST' assert container.make('Request').input('application') == 'Masonite' def test_redirections_reset(self): app = App() app.bind('Request', self.request) app.bind('WebRoutes', WEB_ROUTES) request = app.make('Request').load_app(app) request.redirect('test') assert request.redirect_url == '/test' request.reset_redirections() assert request.redirect_url is False request.redirect_to('test') assert request.redirect_url == '/test' request.reset_redirections() assert request.redirect_url is False def test_request_has_subdomain_returns_bool(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) assert request.has_subdomain() is False assert request.subdomain is None request.environ['HTTP_HOST'] = 'test.localhost.com' request.header('TEST', 'set_this') assert request.header('HTTP_TEST') == 'set_this' request.header('TEST', 'set_this', http_prefix=None) assert request.header('TEST') == 'set_this' def test_redirect_compiles_url(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = '/test/url' assert request.compile_route_to_url(route) == '/test/url' def test_redirect_compiles_url_with_1_slash(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = '/' assert request.compile_route_to_url(route) == '/' def test_request_route_returns_url(self): app = App() app.bind('Request', self.request) app.bind('WebRoutes', [ get('/test/url', None).name('test.url'), get('/test/url/@id', None).name('test.id') ]) request = app.make('Request').load_app(app) assert request.route('test.url') == '/test/url' assert request.route('test.id', {'id': 1}) == '/test/url/1' def test_request_route_returns_full_url(self): app = App() app.bind('Request', self.request) app.bind('WebRoutes', [ get('/test/url', None).name('test.url'), get('/test/url/@id', None).name('test.id') ]) request = app.make('Request').load_app(app) assert request.route('test.url', full=True) == 'http://localhost/test/url' def test_redirect_compiles_url_with_multiple_slashes(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = 'test/url/here' assert request.compile_route_to_url(route) == '/test/url/here' def test_redirect_compiles_url_with_trailing_slash(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = 'test/url/here/' assert request.compile_route_to_url(route) == '/test/url/here/' def test_redirect_compiles_url_with_parameters(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = 'test/@id' params = { 'id': '1', } assert request.compile_route_to_url(route, params) == '/test/1' def test_redirect_compiles_url_with_multiple_parameters(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = 'test/@id/@test' params = { 'id': '1', 'test': 'user', } def test_redirect_compiles_url_with_http(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = "http://google.com" assert request.compile_route_to_url(route) == 'http://google.com' def test_request_gets_correct_header(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) assert request.header('UPGRADE_INSECURE_REQUESTS') == '1' assert request.header('RAW_URI') == '/' assert request.header('NOT_IN') == None def test_request_sets_correct_header(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) request.header('TEST', 'set_this') assert request.header('HTTP_TEST') == 'set_this' request.header('TEST', 'set_this', http_prefix=None) assert request.header('TEST') == 'set_this' def test_request_gets_all_headers(self): app = App() app.bind('Request', Request(wsgi_request)) request = app.make('Request').load_app(app) request.header('TEST1', 'set_this_item') request.header('TEST2', 'set_this_item', http_prefix=None) assert request.get_headers() == [('HTTP_TEST1', 'set_this_item'), ('TEST2', 'set_this_item')] def test_request_sets_status_code(self): app = App() app.bind('Request', self.request) app.bind('StatusCode', '404 Not Found') request = app.make('Request').load_app(app) request.status('200 OK') assert request.get_status_code() == '200 OK' def test_request_sets_request_method(self): wsgi = generate_wsgi() wsgi['QUERY_STRING'] = '__method=PUT' request = Request(wsgi) assert request.has('__method') assert request.input('__method') == 'PUT' assert request.get_request_method() == 'PUT' def test_request_has_should_pop_variables_from_input(self): self.request.request_variables.update({'key1': 'test', 'key2': 'test'}) self.request.pop('key1', 'key2') assert self.request.request_variables == {'application': 'Masonite'} self.request.pop('shouldnotexist') assert self.request.request_variables == {'application': 'Masonite'} self.request.pop('application') assert self.request.request_variables == {} def test_is_named_route(self): app = App() app.bind('Request', self.request) app.bind('WebRoutes', [ get('/test/url', None).name('test.url'), get('/test/url/@id', None).name('test.id') ]) request = app.make('Request').load_app(app) request.path = '/test/url' assert request.is_named_route('test.url') request.path = '/test/url/1' assert request.is_named_route('test.id', {'id': 1}) def test_request_url_from_controller(self): app = App() app.bind('Request', self.request) app.bind('WebRoutes', [ get('/test/url', 'TestController@show').name('test.url'), get('/test/url/@id', 'ControllerTest@show').name('test.id'), get('/test/url/controller/@id', TestController.show).name('test.controller'), ]) request = app.make('Request').load_app(app) assert request.url_from_controller( 'TestController@show') == '/test/url' assert request.url_from_controller('ControllerTest@show', {'id': 1}) == '/test/url/1' assert request.url_from_controller( TestController.show, {'id': 1}) == '/test/url/controller/1' def test_contains_for_path_detection(self): self.request.path = '/test/path' assert self.request.contains('/test/*') assert self.request.contains('/test/path') assert not self.request.contains('/test/wrong') def test_contains_for_path_with_digit(self): self.request.path = '/test/path/1' assert self.request.contains('/test/path/*') assert self.request.contains('/test/path/*:int') def test_contains_for_path_with_digit_and_wrong_contains(self): self.request.path = '/test/path/joe' assert not self.request.contains('/test/path/*:int') def test_contains_for_path_with_alpha_contains(self): self.request.path = '/test/path/joe' assert self.request.contains('/test/path/*:string') def test_contains_multiple_asteriks(self): self.request.path = '/dashboard/user/edit/1' assert self.request.contains('/dashboard/user/*:string/*:int') def test_back_returns_correct_url(self): self.request.path = '/dashboard/create' self.request.back() assert self.request.redirect_url == '/dashboard/create' self.request.back(default='/home') assert self.request.redirect_url == '/home' self.request.request_variables = {'__back': '/login'} self.request.back(default='/home') assert self.request.redirect_url == '/login'
class TestAuth: def setup_method(self): self.container = App() self.app = self.container view = View(self.container) self.request = Request(generate_wsgi()) self.auth = Auth(self.request, MockUser()) self.container.bind('View', view.render) self.container.bind('ViewClass', view) self.app.bind('Application', application) def reset_method(self): self.auth = Auth(self.request, MockUser()) def test_auth(self): assert self.auth def test_login_user(self): assert isinstance(self.auth.login('*****@*****.**', 'secret'), MockUser) assert self.request.get_cookie('token') def test_login_user_with_list_auth_column(self): user = MockUser user.__auth__ = ['email', 'name'] assert isinstance(self.auth.login('testuser123', 'secret'), user) assert self.request.get_cookie('token') def test_get_user(self): assert self.auth.login_by_id(1) assert isinstance(self.auth.user(), MockUser) def test_get_user_returns_false_if_not_loggedin(self): self.auth.login('*****@*****.**', 'wrong_secret') assert self.auth.user() is False def test_logout_user(self): assert isinstance(self.auth.login('*****@*****.**', 'secret'), MockUser) assert self.request.get_cookie('token') self.auth.logout() assert not self.request.get_cookie('token') assert not self.auth.user() def test_login_user_fails(self): assert self.auth.login('*****@*****.**', 'bad_password') is False def test_login_by_id(self): assert isinstance(self.auth.login_by_id(1), MockUser) assert self.request.get_cookie('token') assert self.auth.login_by_id(2) is False def test_login_once_does_not_set_cookie(self): assert isinstance(self.auth.once().login_by_id(1), MockUser) assert self.request.get_cookie('token') is None def test_user_is_mustverify_instance(self): self.auth = Auth(self.request, MockVerifyUser()) assert isinstance(self.auth.once().login_by_id(1), MustVerifyEmail) self.reset_method() assert not isinstance(self.auth.once().login_by_id(1), MustVerifyEmail) def get_user(self, id): return MockVerifyUser() def test_confirm_controller_success(self): self.auth = Auth(self.request, MockVerifyUser()) params = {'id': Sign().sign('{0}::{1}'.format(1, time.time()))} self.request.set_params(params) user = self.auth.once().login_by_id(1) self.request.set_user(user) self.app.bind('Request', self.request) self.app.make('Request').load_app(self.app) # Create the route route = get('/email/verify/@id', ConfirmController.confirm_email) ConfirmController.get_user = self.get_user # Resolve the controller constructor controller = self.app.resolve(route.controller) # Resolve the method response = self.app.resolve( getattr(controller, route.controller_method)) self.reset_method() assert response.rendered_template == 'confirm' def test_confirm_controller_failure(self): self.auth = Auth(self.request, MockVerifyUser()) timestamp_plus_11 = datetime.datetime.now() - datetime.timedelta( minutes=11) params = { 'id': Sign().sign('{0}::{1}'.format(1, timestamp_plus_11.timestamp())) } self.request.set_params(params) user = self.auth.once().login_by_id(1) self.request.set_user(user) self.app.bind('Request', self.request) self.app.make('Request').load_app(self.app) # Create the route route = get('/email/verify/@id', ConfirmController.confirm_email) ConfirmController.get_user = self.get_user # Resolve the controller constructor controller = self.app.resolve(route.controller) # Resolve the method response = self.app.resolve( getattr(controller, route.controller_method)) self.reset_method() assert response.rendered_template == 'error'
def visible(self, request: Request): if request.get_cookie('_real_token'): return True
class TestRequest(unittest.TestCase): def setUp(self): self.app = App() self.request = Request(wsgi_request).key( 'NCTpkICMlTXie5te9nJniMj9aVbPM6lsjeq5iDZ0dqY=').load_app(self.app) self.app.bind('Request', self.request) self.response = Response(self.app) self.app.simple(Response) def test_request_is_callable(self): """ Request should be callable """ self.assertIsInstance(self.request, object) def test_request_input_should_return_input_on_get_request(self): self.assertEqual(self.request.input('application'), 'Masonite') self.assertEqual(self.request.input('application', 'foo'), 'Masonite') def test_request_input_should_return_default_when_not_exists(self): self.assertEqual(self.request.input('foo', 'bar'), 'bar') def test_request_all_should_return_params(self): self.assertEqual(self.request.all(), {'application': 'Masonite'}) def test_request_all_without_internal_request_variables(self): self.request.request_variables.update({ '__token': 'testing', 'application': 'Masonite' }) self.assertEqual(self.request.all(), { '__token': 'testing', 'application': 'Masonite' }) self.assertEqual(self.request.all(internal_variables=False), {'application': 'Masonite'}) def test_request_has_should_return_bool(self): self.assertEqual(self.request.has('application'), True) self.assertEqual(self.request.has('shouldreturnfalse'), False) def test_request_has_should_accept_multiple_values(self): self.request.request_variables.update({ '__token': 'testing', 'application': 'Masonite' }) self.assertEqual(self.request.has('application'), True) self.assertEqual(self.request.has('shouldreturnfalse'), False) self.assertEqual(self.request.has('__token'), True) self.assertEqual(self.request.has('__token', 'shouldreturnfalse'), False) self.assertEqual(self.request.has('__token', 'application'), True) self.assertEqual( self.request.has('__token', 'application', 'shouldreturnfalse'), False) def test_request_set_params_should_return_self(self): self.assertEqual(self.request.set_params({'value': 'new'}), self.request) self.assertEqual(self.request.url_params, {'value': 'new'}) def test_request_param_returns_parameter_set_or_false(self): self.request.set_params({'value': 'new'}) self.assertEqual(self.request.param('value'), 'new') self.assertEqual(self.request.param('nullvalue'), False) def test_request_appends_cookie(self): self.assertEqual(self.request.cookie('appendcookie', 'value'), self.request) assert 'appendcookie' in self.request.environ['HTTP_COOKIE'] def test_request_input_can_get_dictionary_elements(self): self.request.request_variables = { "user": { "address": [{ "id": 1, 'street': 'A Street' }, { "id": 2, 'street': 'B Street' }] } } self.assertEqual(self.request.input('user.address.*.id'), [1, 2]) self.assertEqual(self.request.input('user.address.*.street'), ['A Street', 'B Street']) def test_request_sets_and_gets_cookies(self): self.request.cookie('setcookie', 'value') self.assertEqual(self.request.get_cookie('setcookie'), 'value') def test_request_sets_expiration_cookie_2_months(self): self.request.cookies = [] self.request.cookie('setcookie_expiration', 'value', expires='2 months') time = cookie_expire_time('2 months') self.assertEqual(self.request.get_cookie('setcookie_expiration'), 'value') self.assertEqual( self.request.get_raw_cookie('setcookie_expiration')['expires'], time) def test_delete_cookie(self): self.request.cookies = [] self.request.cookie('delete_cookie', 'value') self.assertEqual(self.request.get_cookie('delete_cookie'), 'value') self.request.delete_cookie('delete_cookie') self.assertFalse(self.request.get_cookie('delete_cookie')) def test_delete_cookie_with_wrong_key(self): self.request.cookies = [] self.request.cookie('cookie', 'value') self.request.key('wrongkey_TXie5te9nJniMj9aVbPM6lsjeq5iDZ0dqY=') self.assertIsNone(self.request.get_cookie('cookie')) def test_redirect_returns_request(self): self.assertEqual(self.request.redirect('newurl'), self.request) self.assertEqual(self.request.redirect_url, '/newurl') def test_request_no_input_returns_false(self): self.assertEqual(self.request.input('notavailable'), False) def test_request_mini_field_storage_returns_single_value(self): storages = {'test': [MiniFieldStorage('key', '1')]} self.request._set_standardized_request_variables(storages) self.assertEqual(self.request.input('test'), '1') def test_request_can_get_string_value(self): storages = {'test': 'value'} self.request._set_standardized_request_variables(storages) self.assertEqual(self.request.input('test'), 'value') def test_request_can_get_list_value(self): storages = {'test': ['foo', 'bar']} self.request._set_standardized_request_variables(storages) self.assertEqual(self.request.input('test'), ['foo', 'bar']) def test_request_mini_field_storage_doesnt_return_brackets(self): storages = {'test[]': [MiniFieldStorage('key', '1')]} self.request._set_standardized_request_variables(storages) self.assertEqual(self.request.input('test'), '1') def test_request_mini_field_storage_index(self): storages = {'test[index]': [MiniFieldStorage('key', '1')]} self.request._set_standardized_request_variables(storages) self.assertEqual(self.request.input('test[index]'), '1') def test_request_mini_field_storage_with_dot_notation(self): storages = {'test[index]': [MiniFieldStorage('key', '1')]} self.request._set_standardized_request_variables(storages) self.assertEqual(self.request.input('test.index'), '1') def test_request_mini_field_storage_returns_a_list(self): storages = { 'test': [MiniFieldStorage('key', '1'), MiniFieldStorage('key', '2')] } self.request._set_standardized_request_variables(storages) self.assertEqual(self.request.input('test'), ['1', '2']) def test_request_get_cookies_returns_cookies(self): self.assertEqual(self.request.get_cookies(), self.request.cookies) def test_request_set_user_sets_object(self): self.assertEqual(self.request.set_user(object), self.request) self.assertEqual(self.request.user_model, object) self.assertEqual(self.request.user(), object) def test_request_loads_app(self): app = App() app.bind('Request', self.request) app.make('Request').load_app(app) self.assertEqual(self.request.app(), app) self.assertEqual(app.make('Request').app(), app) def test_request_gets_input_from_container(self): container = App() container.bind('Application', application) container.bind('Providers', providers) container.bind('WSGI', object) container.bind('Environ', wsgi_request) for provider in container.make('Providers').PROVIDERS: provider().load_app(container).register() container.bind('Response', 'test') container.bind('WebRoutes', [ Get().route('url', 'TestController@show'), Get().route('url/', 'TestController@show'), Get().route('url/@firstname', 'TestController@show'), ]) container.bind('Response', 'Route not found. Error 404') for provider in container.make('Providers').PROVIDERS: located_provider = provider().load_app(container) container.resolve(located_provider.boot) self.assertEqual( container.make('Request').input('application'), 'Masonite') self.assertEqual( container.make('Request').all(), {'application': 'Masonite'}) container.make('Request').environ['REQUEST_METHOD'] = 'POST' self.assertEqual( container.make('Request').environ['REQUEST_METHOD'], 'POST') self.assertEqual( container.make('Request').input('application'), 'Masonite') def test_redirections_reset(self): app = App() app.bind('Request', self.request) app.bind('WebRoutes', WEB_ROUTES) request = app.make('Request').load_app(app) request.redirect('test') self.assertEqual(request.redirect_url, '/test') request.reset_redirections() self.assertFalse(request.redirect_url) request.redirect_to('test') self.assertEqual(request.redirect_url, '/test') request.reset_redirections() self.assertFalse(request.redirect_url) def test_redirect_to_throws_exception_when_no_routes_found(self): app = App() app.bind('Request', self.request) app.bind('WebRoutes', WEB_ROUTES) request = app.make('Request').load_app(app) request.redirect_to('test') request.redirect(name='test') with pytest.raises(RouteException): request.redirect_to('notavailable') with pytest.raises(RouteException): request.redirect(name='notavailable') def test_request_has_subdomain_returns_bool(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) self.assertFalse(request.has_subdomain()) self.assertIsNone(request.subdomain) request.environ['HTTP_HOST'] = 'test.localhost.com' request.header('TEST', 'set_this') self.assertEqual(request.header('TEST'), 'set_this') request.header('TEST', 'set_this', http_prefix=True) self.assertEqual(request.header('HTTP_TEST'), 'set_this') def test_redirect_compiles_url(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = '/test/url' self.assertEqual(request.compile_route_to_url(route), '/test/url') def test_redirect_compiles_url_with_1_slash(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = '/' self.assertEqual(request.compile_route_to_url(route), '/') def test_request_route_returns_url(self): app = App() app.bind('Request', self.request) app.bind('WebRoutes', [ Get('/test/url', 'TestController@show').name('test.url'), Get('/test/url/@id', 'TestController@show').name('test.id') ]) request = app.make('Request').load_app(app) self.assertEqual(request.route('test.url'), '/test/url') self.assertEqual(request.route('test.id', {'id': 1}), '/test/url/1') self.assertEqual(request.route('test.id', [1]), '/test/url/1') with self.assertRaises(RouteException): self.assertTrue(request.route('not.exists', [1])) def test_request_route_returns_url_without_passing_args_with_current_param( self): app = App() app.bind('Request', self.request) app.bind('WebRoutes', [ Get('/test/url', 'TestController@show').name('test.url'), Get('/test/url/@id', 'TestController@show').name('test.id') ]) request = app.make('Request').load_app(app) request.url_params = {'id': 1} assert request.route('test.id') == '/test/url/1' def test_request_redirection(self): app = App() app.bind('Request', self.request) app.bind('WebRoutes', [ Get('/test/url', 'TestController@show').name('test.url'), Get('/test/url/@id', 'TestController@testing').name('test.id'), Get('/test/url/object', TestController.show).name('test.object') ]) request = app.make('Request').load_app(app) self.assertEqual( request.redirect('/test/url/@id', { 'id': 1 }).redirect_url, '/test/url/1') request.redirect_url = None self.assertEqual( request.redirect(name='test.url').redirect_url, '/test/url') request.redirect_url = None self.assertEqual( request.redirect(name='test.id', params={ 'id': 1 }).redirect_url, '/test/url/1') request.redirect_url = None self.assertEqual( request.redirect(controller='TestController@show').redirect_url, '/test/url') request.redirect_url = None self.assertEqual( request.redirect(controller=TestController.show).redirect_url, '/test/url/object') request.redirect_url = None self.assertEqual( request.redirect('some/url').redirect_url, '/some/url') def test_request_route_returns_full_url(self): app = App() app.bind('Request', self.request) app.bind('WebRoutes', [ Get('/test/url', 'TestController@show').name('test.url'), Get('/test/url/@id', 'TestController@show').name('test.id') ]) request = app.make('Request').load_app(app) self.assertEqual(request.route('test.url', full=True), 'http://*****:*****@id' params = { 'id': '1', } self.assertEqual(request.compile_route_to_url(route, params), '/test/1') def test_redirect_compiles_url_with_list_parameters(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = 'test/@id' params = ['1'] self.assertEqual(request.compile_route_to_url(route, params), '/test/1') route = 'test/@id/@user/test/@slug' params = ['1', '2', '3'] self.assertEqual(request.compile_route_to_url(route, params), '/test/1/2/test/3') def test_redirect_compiles_url_with_multiple_parameters(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = 'test/@id/@test' params = { 'id': '1', 'test': 'user', } self.assertEqual(request.compile_route_to_url(route, params), '/test/1/user') def test_request_compiles_custom_route_compiler(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = 'test/@id:signed' params = { 'id': '1', } self.assertEqual(request.compile_route_to_url(route, params), '/test/1') def test_redirect_compiles_url_with_http(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = "http://google.com" self.assertEqual(request.compile_route_to_url(route), 'http://google.com') def test_can_get_nully_value(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) request._set_standardized_request_variables({ "gateway": "RENDIMENTO", "request": { "user": "******" }, "response": None, "description": "test only" }) self.assertEqual(request.input('response'), None) def test_request_gets_correct_header(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) self.assertEqual(request.header('HTTP_UPGRADE_INSECURE_REQUESTS'), '1') self.assertEqual(request.header('RAW_URI'), '/') self.assertEqual(request.header('NOT_IN'), '') self.assertFalse('text/html' in request.header('NOT_IN')) def test_request_sets_correct_header(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) request.header('TEST', 'set_this') self.assertEqual(request.header('TEST'), 'set_this') request.header('TEST', 'set_this', http_prefix=True) self.assertEqual(request.header('HTTP_TEST'), 'set_this') def test_request_cant_set_multiple_headers(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) request.header('TEST', 'test_this') request.header('TEST', 'test_that') self.assertEqual(request.header('TEST'), 'test_that') def test_request_sets_headers_with_dictionary(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) request.header({ 'test_dict': 'test_value', 'test_dict1': 'test_value1' }) self.assertEqual(request.header('test_dict'), 'test_value') self.assertEqual(request.header('test_dict1'), 'test_value1') request.header({ 'test_dict': 'test_value', 'test_dict1': 'test_value1' }, http_prefix=True) self.assertEqual(request.header('HTTP_test_dict'), 'test_value') self.assertEqual(request.header('HTTP_test_dict1'), 'test_value1') def test_request_gets_all_headers(self): app = App() app.bind('Request', Request(wsgi_request)) request = app.make('Request').load_app(app) request.header('TEST1', 'set_this_item') self.assertEqual(request.get_headers(), [('TEST1', 'set_this_item')]) def test_request_sets_str_status_code(self): app = App() app.bind('Request', self.request) app.bind('StatusCode', 'TestController@show') request = app.make('Request').load_app(app) request.status('200 OK') self.assertEqual(request.get_status_code(), '200 OK') def test_request_sets_int_status_code(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) request.status(500) self.assertEqual(request.get_status_code(), '500 Internal Server Error') def test_request_gets_int_status(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) request.status(500) self.assertEqual(request.get_status(), 500) def test_can_get_code_by_value(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) request.status(500) self.assertEqual( request._get_status_code_by_value('500 Internal Server Error'), 500) def test_is_status_code(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) request.status(500) self.assertEqual(request.is_status(500), True) def test_request_sets_invalid_int_status_code(self): with self.assertRaises(InvalidHTTPStatusCode): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) request.status(600) def test_request_sets_request_method(self): wsgi = generate_wsgi() wsgi['QUERY_STRING'] = '__method=PUT' request = Request(wsgi) assert request.has('__method') self.assertEqual(request.input('__method'), 'PUT') self.assertEqual(request.get_request_method(), 'PUT') def test_request_has_should_pop_variables_from_input(self): self.request.request_variables.update({'key1': 'test', 'key2': 'test'}) self.request.pop('key1', 'key2') self.assertEqual(self.request.request_variables, {'application': 'Masonite'}) self.request.pop('shouldnotexist') self.assertEqual(self.request.request_variables, {'application': 'Masonite'}) self.request.pop('application') self.assertEqual(self.request.request_variables, {}) def test_is_named_route(self): app = App() app.bind('Request', self.request) app.bind('WebRoutes', [ Get('/test/url', 'TestController@show').name('test.url'), Get('/test/url/@id', 'TestController@show').name('test.id') ]) request = app.make('Request').load_app(app) request.path = '/test/url' assert request.is_named_route('test.url') request.path = '/test/url/1' assert request.is_named_route('test.id', {'id': 1}) def test_route_exists(self): app = App() app.bind('Request', self.request) app.bind('WebRoutes', [ Get('/test/url', 'TestController@show').name('test.url'), Get('/test/url/@id', 'TestController@show').name('test.id') ]) request = app.make('Request').load_app(app) self.assertEqual(request.route_exists('/test/url'), True) self.assertEqual(request.route_exists('/test/Not'), False) def test_request_url_from_controller(self): app = App() app.bind('Request', self.request) app.bind('WebRoutes', [ Get('/test/url', 'TestController@show').name('test.url'), Get('/test/url/@id', 'ControllerTest@show').name('test.id'), Get('/test/url/controller/@id', TestController.show).name('test.controller'), ]) request = app.make('Request').load_app(app) self.assertEqual(request.url_from_controller('TestController@show'), '/test/url') self.assertEqual( request.url_from_controller('ControllerTest@show', {'id': 1}), '/test/url/1') self.assertEqual( request.url_from_controller(TestController.show, {'id': 1}), '/test/url/controller/1') def test_contains_for_path_detection(self): self.request.path = '/test/path' self.assertTrue(self.request.contains('/test/*')) self.assertTrue(self.request.contains('/test/path')) self.assertFalse(self.request.contains('/test/wrong')) def test_contains_for_multiple_paths(self): self.request.path = '/test/path/5' self.assertTrue(self.request.contains('/test/*')) def test_contains_can_return_string(self): self.request.path = '/test/path/5' self.assertEqual(self.request.contains('/test/*', show='active'), 'active') self.assertEqual(self.request.contains('/test/not', show='active'), '') def test_contains_for_path_with_digit(self): self.request.path = '/test/path/1' self.assertTrue(self.request.contains('/test/path/*')) self.assertTrue(self.request.contains('/test/path/*:int')) def test_contains_for_path_with_digit_and_wrong_contains(self): self.request.path = '/test/path/joe' self.assertFalse(self.request.contains('/test/path/*:int')) def test_contains_for_path_with_alpha_contains(self): self.request.path = '/test/path/joe' self.assertTrue(self.request.contains('/test/path/*:string')) def test_contains_for_route_compilers(self): self.request.path = '/test/path/joe' self.assertTrue(self.request.contains('/test/path/*:signed')) def test_contains_multiple_asteriks(self): self.request.path = '/dashboard/user/edit/1' self.assertTrue( self.request.contains('/dashboard/user/*:string/*:int')) def test_request_can_get_input_as_properties(self): self.request.request_variables = {'test': 'hey'} self.assertEqual(self.request.test, 'hey') self.assertEqual(self.request.input('test'), 'hey') def test_request_can_get_param_as_properties(self): self.request.url_params = {'test': 'hey'} self.assertEqual(self.request.test, 'hey') self.assertEqual(self.request.param('test'), 'hey') def test_back_returns_correct_url(self): self.request.path = '/dashboard/create' self.request.back() self.assertEqual(self.request.redirect_url, '/dashboard/create') self.request.back(default='/home') self.assertEqual(self.request.redirect_url, '/home') self.request.request_variables = {'__back': '/login'} self.request.back(default='/home') self.assertEqual(self.request.redirect_url, '/login') def test_request_without(self): self.request.request_variables.update({ '__token': 'testing', 'application': 'Masonite' }) self.assertEqual(self.request.without('__token'), {'application': 'Masonite'}) def test_request_only_returns_specified_values(self): self.request.request_variables.update({ '__token': 'testing', 'application': 'Masonite' }) self.assertEqual(self.request.only('application'), {'application': 'Masonite'}) self.assertEqual(self.request.only('__token'), {'__token': 'testing'}) def test_request_gets_only_clean_output(self): self.request._set_standardized_request_variables( {'key': '<img """><script>alert(\'hey\')</script>">'}) self.assertEqual( self.request.input('key'), '<img """><script>alert('hey')</script>">' ) self.assertEqual(self.request.input('key', clean=False), '<img """><script>alert(\'hey\')</script>">') def test_request_cleans_all_optionally(self): self.request._set_standardized_request_variables( {'key': '<img """><script>alert(\'hey\')</script>">'}) self.assertEqual( self.request.all()['key'], '<img """><script>alert('hey')</script>">' ) self.assertEqual( self.request.all(clean=False)['key'], '<img """><script>alert(\'hey\')</script>">') def test_request_gets_input_with_dotdict(self): self.request.request_variables = { "key": { "user": "******", "name": "Joe", "address": { "street": "address 1" } } } self.assertEqual( self.request.input('key')['address']['street'], 'address 1') self.assertEqual(self.request.input('key.address.street'), 'address 1') self.assertEqual(self.request.input('key.'), False) self.assertEqual(self.request.input('key.user'), '1') self.assertEqual(self.request.input('key.nothing'), False) self.assertEqual(self.request.input('key.nothing', default='test'), 'test')
class TestAuth(TestCase): """Start and rollback transactions for this test """ transactions = True def setUp(self): super().setUp() self.container = App() self.app = self.container self.app.bind('Container', self.app) view = View(self.container) self.request = Request(generate_wsgi()) self.request.key(application.KEY) self.app.bind('Request', self.request) # self.auth = Auth(self.request, MockUser()) self.container.bind('View', view.render) self.container.bind('ViewClass', view) self.app.bind('Application', application) self.app.bind('Auth', Auth) self.app.bind('AuthConfig', auth) self.app.bind('AuthManager', AuthManager) self.app.bind('AuthCookieDriver', AuthCookieDriver) self.app.bind('AuthJwtDriver', AuthJwtDriver) self.auth = self.app.make('Auth', User) self.request.load_app(self.app) def setUpFactories(self): User.create({ 'name': 'testuser123', 'email': '*****@*****.**', 'password': bcrypt_password('secret'), 'second_password': bcrypt_password('pass123'), }) def test_auth(self): self.assertTrue(self.auth) def test_login_user(self): for driver in ('cookie', 'jwt'): self.auth.driver = driver self.assertTrue(self.auth.login('*****@*****.**', 'secret')) self.assertTrue(self.request.get_cookie('token')) self.assertEqual(self.auth.user().name, 'testuser123') def test_login_with_no_password(self): with self.assertRaises(TypeError): for driver in ('cookie', 'jwt'): self.auth.driver = driver self.assertTrue(self.auth.login('*****@*****.**', None)) # def test_can_login_with_second_password(self): # self.auth.auth_model.__password__ = 'second_password' # self.assertTrue(self.auth.login('*****@*****.**', 'pass123')) # self.assertTrue(self.request.get_cookie('token')) def test_login_user_with_list_auth_column(self): for driver in ('cookie', 'jwt'): self.auth.driver = driver self.auth.auth_model.__auth__ = ['name', 'email'] self.assertTrue(self.auth.login('testuser123', 'secret')) self.assertTrue(self.request.get_cookie('token')) def test_can_register(self): self.auth.register({ 'name': 'Joe', 'email': '*****@*****.**', 'password': '******' }) for driver in ('cookie', 'jwt'): self.auth.driver = driver self.assertTrue(User.where('email', '*****@*****.**').first()) self.assertNotEqual(User.where('email', '*****@*****.**').first().password, 'secret') def test_get_user(self): for driver in ('cookie', 'jwt'): self.auth.driver = driver self.assertTrue(self.auth.login_by_id(1)) def test_get_user_returns_false_if_not_loggedin(self): for driver in ('cookie', 'jwt'): self.auth.driver = driver self.auth.login('*****@*****.**', 'wrong_secret') self.assertFalse(self.auth.user()) def test_logout_user(self): for driver in ('cookie', 'jwt'): self.auth.driver = driver self.auth.login('*****@*****.**', 'secret') self.assertTrue(self.request.get_cookie('token')) self.assertTrue(self.auth.user()) self.auth.logout() self.assertFalse(self.request.get_cookie('token')) self.assertFalse(self.auth.user()) def test_login_user_fails(self): for driver in ('cookie', 'jwt'): self.auth.driver = driver self.assertFalse(self.auth.login('*****@*****.**', 'bad_password')) def test_login_user_success(self): for driver in ('cookie', 'jwt'): self.auth.driver = driver self.assertTrue(self.auth.login('*****@*****.**', 'secret')) def test_login_by_id(self): for driver in ('cookie', 'jwt'): self.auth.driver = driver self.assertTrue(self.auth.login_by_id(1)) self.assertTrue(self.request.get_cookie('token')) self.assertFalse(self.auth.login_by_id(3)) def test_login_once_does_not_set_cookie(self): for driver in ('cookie', 'jwt'): self.auth.driver = driver self.assertTrue(self.auth.once().login_by_id(1)) self.assertIsNone(self.request.get_cookie('token')) # def test_user_is_mustverify_instance(self): # self.assertIsInstance(self.auth.once().login_by_id(1), MustVerifyEmail) # self.assertNotIsInstance(self.auth.once().login_by_id(1), MustVerifyEmail) def test_confirm_controller_success(self): for driver in ('jwt', 'cookie'): self.auth.driver = driver params = {'id': Sign().sign('{0}::{1}'.format(1, time.time()))} self.request.set_params(params) user = self.auth.once().login_by_id(1) self.request.set_user(user) self.app.bind('Request', self.request) self.app.make('Request').load_app(self.app) # Create the route route = Get('/email/verify/@id', ConfirmController.confirm_email) ConfirmController.get_user = User # Resolve the controller constructor controller = self.app.resolve(route.controller) # Resolve the method response = self.app.resolve(getattr(controller, route.controller_method)) self.assertEqual(response.rendered_template, 'confirm') self.refreshDatabase() def test_confirm_controller_failure(self): for driver in ('cookie', 'jwt'): self.auth.driver = driver timestamp_plus_11 = datetime.datetime.now() - datetime.timedelta(minutes=11) params = {'id': Sign().sign('{0}::{1}'.format(1, timestamp_plus_11.timestamp()))} self.request.set_params(params) user = self.auth.once().login_by_id(1) self.request.set_user(user) self.app.bind('Request', self.request) self.app.make('Request').load_app(self.app) # Create the route route = Get('/email/verify/@id', ConfirmController.confirm_email) ConfirmController.get_user = User # Resolve the controller constructor controller = self.app.resolve(route.controller) # Resolve the method response = self.app.resolve(getattr(controller, route.controller_method)) self.assertEqual(response.rendered_template, 'error')
class TestCSRFMiddleware: def setup_method(self): self.app = App() wsgi = generate_wsgi() self.request = Request(wsgi) self.route = Route().load_environ(wsgi) self.view = View(self.app) self.app.bind('Request', self.request) self.request = self.app.make('Request') self.app.bind('WebRoutes', [ Get().route('/test/@route', None), Get().route('/test/10', None), ]) self.request.container = self.app self.middleware = CsrfMiddleware(self.request, Csrf(self.request), self.view) def test_middleware_shares_correct_input(self): self.middleware.before() assert 'csrf_field' in self.view._shared assert self.view._shared['csrf_field'].startswith( "<input type='hidden' name='__token' value='") def test_middleware_throws_exception_on_post(self): self.request.environ['REQUEST_METHOD'] = 'POST' self.request.path = '/' self.middleware.exempt = [] with pytest.raises(InvalidCSRFToken): self.middleware.before() def test_middleware_can_accept_param_route(self): self.request.environ['REQUEST_METHOD'] = 'POST' self.request.path = '/test/1' self.middleware.exempt = ['/test/@route'] self.middleware.before() def test_middleware_can_exempt(self): self.request.environ['REQUEST_METHOD'] = 'POST' self.request.path = '/test/1' self.middleware.exempt = ['/test/1'] self.middleware.before() def test_middleware_throws_exeption_on_wrong_route(self): self.request.environ['REQUEST_METHOD'] = 'POST' self.request.path = '/test/10' self.middleware.exempt = ['/test/2'] with pytest.raises(InvalidCSRFToken): self.middleware.before() def test_incoming_token_does_not_throw_exception_with_token(self): self.request.environ['REQUEST_METHOD'] = 'POST' self.request.request_variables.update( {'__token': self.request.get_cookie('csrf_token')}) self.middleware.exempt = [] self.middleware.before() def test_generates_csrf_token(self): assert len(self.middleware.generate_token()) == 30 def test_generates_token_every_request(self): token1 = self.middleware.verify_token() token2 = self.middleware.verify_token() assert len(token1) == 30 assert len(token2) == 30 assert token1 != token2 def test_does_not_generate_token_every_request(self): self.middleware.every_request = False token1 = self.middleware.verify_token() token2 = self.middleware.verify_token() assert len(token1) == 30 assert len(token2) == 30 assert token1 == token2
def swap_back_to_user(self, request: Request): if request.get_cookie('_real_token'): request.cookie('token', request.get_cookie('_real_token')) request.delete_cookie('_real_token') return request.redirect('/dashboard')
def login_as_user(self, request: Request): if not request.get_cookie('_real_token'): request.cookie('_real_token', request.get_cookie('token')) Auth(request).login_by_id(request.input('user')) return request.redirect('/dashboard')
class TestRequest: def setup_method(self): self.request = Request(wsgi_request).key( 'NCTpkICMlTXie5te9nJniMj9aVbPM6lsjeq5iDZ0dqY=') def test_request_is_callable(self): """ Request should be callable """ if callable(self.request): assert True def test_request_input_should_return_input_on_get_request(self): assert self.request.input('application') == 'Masonite' def test_request_all_should_return_params(self): assert self.request.all() == {'application': 'Masonite'} def test_request_all_without_internal_request_variables(self): self.request.request_variables.update({'__token': 'testing', 'application': 'Masonite'}) assert self.request.all() == {'__token': 'testing', 'application': 'Masonite'} assert self.request.all(internal_variables=False) == {'application': 'Masonite'} def test_request_has_should_return_bool(self): assert self.request.has('application') == True assert self.request.has('shouldreturnfalse') == False def test_request_set_params_should_return_self(self): assert self.request.set_params({'value': 'new'}) == self.request assert self.request.url_params == {'value': 'new'} def test_request_param_returns_parameter_set_or_false(self): self.request.set_params({'value': 'new'}) assert self.request.param('value') == 'new' assert self.request.param('nullvalue') == False def test_request_appends_cookie(self): assert self.request.cookie('appendcookie', 'value') == self.request assert 'appendcookie' in self.request.environ['HTTP_COOKIE'] def test_request_sets_and_gets_cookies(self): self.request.cookie('setcookie', 'value') assert self.request.get_cookie('setcookie') == 'value' def test_request_sets_expiration_cookie_2_months(self): self.request.cookies = [] self.request.cookie('setcookie_expiration', 'value', expires='2 months') time = cookie_expire_time('2 months') assert self.request.get_cookie('setcookie_expiration') == 'value' assert 'Expires={0}'.format(time) in self.request.cookies[0][1] def test_delete_cookie(self): self.request.cookies = [] self.request.cookie('delete_cookie', 'value') assert self.request.get_cookie('delete_cookie') == 'value' self.request.delete_cookie('delete_cookie') assert not self.request.get_cookie('delete_cookie') def test_delete_cookie_with_wrong_key(self): self.request.cookies = [] self.request.cookie('cookie', 'value') self.request.key('wrongkey_TXie5te9nJniMj9aVbPM6lsjeq5iDZ0dqY=') assert self.request.get_cookie('cookie') is None def test_redirect_returns_request(self): assert self.request.redirect('newurl') == self.request assert self.request.redirect_url == '/newurl' def test_request_no_input_returns_false(self): assert self.request.input('notavailable') == False def test_request_get_cookies_returns_cookies(self): assert self.request.get_cookies() == self.request.cookies def test_request_set_user_sets_object(self): assert self.request.set_user(object) == self.request assert self.request.user_model == object assert self.request.user() == object def test_request_loads_app(self): app = App() app.bind('Request', self.request) app.make('Request').load_app(app) assert self.request.app() == app assert app.make('Request').app() == app def test_request_gets_input_from_container(self): container = App() container.bind('Application', application) container.bind('Providers', providers) container.bind('WSGI', object) container.bind('Environ', wsgi_request) for provider in container.make('Providers').PROVIDERS: container.resolve(provider().load_app(container).register) container.bind('Response', 'test') container.bind('WebRoutes', [ Get().route('url', None), Get().route('url/', None), Get().route('url/@firstname', None), ]) container.bind('Response', 'Route not found. Error 404') for provider in container.make('Providers').PROVIDERS: located_provider = provider().load_app(container) container.resolve(provider().load_app(container).boot) assert container.make('Request').input('application') == 'Masonite' assert container.make('Request').all() == {'application': 'Masonite'} container.make('Request').environ['REQUEST_METHOD'] = 'POST' assert container.make('Request').environ['REQUEST_METHOD'] == 'POST' assert container.make('Request').input('application') == 'Masonite' def test_redirections_reset(self): app = App() app.bind('Request', self.request) app.bind('WebRoutes', WEB_ROUTES) request = app.make('Request').load_app(app) request.redirect('test') assert request.redirect_url == '/test' request.reset_redirections() assert request.redirect_url is False request.redirect_to('test') assert request.redirect_url == '/test' request.reset_redirections() assert request.redirect_url is False def test_request_has_subdomain_returns_bool(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) assert request.has_subdomain() is False assert request.subdomain is None request.environ['HTTP_HOST'] = 'test.localhost.com' request.header('TEST', 'set_this') assert request.header('HTTP_TEST') == 'set_this' request.header('TEST', 'set_this', http_prefix = None) assert request.header('TEST') == 'set_this' def test_redirect_compiles_url(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = '/test/url' assert request.compile_route_to_url(route) == '/test/url' def test_redirect_compiles_url_with_1_slash(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = '/' assert request.compile_route_to_url(route) == '/' def test_redirect_compiles_url_with_multiple_slashes(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = 'test/url/here' assert request.compile_route_to_url(route) == '/test/url/here' def test_redirect_compiles_url_with_trailing_slash(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = 'test/url/here/' assert request.compile_route_to_url(route) == '/test/url/here/' def test_redirect_compiles_url_with_parameters(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = 'test/@id' params = { 'id': '1', } assert request.compile_route_to_url(route, params) == '/test/1' def test_redirect_compiles_url_with_multiple_parameters(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = 'test/@id/@test' params = { 'id': '1', 'test': 'user', } def test_redirect_compiles_url_with_http(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) route = "http://google.com" assert request.compile_route_to_url(route) == 'http://google.com' def test_request_gets_correct_header(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) assert request.header('UPGRADE_INSECURE_REQUESTS') == '1' assert request.header('RAW_URI') == '/' assert request.header('NOT_IN') == None def test_request_sets_correct_header(self): app = App() app.bind('Request', self.request) request = app.make('Request').load_app(app) request.header('TEST', 'set_this') assert request.header('HTTP_TEST') == 'set_this' request.header('TEST', 'set_this', http_prefix = None) assert request.header('TEST') == 'set_this' def test_request_gets_all_headers(self): app = App() app.bind('Request', Request(wsgi_request)) request = app.make('Request').load_app(app) request.header('TEST1', 'set_this_item') request.header('TEST2', 'set_this_item', http_prefix = None) assert request.get_headers() == [('HTTP_TEST1', 'set_this_item'), ('TEST2', 'set_this_item')] def test_request_sets_status_code(self): app = App() app.bind('Request', self.request) app.bind('StatusCode', '404 Not Found') request = app.make('Request').load_app(app) request.status('200 OK') assert request.get_status_code() == '200 OK' def test_request_sets_request_method(self): wsgi = generate_wsgi() wsgi['QUERY_STRING'] = '__method=PUT' request = Request(wsgi) assert request.has('__method') assert request.input('__method') == 'PUT' assert request.get_request_method() == 'PUT'