def test_process_request_invalid_cookie(self):
request = Mock()
request.COOKIES = {
FEATURE_FLAG_COOKIE_NAME: 1,
}
request.get_signed_cookie.side_effect = ValueError
assert self.middleware.process_request(request) is None
assert request.{{ cookiecutter.project_name }}_feature_flags == set()
request.get_signed_cookie.assert_called_once_with(FEATURE_FLAG_COOKIE_NAME)
def test_process_request_valid_cookie(self):
request = Mock()
request.COOKIES = {
FEATURE_FLAG_COOKIE_NAME: 1,
}
request.get_signed_cookie.return_value = 1
assert self.middleware.process_request(request) is None
assert request.{{ cookiecutter.project_name }}_feature_flags == {FeatureFlag.EXAMPLE_FEATURE}
request.get_signed_cookie.assert_called_once_with(FEATURE_FLAG_COOKIE_NAME)
def test_process_request_invalid_cookie(self):
request = Mock()
request.COOKIES = {
FEATURE_FLAG_COOKIE_NAME: 1,
}
request.get_signed_cookie.side_effect = ValueError
assert self.middleware.process_request(request) is None
assert request.ocw_studio_feature_flags == set()
request.get_signed_cookie.assert_called_once_with(
FEATURE_FLAG_COOKIE_NAME)
def test_token_from_cookie(self):
request = Mock()
request.COOKIES = {
RidiOAuth2Config.get_access_token_cookie_key(): 'this-is-access-token',
RidiOAuth2Config.get_refresh_token_cookie_key(): 'this-is-refresh-token'
}
token = get_token_from_cookie(request=request)
self.assertEqual(token.access_token.token, 'this-is-access-token')
self.assertEqual(token.refresh_token.token, 'this-is-refresh-token')
def test_login_and_loose_token(self):
request = Mock()
request.COOKIES = {
RidiOAuth2Config.get_access_token_cookie_key(): self.loose_token,
}
response = self.middleware.process_request(request=request)
self.assertIsNone(response, HttpUnauthorizedResponse)
self.assertIsInstance(request.user, AnonymousUser)
self.assertFalse(request.user.is_authenticated)
def test_cookie_monitoring_no_cookies(self, mock_set_custom_attribute, mock_capture_cookie_sizes):
mock_capture_cookie_sizes.is_enabled.return_value = True
middleware = CookieMonitoringMiddleware()
mock_request = Mock()
mock_request.COOKIES = {}
middleware.process_request(mock_request)
mock_set_custom_attribute.assert_has_calls([call('cookies_total_size', 0)], any_order=True)
def test_login_and_not_expire(self):
request = Mock()
request.COOKIES = {
RidiOAuth2Config.get_access_token_cookie_key(): self.valid_token,
}
response = self.middleware.process_request(request=request)
self.assertIsNone(response)
self.assertTrue(request.user.is_authenticated)
self.assertIsInstance(request.user, get_user_model())
self.assertEqual(request.user.u_idx, request.user.token_info.u_idx)
def test_process_request_valid_cookie(self):
request = Mock()
request.COOKIES = {
FEATURE_FLAG_COOKIE_NAME: 1,
}
request.get_signed_cookie.return_value = 1
assert self.middleware.process_request(request) is None
assert request.course_catalog_feature_flags == {
FeatureFlag.EXAMPLE_FEATURE
}
request.get_signed_cookie.assert_called_once_with(
FEATURE_FLAG_COOKIE_NAME)
def test_login(self):
request = Mock()
request.COOKIES = {
RidiOAuth2Config.get_access_token_cookie_key():
jwt.encode(payload=self.jwt_payload,
key='dummy_jwt_secret').decode(),
}
self.middleware.process_request(request)
response = self.dummy_view(None, request)
self.assertIsInstance(response, HttpResponse)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.content.decode(), 'success')
def test_cookie_monitoring(self, mock_set_custom_attribute, mock_capture_cookie_sizes):
mock_capture_cookie_sizes.is_enabled.return_value = True
middleware = CookieMonitoringMiddleware()
mock_request = Mock()
mock_request.COOKIES = {
"a": "." * 100,
"_b": "." * 13,
"_c_": "." * 13,
"a.b": "." * 10,
"a.c": "." * 10,
"b.": "." * 13,
"b_a": "." * 15,
"b_c": "." * 15,
"d": "." * 3,
}
middleware.process_request(mock_request)
mock_set_custom_attribute.assert_has_calls([
call('cookies.1.name', 'a'),
call('cookies.1.size', 100),
call('cookies.2.name', 'b_a'),
call('cookies.2.size', 15),
call('cookies.3.name', 'b_c'),
call('cookies.3.size', 15),
call('cookies.4.name', '_b'),
call('cookies.4.size', 13),
call('cookies.5.name', '_c_'),
call('cookies.5.size', 13),
call('cookies.6.name', 'b.'),
call('cookies.6.size', 13),
call('cookies.7.name', 'a.b'),
call('cookies.7.size', 10),
call('cookies.8.name', 'a.c'),
call('cookies.8.size', 10),
call('cookies.group.1.name', 'b'),
call('cookies.group.1.size', 43),
call('cookies.group.2.name', 'a'),
call('cookies.group.2.size', 20),
call('cookies.max.name', 'a'),
call('cookies.max.size', 100),
call('cookies.max.group.name', 'a'),
call('cookies.max.group.size', 100),
call('cookies_total_size', 192),
call('cookies_unaccounted_size', 3),
call('cookies_total_num', 9),
], any_order=True)
def test_not_exists_token_info(self):
request = Mock()
request.COOKIES = {
RidiOAuth2Config.get_access_token_cookie_key():
jwt.encode(payload=self.jwt_payload,
key='dummy_jwt_secret').decode(),
}
self.middleware.process_request(request)
del request.user.token_info
response1 = self.dummy_view(None, request)
self.assertIsNone(getattr(request.user, 'token_info', None))
self.assertIsInstance(response1, HttpUnauthorizedResponse)
self.assertEqual(response1.status_code, 401)
def test_restriction_scope_with_custom_response(self):
request = Mock()
request.COOKIES = {
RidiOAuth2Config.get_access_token_cookie_key():
jwt.encode(payload=self.jwt_loose_payload,
key='dummy_jwt_secret').decode(),
}
self.middleware.process_request(request)
response = self.dummy_view_with_custom_response(None, request)
self.assertIn('user_info', request.user.token_info.scope)
self.assertIsInstance(response, HttpResponse)
self.assertEqual(response.content, b'tetete')
self.assertEqual(response.status_code, 200)
def _build_request(
self, method: str, path: str, data: Dict, request_params: Any
) -> Mock:
request = Mock()
request.method = method
request.path = path
request.body = ""
request.COOKIES = {}
request._dont_enforce_csrf_checks = True
request.is_secure.return_value = False
request.build_absolute_uri = build_absolute_uri
if "user" not in request_params:
request.user.is_authenticated = False
request.META = request_params.pop("META", {})
request.FILES = request_params.pop("FILES", {})
request.META.update(
dict(
[
(f"HTTP_{k.replace('-', '_')}", v)
for k, v in request_params.pop("headers", {}).items()
]
)
)
if django.VERSION[:2] > (2, 1):
from django.http.request import HttpHeaders
request.headers = HttpHeaders(request.META)
if isinstance(data, QueryDict):
request.POST = data
else:
request.POST = QueryDict(mutable=True)
for k, v in data.items():
request.POST[k] = v
if "?" in path:
request.GET = QueryDict(path.split("?")[1])
else:
request.GET = QueryDict()
for k, v in request_params.items():
setattr(request, k, v)
return request
def prepare_request_mock(
self,
data=None,
referer='http://localhost/user_with_workspaces/public-workspace',
user=None,
extra_headers={},
GET=''):
request = Mock()
request.get_host.return_value = 'localhost'
GET_PARAMETERS = parse_qsl(GET)
request.GET = MagicMock()
request.GET.__len__.side_effect = lambda: len(GET_PARAMETERS)
request.GET.__getitem__.side_effect = lambda key: GET_PARAMETERS[key]
request.GET.urlencode.side_effect = lambda: GET
request.COOKIES = {
settings.SESSION_COOKIE_NAME: 'test',
}
request.META = {
'HTTP_ACCEPT': 'application/json',
'SERVER_PROTOCOL': 'http',
'REMOTE_ADDR': '127.0.0.1',
'HTTP_HOST': 'localhost',
'HTTP_REFERER': referer,
}
if data is not None:
request.method = 'POST'
data = data.encode('utf-8')
request.META['content_type'] = 'application/json'
request.META['content_length'] = len(data)
request.read.return_value = data
else:
request.method = 'GET'
request.META['HTTP_FIWARE_OAUTH_TOKEN'] = 'true'
request.META.update(extra_headers)
if user is None:
request.user = self.admin_mock
else:
request.user = user
return request
def test_restriction_scope(self):
request = Mock()
request.COOKIES = {
RidiOAuth2Config.get_access_token_cookie_key():
jwt.encode(payload=self.jwt_loose_payload,
key='dummy_jwt_secret').decode(),
}
self.middleware.process_request(request)
response1 = self.dummy_view1(None, request)
response2 = self.dummy_view2(None, request)
self.assertIn('user_info', request.user.token_info.scope)
self.assertIsInstance(response1, HttpResponse)
self.assertEqual(response1.status_code, 200)
self.assertEqual(response1.content.decode(), 'success1')
self.assertIsInstance(response2, HttpResponseForbidden)
self.assertEqual(response2.status_code, 403)
def test_cookie_monitoring_no_groups(self, mock_set_custom_attribute, mock_capture_cookie_sizes):
mock_capture_cookie_sizes.is_enabled.return_value = True
middleware = CookieMonitoringMiddleware()
mock_request = Mock()
mock_request.COOKIES = {
"a": "." * 10,
"b": "." * 15,
}
middleware.process_request(mock_request)
mock_set_custom_attribute.assert_has_calls([
call('cookies.max.name', 'b'),
call('cookies.max.size', 15),
call('cookies.1.name', 'b'),
call('cookies.1.size', 15),
call('cookies.2.name', 'a'),
call('cookies.2.size', 10),
call('cookies_total_size', 25),
], any_order=True)
def test_all_scope(self):
request = Mock()
request.COOKIES = {
RidiOAuth2Config.get_access_token_cookie_key():
jwt.encode(self.jwt_payload,
self.private_key,
algorithm='RS256',
headers=self.headers).decode(),
}
with requests_mock.Mocker() as m:
m.get(
RidiOAuth2Config.get_key_url(),
text=json.dumps({
'keys': [{
'kid': 'RS999',
"alg": "RS256",
"kty": "RSA",
"use": "sig",
"n":
"1rL5PCEv2PaAASaGldzfnlo0MiMCglC-eFxYHgUfa6a7qJhjo0QX8LeAelBlQpMCAMVGX33jUJ2FCCP_QDk3NIu74AgP7F3Z7IdmVvOfkt2myF1n3ZDyCHKdyi7MnOBtHIQCqQRGZ4XH2Ss5bmg_FuplBFT82e14UVmZx4kP-HwDjaSpvYHoTr3b5j20Ebx7aIy_SVrWeY0wxeAdFf-EOuEBQ-QIIe5Npd49gzq4CGHeNJlPQjs0EjMZFtPutCrIRSoEaLwccKQEIHcMSbsBLCJIJ5OuTmtK2WaSh7VYCrJsCbPh5tYKF6akN7TSOtDwGQVKwJjjOsxkPdYXNoAnIQ==",
"e": "AQAB",
}]
}))
self.middleware.process_request(request=request)
response1 = self.dummy_view1(None, request)
response2 = self.dummy_view2(None, request)
self.assertIn('all', request.user.token_info.scope)
self.assertIsInstance(response1, HttpResponse)
self.assertEqual(response1.status_code, 200)
self.assertEqual(response1.content.decode(), 'success1')
self.assertIsInstance(response2, HttpResponse)
self.assertEqual(response2.status_code, 200)
self.assertEqual(response2.content.decode(), 'success2')
def test_not_login(self):
request = Mock()
request.COOKIES = {}
with requests_mock.Mocker() as m:
m.get(
RidiOAuth2Config.get_key_url(),
text=json.dumps({
'keys': [{
'kid': 'RS999',
"alg": "RS256",
"kty": "RSA",
"use": "sig",
"n":
"1rL5PCEv2PaAASaGldzfnlo0MiMCglC-eFxYHgUfa6a7qJhjo0QX8LeAelBlQpMCAMVGX33jUJ2FCCP_QDk3NIu74AgP7F3Z7IdmVvOfkt2myF1n3ZDyCHKdyi7MnOBtHIQCqQRGZ4XH2Ss5bmg_FuplBFT82e14UVmZx4kP-HwDjaSpvYHoTr3b5j20Ebx7aIy_SVrWeY0wxeAdFf-EOuEBQ-QIIe5Npd49gzq4CGHeNJlPQjs0EjMZFtPutCrIRSoEaLwccKQEIHcMSbsBLCJIJ5OuTmtK2WaSh7VYCrJsCbPh5tYKF6akN7TSOtDwGQVKwJjjOsxkPdYXNoAnIQ==",
"e": "AQAB",
}]
}))
response = self.middleware.process_request(request=request)
self.assertIsNone(response)
self.assertFalse(request.user.is_authenticated)
self.assertIsInstance(request.user, AnonymousUser)
def _build_request(self, method: str, path: str, data: dict,
request_params: dict):
request = Mock()
request.method = method
request.path = path
request.body = ""
request.COOKIES = {}
if "user" not in request_params:
request.user.is_authenticated = False
request.META = request_params.pop("META", {})
request.META.update(
dict([(f"HTTP_{k}", v)
for k, v in request_params.pop("headers", {}).items()]))
if django.VERSION[:2] > (2, 1):
from django.http.request import HttpHeaders
request.headers = HttpHeaders(request.META)
if isinstance(data, QueryDict):
request.POST = data
else:
request.POST = QueryDict(mutable=True)
for k, v in data.items():
request.POST[k] = v
if "?" in path:
request.GET = QueryDict(path.split("?")[1])
else:
request.GET = QueryDict()
for k, v in request_params.items():
setattr(request, k, v)
return request
def test_process_request_no_cookie(self):
request = Mock()
request.COOKIES = {}
assert self.middleware.process_request(request) is None
request.get_signed_cookie.assert_not_called()
assert request.{{ cookiecutter.project_name }}_feature_flags == set()
def test_process_request_no_cookie(self):
request = Mock()
request.COOKIES = {}
assert self.middleware.process_request(request) is None
request.get_signed_cookie.assert_not_called()
assert request.course_catalog_feature_flags == set()
