def test_compile_keys(self): regex_string = '.*' compiled_regex = re.compile(regex_string) test_compile_dict = {'some_regex': regex_string} cors = CORS() cors._compile_keys(test_compile_dict, ['some_regex']) self.assertEqual(compiled_regex, test_compile_dict['some_regex'])
def test_process_expose_headers(self): fake_req = mock.MagicMock() fake_resp = mock.MagicMock() cors = CORS(expose_headers_list=['test_header']) cors._process_expose_headers(fake_req, fake_resp) fake_resp.append_header.assert_called_once_with( 'access-control-expose-headers', 'test_header')
def test_process_max_age(self): fake_req = mock.MagicMock() fake_resp = mock.MagicMock() cors = CORS(max_age=5) cors._process_max_age(fake_req, fake_resp) fake_resp.set_header.assert_called_once_with('access-control-max-age', 5)
def test_set_allowed_methods(self): fake_resp = mock.MagicMock() allowed_method_list = ['GET'] cors = CORS() cors._set_allowed_methods(fake_resp, allowed_method_list) fake_resp.append_header.assert_called_once_with( 'access-control-allow-methods', 'GET')
def test_cors_disabled(self): self.resource = mock.MagicMock() self.resource.cors_enabled = False cors = CORS() cors.process = mock.Mock() self.simulate_cors_api(cors, '/') self.simulate_post('/') self.assertEquals(cors.process.call_count, 0)
def test_process_origin_return(self): cors = CORS(allow_origins_list=['test.com']) cors._process_origin = mock.Mock(return_value=False) cors._process_credentials = mock.Mock() headers = {'origin': 'rackspace.com'} self.simulate_cors_request(cors, headers=headers, preflight=False) self.assertEqual(cors._process_origin.call_count, 1) self.assertEqual(cors._process_credentials.call_count, 0)
def test_process_origin_regex_none(self): fake_req = mock.MagicMock() fake_resp = mock.MagicMock() cors = CORS() cors._set_allow_origin = mock.Mock() self.assertEqual( cors._process_origin(fake_req, fake_resp, 'rackspace.com'), False) self.assertEqual(cors._set_allow_origin.call_count, 0)
def test_process_origin_allow_regex(self): fake_req = mock.MagicMock() fake_resp = mock.MagicMock() cors = CORS(allow_origins_regex='rack.*\.com') cors._set_allow_origin = mock.Mock() self.assertEqual( cors._process_origin(fake_req, fake_resp, 'rackspace.com'), True) cors._set_allow_origin.assert_called_once_with(fake_resp, 'rackspace.com')
def test_process_credentials_regex(self): fake_req = mock.MagicMock() fake_resp = mock.MagicMock() cors = CORS(allow_credentials_origins_regex='.*\.rackspace\..*') cors._set_allow_credentials = mock.Mock() self.assertEqual( cors._process_credentials(fake_req, fake_resp, 'www.rackspace.com'), True) cors._set_allow_credentials.assert_called_once_with(fake_resp)
def test_vary_origins_called(self): cors = CORS(allow_all_origins=True, allow_credentials_origins_list=['test.com']) cors._set_vary_origin = mock.Mock() origin = self.get_rand_str() headers = {'origin': origin} self.simulate_cors_request(cors, headers=headers, preflight=False) cors._set_vary_origin.assert_called_once_with( self.resource.captured_resp)
def test_process_allow_headers_list_camelcase(self): fake_req = mock.MagicMock() fake_resp = mock.MagicMock() cors = CORS(allow_headers_list=['Content-Type']) cors._set_allowed_headers = mock.Mock() self.assertEqual( cors._process_allow_headers(fake_req, fake_resp, ['Content-Type']), True) cors._set_allowed_headers.assert_called_once_with( fake_resp, ['Content-Type'])
def test_process_origin_deny(self): fake_req = mock.MagicMock() fake_resp = mock.MagicMock() cors = CORS(allow_origins_list=['rackspace.com'], allow_origins_regex='rack.*\.com') cors._set_allow_origin = mock.Mock() self.assertEqual( cors._process_origin(fake_req, fake_resp, 'not_rackspace.com'), False) self.assertEqual(cors._set_allow_origin.call_count, 0)
def test_process_allow_headers_regex(self): fake_req = mock.MagicMock() fake_resp = mock.MagicMock() cors = CORS(allow_headers_regex='.*_header') cors._set_allowed_headers = mock.Mock() self.assertEqual( cors._process_allow_headers(fake_req, fake_resp, ['test_header']), True) cors._set_allowed_headers.assert_called_once_with( fake_resp, ['test_header'])
def test_process_credentials_disallow(self): fake_req = mock.MagicMock() fake_resp = mock.MagicMock() cors = CORS(allow_credentials_origins_list=['not_rackspace'], allow_credentials_origins_regex='.*\.rackspace\..*') cors._set_allow_credentials = mock.Mock() self.assertEqual( cors._process_credentials(fake_req, fake_resp, 'some_other_domain.lan'), False) self.assertEqual(cors._set_allow_credentials.call_count, 0)
def test_process_methods_not_requested(self): fake_req = mock.MagicMock() fake_resp = mock.MagicMock() fake_resource = mock.MagicMock() cors = CORS(allow_all_methods=True) cors._get_requested_method = mock.Mock(return_value=None) cors._set_allowed_methods = mock.Mock() self.assertEqual( cors._process_methods(fake_req, fake_resp, fake_resource), False) self.assertEqual(cors._set_allowed_methods.call_count, 0) cors._get_requested_method.assert_called_once_with(fake_req)
def test_no_requested_method(self): cors = CORS(allow_all_origins=True) cors._get_requested_headers = mock.Mock() cors._process_origin = mock.Mock(return_value=True) headers = {'origin': 'rackspace.com'} self.simulate_cors_request(cors, headers=headers, preflight=True, add_request_method=False) self.assertEqual(cors._process_origin.call_count, 1) self.assertEqual(cors._get_requested_headers.call_count, 0)
def test_method_not_allowed(self): cors = CORS(allow_all_origins=True, allow_methods_list=['GET']) cors._get_requested_headers = mock.Mock(return_value=True) cors._process_allow_headers = mock.Mock() headers = {'origin': 'rackspace.com'} self.simulate_cors_request(cors, headers=headers, preflight=True, preflight_method='POST') self.assertEqual(cors._get_requested_headers.call_count, 1) self.assertEqual(cors._process_allow_headers.call_count, 0)
def test_process_credentials_called(self): cors = CORS(allow_all_origins=True, allow_all_methods=True, allow_all_headers=True) cors._process_methods = mock.Mock(return_value=True) cors._process_credentials = mock.Mock() headers = {'origin': 'rackspace.com'} self.simulate_cors_request(cors, headers=headers, preflight=True) cors._process_credentials.assert_called_once_with( self.resource.captured_req, self.resource.captured_resp, 'rackspace.com')
def test_process_allow_headers_disallow(self): fake_req = mock.MagicMock() fake_resp = mock.MagicMock() cors = CORS(allow_headers_list=['test_header'], allow_headers_regex='.*_header') cors._set_allowed_headers = mock.Mock() self.assertEqual( cors._process_allow_headers(fake_req, fake_resp, ['test_header', 'header_not_allowed']), False) self.assertEqual(cors._set_allowed_headers.call_count, 0)
def test_header_not_allowed(self): cors = CORS(allow_all_origins=True, allow_all_methods=True, allow_headers_list=['test_header']) cors._process_methods = mock.Mock(return_value=True) cors._process_credentials = mock.Mock() headers = { 'origin': 'rackspace.com', 'access-control-request-headers': 'not_allowed_header' } self.simulate_cors_request(cors, headers=headers, preflight=True) self.assertEqual(cors._process_methods.call_count, 1) self.assertEqual(cors._process_credentials.call_count, 0)
def create_app(): cors = CORS(allow_all_origins=True, allow_all_headers=True, allow_all_methods=True) # cors = CORS(allow_all_origins=True, allow_origins_list=ALLOWED_ORIGINS, allow_all_headers=True, allow_all_methods=True) app = falcon.API(middleware=[cors.middleware, auth_middleware]) app.add_route('/auth/login', LoginResource()) app.add_route('/auth/logout', LogoutResource()) app.add_route('/auth/refresh_token', RefreshTokenResource()) app.add_route('/users/me', MeResource()) ModelResource.register_endpoints('/epics', app, EpicResource()) ModelResource.register_endpoints('/projects', app, ProjectResource()) ModelResource.register_endpoints('/roles', app, RolesResource()) ModelResource.register_endpoints('/tasks', app, TaskResource()) ModelResource.register_endpoints('/users', app, UsersResource()) ModelResource.register_endpoints('/user_settings', app, UserSettingResource()) ModelResource.register_endpoints('/user_stories', app, UserStoryResource()) sync_resource = SyncResource() app.add_route('/sync/changes', sync_resource, suffix='changes') app.add_route('/sync/doc/{obj_id}', sync_resource, suffix='doc') app.add_route('/sync/docs', sync_resource, suffix='docs') if DEBUG: app.add_static_route('/assets/i18n', I18N_ASSETS_PATH) return app
def simulate_all_origins(self, preflight=False): cors_config = CORS(allow_all_origins=True, allow_methods_list=['PATCH']) origin = self.get_rand_str() headers = {'origin': origin} result = self.simulate_cors_request(cors_config, headers=headers, preflight=preflight) self.assertEqual(result.headers.get('access-control-allow-origin'), '*') self.assertEqual( result.headers.get('access-control-allow-credentials'), None)
def test_all_origins_credentials(self, preflight=False): cors_config = CORS(allow_all_origins=True, allow_credentials_all_origins=True, allow_all_methods=True) origin = self.get_rand_str() headers = {'origin': origin} result = self.simulate_cors_request(cors_config, headers=headers, preflight=preflight) self.assertEqual(result.headers.get('access-control-allow-origin'), origin) self.assertEqual( result.headers.get('access-control-allow-credentials'), 'true')
def test_process_origin_allow_all(self): fake_req = mock.MagicMock() fake_resp = mock.MagicMock() cors = CORS(allow_all_origins=True) cors._set_allow_origin = mock.Mock() self.assertEqual( cors._process_origin(fake_req, fake_resp, 'rackspace.com'), True) cors._set_allow_origin.assert_called_once_with(fake_resp, '*') cors._set_allow_origin = mock.Mock() cors.supports_credentials = True self.assertEqual( cors._process_origin(fake_req, fake_resp, 'rackspace.com'), True) cors._set_allow_origin.assert_called_once_with(fake_resp, 'rackspace.com')
def test_process_methods_resource(self): fake_req = mock.MagicMock() fake_resp = mock.MagicMock() fake_resource = mock.MagicMock() cors = CORS(allow_all_methods=True) cors._get_requested_method = mock.Mock(return_value='GET') cors._get_resource_methods = mock.Mock(return_value=['POST']) cors._set_allowed_methods = mock.Mock() self.assertEqual( cors._process_methods(fake_req, fake_resp, fake_resource), False) cors._set_allowed_methods.assert_called_once_with(fake_resp, ['POST'])
def test_static_route(self): cors_config = CORS(allow_all_origins=True, allow_credentials_all_origins=True, allow_all_methods=True) origin = self.get_rand_str() headers = {'origin': origin} self.resource = CORSResource() api = falcon.API(middleware=[cors_config.middleware]) api.add_static_route("/static", "/var/www/static") result = testing.simulate_request(api, path="/static/image.png", method="GET", headers=headers) self.assertEqual(result.headers.get('access-control-allow-origin'), origin) self.assertEqual( result.headers.get('access-control-allow-credentials'), 'true')
def test_process_methods_notfound(self): fake_req = mock.MagicMock() fake_resp = mock.MagicMock() fake_resource = mock.MagicMock() cors = CORS(allow_methods_list=['GET', 'POST', 'PUT', 'DELETE']) cors._set_allowed_methods = mock.Mock() cors._get_requested_method = mock.Mock(return_value='POST') cors._get_resource_methods = mock.Mock(return_value=['GET', 'PUT']) self.assertEqual( cors._process_methods(fake_req, fake_resp, fake_resource), False) cors._set_allowed_methods.assert_called_once_with( fake_resp, ['GET', 'PUT'])
#Configuring the logging for the application logging.config.fileConfig(const.LOGGING_CONFIG_FILENAME) #Import mocked resources if MOCKED_SERVER is set if const.MOCKED_SERVER: logging.debug("Importing mocked resources") from .tests.mock_tournaments import Tournaments from .tests.mock_scores import Scores else: logging.debug("Importing real resources") from .resources.tournaments import Tournaments from .resources.scores import Scores from .resources.player import Player cors = CORS(allow_all_origins=True, allow_methods_list=['GET', 'PUT', 'POST'], allow_headers_list=['content-type']) # this is my eth account address address = const.PLAYER_OWN_ADD api = falcon.API(middleware=[cors.middleware]) api.add_route('/api/tournaments', Tournaments(address)) api.add_route('/api/tournaments/{tournament_id}', Tournaments(address), suffix='single') api.add_route('/api/tournaments/{tournament_id}/scores/my', Scores(address), suffix='my') api.add_route('/api/tournaments/{tournament_id}/scores/{player_id}', Scores(address))
def test_set_very_origin(self): fake_resp = mock.MagicMock() cors = CORS() cors._set_vary_origin(fake_resp) fake_resp.append_header.assert_called_once_with('vary', 'origin')
def test_vary_origins_false(self): cors = CORS() self.assertFalse(cors.origins_vary)