def test_compile_keys(self):
regex_string = '.*'
compiled_regex = re.compile(regex_string)
test_compile_dict = {'some_regex': regex_string}
cors = CORS()
cors._compile_keys(test_compile_dict, ['some_regex'])
self.assertEqual(compiled_regex, test_compile_dict['some_regex'])
def test_process_expose_headers(self):
fake_req = mock.MagicMock()
fake_resp = mock.MagicMock()
cors = CORS(expose_headers_list=['test_header'])
cors._process_expose_headers(fake_req, fake_resp)
fake_resp.append_header.assert_called_once_with(
'access-control-expose-headers', 'test_header')
def test_process_max_age(self):
fake_req = mock.MagicMock()
fake_resp = mock.MagicMock()
cors = CORS(max_age=5)
cors._process_max_age(fake_req, fake_resp)
fake_resp.set_header.assert_called_once_with('access-control-max-age',
5)
def test_set_allowed_methods(self):
fake_resp = mock.MagicMock()
allowed_method_list = ['GET']
cors = CORS()
cors._set_allowed_methods(fake_resp, allowed_method_list)
fake_resp.append_header.assert_called_once_with(
'access-control-allow-methods', 'GET')
def test_cors_disabled(self):
self.resource = mock.MagicMock()
self.resource.cors_enabled = False
cors = CORS()
cors.process = mock.Mock()
self.simulate_cors_api(cors, '/')
self.simulate_post('/')
self.assertEquals(cors.process.call_count, 0)
def test_process_origin_return(self):
cors = CORS(allow_origins_list=['test.com'])
cors._process_origin = mock.Mock(return_value=False)
cors._process_credentials = mock.Mock()
headers = {'origin': 'rackspace.com'}
self.simulate_cors_request(cors, headers=headers, preflight=False)
self.assertEqual(cors._process_origin.call_count, 1)
self.assertEqual(cors._process_credentials.call_count, 0)
def test_process_origin_regex_none(self):
fake_req = mock.MagicMock()
fake_resp = mock.MagicMock()
cors = CORS()
cors._set_allow_origin = mock.Mock()
self.assertEqual(
cors._process_origin(fake_req, fake_resp, 'rackspace.com'), False)
self.assertEqual(cors._set_allow_origin.call_count, 0)
def test_process_origin_allow_regex(self):
fake_req = mock.MagicMock()
fake_resp = mock.MagicMock()
cors = CORS(allow_origins_regex='rack.*\.com')
cors._set_allow_origin = mock.Mock()
self.assertEqual(
cors._process_origin(fake_req, fake_resp, 'rackspace.com'), True)
cors._set_allow_origin.assert_called_once_with(fake_resp,
'rackspace.com')
def test_process_credentials_regex(self):
fake_req = mock.MagicMock()
fake_resp = mock.MagicMock()
cors = CORS(allow_credentials_origins_regex='.*\.rackspace\..*')
cors._set_allow_credentials = mock.Mock()
self.assertEqual(
cors._process_credentials(fake_req, fake_resp,
'www.rackspace.com'), True)
cors._set_allow_credentials.assert_called_once_with(fake_resp)
def test_vary_origins_called(self):
cors = CORS(allow_all_origins=True,
allow_credentials_origins_list=['test.com'])
cors._set_vary_origin = mock.Mock()
origin = self.get_rand_str()
headers = {'origin': origin}
self.simulate_cors_request(cors, headers=headers, preflight=False)
cors._set_vary_origin.assert_called_once_with(
self.resource.captured_resp)
def test_process_allow_headers_list_camelcase(self):
fake_req = mock.MagicMock()
fake_resp = mock.MagicMock()
cors = CORS(allow_headers_list=['Content-Type'])
cors._set_allowed_headers = mock.Mock()
self.assertEqual(
cors._process_allow_headers(fake_req, fake_resp, ['Content-Type']),
True)
cors._set_allowed_headers.assert_called_once_with(
fake_resp, ['Content-Type'])
def test_process_origin_deny(self):
fake_req = mock.MagicMock()
fake_resp = mock.MagicMock()
cors = CORS(allow_origins_list=['rackspace.com'],
allow_origins_regex='rack.*\.com')
cors._set_allow_origin = mock.Mock()
self.assertEqual(
cors._process_origin(fake_req, fake_resp, 'not_rackspace.com'),
False)
self.assertEqual(cors._set_allow_origin.call_count, 0)
def test_process_allow_headers_regex(self):
fake_req = mock.MagicMock()
fake_resp = mock.MagicMock()
cors = CORS(allow_headers_regex='.*_header')
cors._set_allowed_headers = mock.Mock()
self.assertEqual(
cors._process_allow_headers(fake_req, fake_resp, ['test_header']),
True)
cors._set_allowed_headers.assert_called_once_with(
fake_resp, ['test_header'])
def test_process_credentials_disallow(self):
fake_req = mock.MagicMock()
fake_resp = mock.MagicMock()
cors = CORS(allow_credentials_origins_list=['not_rackspace'],
allow_credentials_origins_regex='.*\.rackspace\..*')
cors._set_allow_credentials = mock.Mock()
self.assertEqual(
cors._process_credentials(fake_req, fake_resp,
'some_other_domain.lan'), False)
self.assertEqual(cors._set_allow_credentials.call_count, 0)
def test_process_methods_not_requested(self):
fake_req = mock.MagicMock()
fake_resp = mock.MagicMock()
fake_resource = mock.MagicMock()
cors = CORS(allow_all_methods=True)
cors._get_requested_method = mock.Mock(return_value=None)
cors._set_allowed_methods = mock.Mock()
self.assertEqual(
cors._process_methods(fake_req, fake_resp, fake_resource), False)
self.assertEqual(cors._set_allowed_methods.call_count, 0)
cors._get_requested_method.assert_called_once_with(fake_req)
def test_no_requested_method(self):
cors = CORS(allow_all_origins=True)
cors._get_requested_headers = mock.Mock()
cors._process_origin = mock.Mock(return_value=True)
headers = {'origin': 'rackspace.com'}
self.simulate_cors_request(cors,
headers=headers,
preflight=True,
add_request_method=False)
self.assertEqual(cors._process_origin.call_count, 1)
self.assertEqual(cors._get_requested_headers.call_count, 0)
def test_method_not_allowed(self):
cors = CORS(allow_all_origins=True, allow_methods_list=['GET'])
cors._get_requested_headers = mock.Mock(return_value=True)
cors._process_allow_headers = mock.Mock()
headers = {'origin': 'rackspace.com'}
self.simulate_cors_request(cors,
headers=headers,
preflight=True,
preflight_method='POST')
self.assertEqual(cors._get_requested_headers.call_count, 1)
self.assertEqual(cors._process_allow_headers.call_count, 0)
def test_process_credentials_called(self):
cors = CORS(allow_all_origins=True,
allow_all_methods=True,
allow_all_headers=True)
cors._process_methods = mock.Mock(return_value=True)
cors._process_credentials = mock.Mock()
headers = {'origin': 'rackspace.com'}
self.simulate_cors_request(cors, headers=headers, preflight=True)
cors._process_credentials.assert_called_once_with(
self.resource.captured_req, self.resource.captured_resp,
'rackspace.com')
def test_process_allow_headers_disallow(self):
fake_req = mock.MagicMock()
fake_resp = mock.MagicMock()
cors = CORS(allow_headers_list=['test_header'],
allow_headers_regex='.*_header')
cors._set_allowed_headers = mock.Mock()
self.assertEqual(
cors._process_allow_headers(fake_req, fake_resp,
['test_header', 'header_not_allowed']),
False)
self.assertEqual(cors._set_allowed_headers.call_count, 0)
def test_header_not_allowed(self):
cors = CORS(allow_all_origins=True,
allow_all_methods=True,
allow_headers_list=['test_header'])
cors._process_methods = mock.Mock(return_value=True)
cors._process_credentials = mock.Mock()
headers = {
'origin': 'rackspace.com',
'access-control-request-headers': 'not_allowed_header'
}
self.simulate_cors_request(cors, headers=headers, preflight=True)
self.assertEqual(cors._process_methods.call_count, 1)
self.assertEqual(cors._process_credentials.call_count, 0)
def create_app():
cors = CORS(allow_all_origins=True, allow_all_headers=True, allow_all_methods=True)
# cors = CORS(allow_all_origins=True, allow_origins_list=ALLOWED_ORIGINS, allow_all_headers=True, allow_all_methods=True)
app = falcon.API(middleware=[cors.middleware, auth_middleware])
app.add_route('/auth/login', LoginResource())
app.add_route('/auth/logout', LogoutResource())
app.add_route('/auth/refresh_token', RefreshTokenResource())
app.add_route('/users/me', MeResource())
ModelResource.register_endpoints('/epics', app, EpicResource())
ModelResource.register_endpoints('/projects', app, ProjectResource())
ModelResource.register_endpoints('/roles', app, RolesResource())
ModelResource.register_endpoints('/tasks', app, TaskResource())
ModelResource.register_endpoints('/users', app, UsersResource())
ModelResource.register_endpoints('/user_settings', app, UserSettingResource())
ModelResource.register_endpoints('/user_stories', app, UserStoryResource())
sync_resource = SyncResource()
app.add_route('/sync/changes', sync_resource, suffix='changes')
app.add_route('/sync/doc/{obj_id}', sync_resource, suffix='doc')
app.add_route('/sync/docs', sync_resource, suffix='docs')
if DEBUG:
app.add_static_route('/assets/i18n', I18N_ASSETS_PATH)
return app
def simulate_all_origins(self, preflight=False):
cors_config = CORS(allow_all_origins=True,
allow_methods_list=['PATCH'])
origin = self.get_rand_str()
headers = {'origin': origin}
result = self.simulate_cors_request(cors_config,
headers=headers,
preflight=preflight)
self.assertEqual(result.headers.get('access-control-allow-origin'),
'*')
self.assertEqual(
result.headers.get('access-control-allow-credentials'), None)
def test_all_origins_credentials(self, preflight=False):
cors_config = CORS(allow_all_origins=True,
allow_credentials_all_origins=True,
allow_all_methods=True)
origin = self.get_rand_str()
headers = {'origin': origin}
result = self.simulate_cors_request(cors_config,
headers=headers,
preflight=preflight)
self.assertEqual(result.headers.get('access-control-allow-origin'),
origin)
self.assertEqual(
result.headers.get('access-control-allow-credentials'), 'true')
def test_process_origin_allow_all(self):
fake_req = mock.MagicMock()
fake_resp = mock.MagicMock()
cors = CORS(allow_all_origins=True)
cors._set_allow_origin = mock.Mock()
self.assertEqual(
cors._process_origin(fake_req, fake_resp, 'rackspace.com'), True)
cors._set_allow_origin.assert_called_once_with(fake_resp, '*')
cors._set_allow_origin = mock.Mock()
cors.supports_credentials = True
self.assertEqual(
cors._process_origin(fake_req, fake_resp, 'rackspace.com'), True)
cors._set_allow_origin.assert_called_once_with(fake_resp,
'rackspace.com')
def test_process_methods_resource(self):
fake_req = mock.MagicMock()
fake_resp = mock.MagicMock()
fake_resource = mock.MagicMock()
cors = CORS(allow_all_methods=True)
cors._get_requested_method = mock.Mock(return_value='GET')
cors._get_resource_methods = mock.Mock(return_value=['POST'])
cors._set_allowed_methods = mock.Mock()
self.assertEqual(
cors._process_methods(fake_req, fake_resp, fake_resource), False)
cors._set_allowed_methods.assert_called_once_with(fake_resp, ['POST'])
def test_static_route(self):
cors_config = CORS(allow_all_origins=True,
allow_credentials_all_origins=True,
allow_all_methods=True)
origin = self.get_rand_str()
headers = {'origin': origin}
self.resource = CORSResource()
api = falcon.API(middleware=[cors_config.middleware])
api.add_static_route("/static", "/var/www/static")
result = testing.simulate_request(api,
path="/static/image.png",
method="GET",
headers=headers)
self.assertEqual(result.headers.get('access-control-allow-origin'),
origin)
self.assertEqual(
result.headers.get('access-control-allow-credentials'), 'true')
def test_process_methods_notfound(self):
fake_req = mock.MagicMock()
fake_resp = mock.MagicMock()
fake_resource = mock.MagicMock()
cors = CORS(allow_methods_list=['GET', 'POST', 'PUT', 'DELETE'])
cors._set_allowed_methods = mock.Mock()
cors._get_requested_method = mock.Mock(return_value='POST')
cors._get_resource_methods = mock.Mock(return_value=['GET', 'PUT'])
self.assertEqual(
cors._process_methods(fake_req, fake_resp, fake_resource), False)
cors._set_allowed_methods.assert_called_once_with(
fake_resp, ['GET', 'PUT'])
#Configuring the logging for the application
logging.config.fileConfig(const.LOGGING_CONFIG_FILENAME)
#Import mocked resources if MOCKED_SERVER is set
if const.MOCKED_SERVER:
logging.debug("Importing mocked resources")
from .tests.mock_tournaments import Tournaments
from .tests.mock_scores import Scores
else:
logging.debug("Importing real resources")
from .resources.tournaments import Tournaments
from .resources.scores import Scores
from .resources.player import Player
cors = CORS(allow_all_origins=True,
allow_methods_list=['GET', 'PUT', 'POST'],
allow_headers_list=['content-type'])
# this is my eth account address
address = const.PLAYER_OWN_ADD
api = falcon.API(middleware=[cors.middleware])
api.add_route('/api/tournaments', Tournaments(address))
api.add_route('/api/tournaments/{tournament_id}',
Tournaments(address),
suffix='single')
api.add_route('/api/tournaments/{tournament_id}/scores/my',
Scores(address),
suffix='my')
api.add_route('/api/tournaments/{tournament_id}/scores/{player_id}',
Scores(address))
def test_set_very_origin(self):
fake_resp = mock.MagicMock()
cors = CORS()
cors._set_vary_origin(fake_resp)
fake_resp.append_header.assert_called_once_with('vary', 'origin')
def test_vary_origins_false(self):
cors = CORS()
self.assertFalse(cors.origins_vary)