def request_started_handler(sender, environ, **kwargs): if not should_log_url(environ["PATH_INFO"]): return # get the user from cookies user = None if environ.get("HTTP_COOKIE"): cookie = SimpleCookie() # python3 compatibility cookie.load(environ["HTTP_COOKIE"]) session_cookie_name = settings.SESSION_COOKIE_NAME if session_cookie_name in cookie: session_id = cookie[session_cookie_name].value try: session = Session.objects.get(session_key=session_id) except Session.DoesNotExist: session = None if session: user_id = session.get_decoded().get("_auth_user_id") try: user = get_user_model().objects.get(id=user_id) except Exception: user = None RequestEvent.objects.create( url=environ["PATH_INFO"], method=environ["REQUEST_METHOD"], query_string=environ["QUERY_STRING"], user_id=getattr(user, "id", None), remote_ip=environ[REMOTE_ADDR_HEADER], datetime=timezone.now(), )
def request_started_handler(sender, environ, **kwargs): if not should_log_url(environ['PATH_INFO']): return # get the user from cookies user = None if environ.get('HTTP_COOKIE'): cookie = SimpleCookie() # python3 compatibility cookie.load(environ['HTTP_COOKIE']) session_cookie_name = settings.SESSION_COOKIE_NAME if session_cookie_name in cookie: session_id = cookie[session_cookie_name].value try: session = Session.objects.get(session_key=session_id) except Session.DoesNotExist: session = None if session: user_id = session.get_decoded().get('_auth_user_id') try: user = get_user_model().objects.get(id=user_id) except: user = None request_event = RequestEvent.objects.create( url=environ['PATH_INFO'], method=environ['REQUEST_METHOD'], query_string=environ['QUERY_STRING'], user=user, remote_ip=environ['REMOTE_ADDR'], datetime=timezone.now() )
def ladon_view(request, path): """ delegates request-handling to ladon's wsgi application """ captured = [] output = [] def start_response(status, headers, exc_info=None): if exc_info is not None: reraise(exc_info) captured[:] = [status.split(' ', 1)[0], headers] return output.append environ = request.environ.copy() fix_path(environ, path) app_iter = LADON_APP(environ, start_response) if output or not captured: try: output.extend(app_iter) finally: if hasattr(app_iter, 'close'): app_iter.close() app_iter = output headers = captured[1] django_response = HttpResponse(app_iter, status=int(captured[0])) cookies = SimpleCookie() for (header, value) in headers: if header.upper() == "SET-COOKIE": cookies.load(value) else: django_response[header] = value django_response.cookies.update(cookies) return django_response
def set_cookie( cls, message, key, value="", max_age=None, expires=None, path="/", domain=None, secure=False, httponly=False, ): """ Sets a cookie in the passed HTTP response message. ``expires`` can be: - a string in the correct format, - a naive ``datetime.datetime`` object in UTC, - an aware ``datetime.datetime`` object in any time zone. If it is a ``datetime.datetime`` object then ``max_age`` will be calculated. """ value = force_str(value) cookies = SimpleCookie() cookies[key] = value if expires is not None: if isinstance(expires, datetime.datetime): if timezone.is_aware(expires): expires = timezone.make_naive(expires, timezone.utc) delta = expires - expires.utcnow() # Add one second so the date matches exactly (a fraction of # time gets lost between converting to a timedelta and # then the date string). delta = delta + datetime.timedelta(seconds=1) # Just set max_age - the max_age logic will set expires. expires = None max_age = max(0, delta.days * 86400 + delta.seconds) else: cookies[key]["expires"] = expires else: cookies[key]["expires"] = "" if max_age is not None: cookies[key]["max-age"] = max_age # IE requires expires, so set it if hasn't been already. if not expires: cookies[key]["expires"] = cookie_date(time.time() + max_age) if path is not None: cookies[key]["path"] = path if domain is not None: cookies[key]["domain"] = domain if secure: cookies[key]["secure"] = True if httponly: cookies[key]["httponly"] = True # Write out the cookies to the response for c in cookies.values(): message.setdefault("headers", []).append( (b"Set-Cookie", bytes(c.output(header=""), encoding="utf-8")), )
def request_started_handler(sender, **kwargs): environ = kwargs.get("environ") scope = kwargs.get("scope") if environ: path = environ["PATH_INFO"] cookie_string = environ.get("HTTP_COOKIE") remote_ip = environ[REMOTE_ADDR_HEADER] method = environ["REQUEST_METHOD"] query_string = environ["QUERY_STRING"] else: method = scope.get("method") path = scope.get("path") headers = dict(scope.get("headers")) cookie_string = headers.get(b"cookie") if isinstance(cookie_string, bytes): cookie_string = cookie_string.decode("utf-8") server = scope.get("server") remote_ip = "{s_ip}:{s_port}".format(s_ip=server[0], s_port=server[1]) query_string = scope.get("query_string") if not should_log_url(path): return # try and get the user from the request; commented for now, may have a bug in this flow. user = get_current_user() # user = None # get the user from cookies if not user and cookie_string: cookie = SimpleCookie() cookie.load(cookie_string) session_cookie_name = settings.SESSION_COOKIE_NAME if session_cookie_name in cookie: session_id = cookie[session_cookie_name].value try: session = Session.objects.get(session_key=session_id) except Session.DoesNotExist: session = None if session: user_id = session.get_decoded().get("_auth_user_id") try: user = get_user_model().objects.get(id=user_id) except: user = None # may want to wrap this in an atomic transaction later request_event = audit_logger.request({ "url": path, "method": method, "query_string": query_string, "user_id": getattr(user, "id", None), "remote_ip": remote_ip, "created": timezone.now(), })
def _encoded_cookies(cookies): """Encode dict of cookies to ascii string""" cookie_encoder = SimpleCookie() for k, v in cookies.items(): cookie_encoder[k] = v return cookie_encoder.output(header='', sep=';').encode("ascii")
def request_started_handler(sender, **kwargs): environ = kwargs.get("environ") scope = kwargs.get("scope") if environ: path = environ["PATH_INFO"] cookie_string = environ.get('HTTP_COOKIE') remote_ip = environ[REMOTE_ADDR_HEADER] method = environ['REQUEST_METHOD'] query_string = environ["QUERY_STRING"] else: method = scope.get('method') path = scope.get("path") headers = dict(scope.get('headers')) cookie_string = headers.get(b'cookie') if isinstance(cookie_string, bytes): cookie_string = cookie_string.decode("utf-8") server = scope.get('server', ('localhost', '80')) remote_ip = '{s_ip}:{s_port}'.format(s_ip=server[0], s_port=server[1]) query_string = scope.get("query_string") if not should_log_url(path): return # try and get the user from the request; commented for now, may have a bug in this flow. # user = get_current_user() user = None # get the user from cookies if not user and cookie_string: cookie = SimpleCookie() cookie.load(cookie_string) session_cookie_name = settings.SESSION_COOKIE_NAME if session_cookie_name in cookie: session_id = cookie[session_cookie_name].value try: session = Session.objects.get(session_key=session_id) except Session.DoesNotExist: session = None if session: user_id = session.get_decoded().get('_auth_user_id') try: user = get_user_model().objects.get(id=user_id) except: user = None # may want to wrap this in an atomic transaction later request_event = audit_logger.request({ 'url': path, 'method': method, 'query_string': query_string, 'user_id': getattr(user, 'id', None), 'remote_ip': remote_ip, 'datetime': timezone.now() })
def request_started_handler(sender, environ, **kwargs): if not should_log_url(environ['PATH_INFO']): return # try and get the user from the request; commented for now, may have a bug in this flow. # user = get_current_user() user = None # get the user from http auth if not user and environ.get("HTTP_AUTHORIZATION"): try: http_auth = environ.get("HTTP_AUTHORIZATION") jwt_token = (http_auth.split(" ")[1] if http_auth.startswith("Bearer") else http_auth) jwt_token_decoded = jwt.decode(jwt_token, None, None) user_id = jwt_token_decoded["user_id"] if user_id: user = get_user_model().objects.get(id=user_id) except: user = None # get the user from cookies if not user and environ.get('HTTP_COOKIE'): cookie = SimpleCookie() # python3 compatibility cookie.load(environ['HTTP_COOKIE']) session_cookie_name = settings.SESSION_COOKIE_NAME if session_cookie_name in cookie: session_id = cookie[session_cookie_name].value try: session = Session.objects.get(session_key=session_id) except Session.DoesNotExist: session = None if session: user_id = session.get_decoded().get('_auth_user_id') try: user = get_user_model().objects.get(id=user_id) except: user = None request_event = audit_logger.request({ 'url': environ['PATH_INFO'], 'method': environ['REQUEST_METHOD'], 'query_string': environ['QUERY_STRING'], 'user_id': getattr(user, 'id', None), 'remote_ip': environ[REMOTE_ADDR_HEADER], 'datetime': timezone.now() })
def __init__(self, content_type=None, status=None, reason=None, charset=None): # self 是「响应对象」 print('【django.http.response.HttpResponseBase.__init__】「响应对象」最终的父类初始化') # 原注释翻译: # _headers 是小写名称到标头的原始大小写(与旧系统一起使用所必需)和标头值的映射。 # 标头名称及其值均为 ASCII 字符串。 self._headers = {} self._resource_closers = [] # This parameter is set by the handler. It's necessary to preserve the # historical behavior of request_finished. self._handler_class = None self.cookies = SimpleCookie() self.closed = False if status is not None: try: self.status_code = int(status) except (ValueError, TypeError): raise TypeError('HTTP status code must be an integer.') if not 100 <= self.status_code <= 599: raise ValueError( 'HTTP status code must be an integer from 100 to 599.') self._reason_phrase = reason self._charset = charset if content_type is None: # self.charset 的值是 'utf-8' content_type = 'text/html; charset=%s' % self.charset # 当前类定义了 __setitem__ 方法,下面这行代码将键值对添加到 self._headers 字典中 self['Content-Type'] = content_type
def __init__(self, content_type=None, status=None, reason=None, mimetype=None): # _headers is a mapping of the lower-case name to the original case of # the header (required for working with legacy systems) and the header # value. Both the name of the header and its value are ASCII strings. self._headers = {} self._charset = settings.DEFAULT_CHARSET self._closable_objects = [] # This parameter is set by the handler. It's necessary to preserve the # historical behavior of request_finished. self._handler_class = None if mimetype: warnings.warn("Using mimetype keyword argument is deprecated, use" " content_type instead", DeprecationWarning, stacklevel=2) content_type = mimetype if not content_type: content_type = "%s; charset=%s" % (settings.DEFAULT_CONTENT_TYPE, self._charset) self.cookies = SimpleCookie() if status is not None: self.status_code = status if reason is not None: self.reason_phrase = reason elif self.reason_phrase is None: self.reason_phrase = REASON_PHRASES.get(self.status_code, 'UNKNOWN STATUS CODE') self['Content-Type'] = content_type
def test_expired_ticke(self): self.client.cookies = SimpleCookie({ 'auth_pubtkt': 'uid=foobar;validuntil=123456789;tokens=;udata=;sig=MEUCIFqF5cxYi85Lsm0M6+1jIEb9AKX3bYa1XsH6h/ggTe6oAiEA0i3laZmjOGXJ/v9N6tt/B0PCFqOKpe7cFwegAU8GYWo=' }) response = self.client.get('/') self.assertEqual(response.status_code, 302)
def test_order_anonymous_user(client, create_ingredient, create_category, create_user_for_test): """Test if anonymous user can make an order""" client.login(username="******", password="******") new_product = { "name": "test", "price": 10, "categories": create_category, "ingredients": create_ingredient, "details": "test", } response = client.post("/add_product/", new_product) client.logout() product = Product.objects.all()[0] amount = 1 cookie_value = json.dumps({f"{product.id}": f"{amount}"}) cookie = SimpleCookie({f"product_{product.id}_and_amount": cookie_value}) client.cookies = cookie assert (cookie_value in client.cookies.value_decode( client.cookies)[0][f"product_{product.id}_and_amount"].value) response = client.get(f"/cart/None/") response = client.get(f"/cart/None/new_address_payment/") addresses_before = Address.objects.count() new_address = {"street": "test", "street_number": 1, "house_number": 1} response = client.post(f"/cart/None/new_address_payment/", new_address) assert response.status_code == 200 assert CartProduct.objects.count() == 1 assert Cart.objects.count() == 1 assert Cart.objects.all()[0].user == None assert CartProduct.objects.all()[0].cart.id == Cart.objects.all()[0].id assert CartProduct.objects.all()[0].product.id == product.id assert CartProduct.objects.all()[0].amount == amount
def test_previously_used_email_is_rendered_on_form(self, client): client.cookies = SimpleCookie({"sso_auth_email": "*****@*****.**"}) response = client.get(reverse("saml2_login_start")) assert ('<input type="text" name="email" value="*****@*****.**"'.encode( "utf-8") in response.content)
def test_add_to_cart_anonymous_user(client, create_user_for_test, create_ingredient, create_category): """Test if anonymous user can add product to cart""" client.login(username="******", password="******") new_product = { "name": "test", "price": 10, "categories": create_category, "ingredients": create_ingredient, "details": "test", } response = client.post("/add_product/", new_product) client.logout() product = Product.objects.all()[0] amount = 1 cookie = SimpleCookie({ f"product_{product.id}_and_amount": json.dumps({f"{product.id}": f"{amount}"}) }) client.cookies = cookie response = client.post(f"/categories/{create_category.id}") assert response.status_code == 302 assert response.url == f"/categories/{create_category.id}" assert client.cookies == cookie response = client.get("/cart/None/", ) assert response.status_code == 200 assert (product, amount) in response.context["chosen_products"]
def test_login_verify_custom_verify(client, settings, magic_link): # NOQA: F811,E501 settings.MAGICLINK_LOGIN_VERIFY_URL = 'custom_login_verify' from magiclink import settings reload(settings) url = reverse(settings.LOGIN_VERIFY_URL) request = HttpRequest() request.META['SERVER_NAME'] = '127.0.0.1' request.META['SERVER_PORT'] = 80 ml = magic_link(request) ml.ip_address = '127.0.0.0' ml.redirect_url = reverse('needs_login') # Should be ignored ml.save() url = ml.generate_url(request) cookie_name = f'magiclink{ml.pk}' client.cookies = SimpleCookie({cookie_name: ml.cookie_value}) response = client.get(url) assert response.status_code == 302 assert response.url == reverse('no_login') assert client.cookies[cookie_name].value == '' assert client.cookies[cookie_name]['expires'].startswith( 'Thu, 01 Jan 1970') # NOQA: E501 settings.MAGICLINK_LOGIN_VERIFY_URL = 'magiclink:login_verify' from magiclink import settings reload(settings)
async def prepare_client(self): """ Prepare BulkClient for endpoint requests. """ # Get all http-headers self.headers = { k.decode('utf-8'): v.decode('utf-8') for k, v in dict(self.scope['headers']).items() } # Setup header as environment variables for BulkClient env = { f'HTTP_{k.upper().replace("-", "_")}': self.headers[k] for k in self.bulk_headers } # Setup global var which indicates that request is running over HTTPS self.secure = env['HTTP_ORIGIN'].split(':')[0] == 'https' env['SERVER_NAME'] = env['HTTP_HOST'] self.env = env # Init client class. client = BulkClient(**env) client.cookies = SimpleCookie(env['HTTP_COOKIE']) return client
def __init__(self, content_type=None, status=None, reason=None, charset=None): # _headers is a mapping of the lower-case name to the original case of # the header (required for working with legacy systems) and the header # value. Both the name of the header and its value are ASCII strings. self._headers = {} self._closable_objects = [] # This parameter is set by the handler. It's necessary to preserve the # historical behavior of request_finished. self._handler_class = None self.cookies = SimpleCookie() self.closed = False if status is not None: try: self.status_code = int(status) except (ValueError, TypeError): raise TypeError('HTTP status code must be an integer.') if not 100 <= self.status_code <= 599: raise ValueError('HTTP status code must be an integer from 100 to 599.') self._reason_phrase = reason self._charset = charset if content_type is None: content_type = '%s; charset=%s' % (settings.DEFAULT_CONTENT_TYPE, self.charset) self['Content-Type'] = content_type
def test_transaction_request_response_data(django_elasticapm_client, client): client.cookies = SimpleCookie({'foo': 'bar'}) django_elasticapm_client.instrumentation_store.get_all() with override_settings(**middleware_setting( django.VERSION, ['elasticapm.contrib.django.middleware.TracingMiddleware'] )): client.get(reverse('elasticapm-no-error')) assert len(django_elasticapm_client.instrumentation_store) == 1 transactions = django_elasticapm_client.instrumentation_store.get_all() assert len(transactions) == 1 transaction = transactions[0] assert transaction['result'] == 'HTTP 2xx' assert 'request' in transaction['context'] request = transaction['context']['request'] assert request['method'] == 'GET' assert 'headers' in request headers = request['headers'] assert headers['cookie'] == ' foo=bar' env = request['env'] assert 'SERVER_NAME' in env, env.keys() assert env['SERVER_NAME'] == 'testserver' assert 'SERVER_PORT' in env, env.keys() assert env['SERVER_PORT'] == '80' assert 'response' in transaction['context'] response = transaction['context']['response'] assert response['status_code'] == 200 assert response['headers']['my-header'] == 'foo'
def __init__(self, content_type=None, status=None, reason=None, charset=None): # _headers is a mapping of the lower-case name to the original case of # the header (required for working with legacy systems) and the header # value. Both the name of the header and its value are ASCII strings. self._headers = {} self._closable_objects = [] # This parameter is set by the handler. It's necessary to preserve the # historical behavior of request_finished. self._handler_class = None self.cookies = SimpleCookie() self.closed = False if status is not None: self.status_code = status if reason is not None: self.reason_phrase = reason elif self.reason_phrase is None: self.reason_phrase = responses.get(self.status_code, 'Unknown Status Code') self._charset = charset if content_type is None: content_type = '%s; charset=%s' % (settings.DEFAULT_CONTENT_TYPE, self.charset) self['Content-Type'] = content_type
def __init__(self, content_type=None, status=None, reason=None, charset=None, headers=None): self.headers = ResponseHeaders(headers or {}) self._charset = charset if content_type and 'Content-Type' in self.headers: raise ValueError( "'headers' must not contain 'Content-Type' when the " "'content_type' parameter is provided.") if 'Content-Type' not in self.headers: if content_type is None: content_type = 'text/html; charset=%s' % self.charset self.headers['Content-Type'] = content_type self._resource_closers = [] # This parameter is set by the handler. It's necessary to preserve the # historical behavior of request_finished. self._handler_class = None self.cookies = SimpleCookie() self.closed = False if status is not None: try: self.status_code = int(status) except (ValueError, TypeError): raise TypeError('HTTP status code must be an integer.') if not 100 <= self.status_code <= 599: raise ValueError( 'HTTP status code must be an integer from 100 to 599.') self._reason_phrase = reason
def request_started_handler(sender, environ, **kwargs): if not should_log_url(environ['PATH_INFO']): return # get the user from request user = get_current_user() if user and user.is_anonymous: user = None # get the user from cookies if not user and environ.get('HTTP_COOKIE'): cookie = SimpleCookie() # python3 compatibility cookie.load(environ['HTTP_COOKIE']) session_cookie_name = settings.SESSION_COOKIE_NAME if session_cookie_name in cookie: session_id = cookie[session_cookie_name].value try: session = Session.objects.get(session_key=session_id) except Session.DoesNotExist: session = None if session: user_id = session.get_decoded().get('_auth_user_id') try: user = get_user_model().objects.get(id=user_id) except: user = None request_event = RequestEvent.objects.create( url=environ['PATH_INFO'], method=environ['REQUEST_METHOD'], query_string=environ['QUERY_STRING'], user=user, remote_ip=get_client_ip(record('FakeRequest', { 'META': environ })), browser=get_client_browser_info(record('FakeRequest', { 'META': environ })), operating_system=get_client_operating_system_info(record('FakeRequest', { 'META': environ })), datetime=timezone.now())
def test_persistent_cookie_language_setting_on_logout(self): # Test when set on a cookie. from django.http.cookie import SimpleCookie from django.conf import settings self.client.login(**self.credentials) self.client.cookies = SimpleCookie({settings.LANGUAGE_COOKIE_NAME: "fr-fr"}) response = self.client.post("/logout") self.assertTrue("fr-fr" in response.url)
def test_refresh_exception(self): self.client.cookies = SimpleCookie({settings.REFRESH_TOKEN: 3}) response = self.client.post("/auth/jwt/refresh/") self.assertEquals(response.status_code, 401) self.assertEquals( response.json(), { "detail": "Token is invalid or expired", "code": "token_not_valid" }, )
def request_started_handler(sender, environ, **kwargs): if not should_log_url(environ['PATH_INFO']): return # try and get the user from the request user = get_current_user() # get the user from cookies if not user and environ.get('HTTP_COOKIE'): cookie = SimpleCookie() # python3 compatibility cookie.load(environ['HTTP_COOKIE']) session_cookie_name = settings.SESSION_COOKIE_NAME if session_cookie_name in cookie: session_id = cookie[session_cookie_name].value try: session = Session.objects.get(session_key=session_id) except Session.DoesNotExist: session = None if session: user_id = session.get_decoded().get('_auth_user_id') try: user = get_user_model().objects.get(id=user_id) except: user = None request_event = audit_logger.request({ 'url': environ['PATH_INFO'], 'method': environ['REQUEST_METHOD'], 'query_string': environ['QUERY_STRING'], 'user_id': getattr(user, 'id', None), 'remote_ip': environ[REMOTE_ADDR_HEADER], 'datetime': timezone.now() })
def test_success(self): # 4102444800 is 01/01/2100 self.client.cookies = SimpleCookie({ 'auth_pubtkt': 'uid=foobar;validuntil=4102444800;tokens=;udata=;sig=MEUCIQDPpPA1SEeXP8r/UoeNAehom31cS9/Le6eXZmokKbY7QwIgExWb6R0tPG6vKDZET0ojVnDxHoYxUx81fm+knwd0xZM=' }) response = self.client.get('/') self.assertEqual(response.status_code, 200) content = response.content if six.PY3: content = content.decode("utf-8") self.assertEqual(content, 'User: foobar')
def test_cookie_cart_id_is_used(self, add_item_to_cart): self.client.cookies = SimpleCookie({'cart_id': COOKIE_CART_ID}) data = { 'product_id': PRODUCT_ID, 'name': NAME, 'price': PRICE } self.client.post(self.URL, data, format='json') add_item_to_cart.assert_called_with( COOKIE_CART_ID, PRODUCT_ID, NAME, PRICE )
def _copy_from_response(self, response): """ Copy data from the original response. """ for key, _ in self.items(): del self[key] for key, value in response.items(): self[key] = value self.status_code = response.status_code self.reason_phrase = response.reason_phrase self.cookies = SimpleCookie(str(response.cookies))
def test_login_verify_with_redirect(client, magic_link): # NOQA: F811 url = reverse('magiclink:login_verify') request = HttpRequest() request.META['SERVER_NAME'] = '127.0.0.1' request.META['SERVER_PORT'] = 80 ml = magic_link(request) ml.ip_address = '127.0.0.0' # This is a little hacky redirect_url = reverse('no_login') ml.redirect_url = redirect_url ml.save() url = ml.generate_url(request) client.cookies = SimpleCookie({f'magiclink{ml.pk}': ml.cookie_value}) response = client.get(url) assert response.status_code == 302 assert response.url == redirect_url
def __init__(self, content_type=None, status=None, mimetype=None): # _headers is a mapping of the lower-case name to the original case of # the header (required for working with legacy systems) and the header # value. Both the name of the header and its value are ASCII strings. self._headers = {} self._charset = settings.DEFAULT_CHARSET self._closable_objects = [] if mimetype: warnings.warn( "Using mimetype keyword argument is deprecated, use" " content_type instead", PendingDeprecationWarning) content_type = mimetype if not content_type: content_type = "%s; charset=%s" % (settings.DEFAULT_CONTENT_TYPE, self._charset) self.cookies = SimpleCookie() if status: self.status_code = status self['Content-Type'] = content_type
def test_logout(self): user = User.objects.create(email="*****@*****.**", is_active=True) user.set_password("coucou") user.save() connexion_response = self.client.post( "/auth/jwt/create/", { "email": "*****@*****.**", "password": "******" }, ) refreshToken = connexion_response.cookies.get( settings.REFRESH_TOKEN).value self.client.cookies = SimpleCookie( {settings.REFRESH_TOKEN: refreshToken}) response = self.client.post("/auth/jwt/logout/") self.assertEqual(response.status_code, 200) self.assertEqual( response.cookies.get(settings.REFRESH_TOKEN).value, "")