Ejemplo n.º 1
0
    def test_missing_session(self):
        # test check for request is None
        context = {'request': None}
        notification = hijack_notification(context)
        self.assertEqual(notification, '')
        self.assertFalse(is_hijacked(context['request']))

        # test check for missing request.sesssion property
        factory = RequestFactory()
        request = factory.get('/')
        context = {'request': request}
        notification = hijack_notification(context)
        self.assertEqual(notification, '')
        self.assertFalse(is_hijacked(context['request']))

        # test check for request.sesssion == None
        request.session = None
        notification = hijack_notification(context)
        self.assertEqual(notification, '')
        self.assertFalse(is_hijacked(context['request']))

        # test all good
        request.session = {
            'is_hijacked_user': True,
            'display_hijack_warning': True
        }
        notification = hijack_notification(context)
        self.assertTrue(notification != '')
        self.assertTrue(is_hijacked(context['request']))

        # bring it all together: empty MIDDLEWARE ensures request.session is not set
        # and hijack_notification and is_hijacked will be invoked from hello template
        with SettingsOverride(settings, MIDDLEWARE=()):
            response = self.client.get('/hello/')
            self.assertEqual(response.status_code, 200)
Ejemplo n.º 2
0
    def __call__(self, request):
        if request.path.startswith(get_script_prefix() + 'control'
                                   ) and request.user.is_authenticated:
            if is_hijacked(request):
                hijack_history = request.session.get('hijack_history', False)
                hijacker = get_object_or_404(User, pk=hijack_history[0])
                ss = hijacker.get_active_staff_session(
                    request.session.get('hijacker_session'))
                if ss:
                    ss.logs.create(url=request.path,
                                   method=request.method,
                                   impersonating=request.user)
            else:
                ss = request.user.get_active_staff_session(
                    request.session.session_key)
                if ss:
                    ss.logs.create(url=request.path, method=request.method)

        response = self.get_response(request)
        return response
Ejemplo n.º 3
0
    def __call__(self, request):
        if request.path.startswith(get_script_prefix() + 'control') and request.user.is_authenticated:
            if is_hijacked(request):
                hijack_history = request.session.get('hijack_history', False)
                hijacker = get_object_or_404(User, pk=hijack_history[0])
                ss = hijacker.get_active_staff_session(request.session.get('hijacker_session'))
                if ss:
                    ss.logs.create(
                        url=request.path,
                        method=request.method,
                        impersonating=request.user
                    )
            else:
                ss = request.user.get_active_staff_session(request.session.session_key)
                if ss:
                    ss.logs.create(
                        url=request.path,
                        method=request.method
                    )

        response = self.get_response(request)
        return response