def test_response_sensitive_data_body_in_json_should_be_hidden(self):
responses.add(responses.POST, 'http://test.cz', body='test')
requests.post('http://test.cz', data=json.dumps({'password': '******'}))
output_logged_requst = OutputLoggedRequest.objects.get()
assert_in('"password": "******"', output_logged_requst.request_body)
assert_not_in('"password": "******"', output_logged_requst.request_body)
assert_in('"password": "******"', responses.calls[0].request.body)
assert_not_in('"password": "******"', responses.calls[0].request.body)
def test_sensitive_data_body_in_json_should_be_hidden(self):
with capture_security_logs() as logged_data:
self.c.post('/admin/login/', data=json.dumps({'username': '******', 'password': '******'}),
content_type='application/json')
assert_in('"password": "******"', logged_data.input_request[0].request_body)
assert_not_in(
'"password": "******"', logged_data.input_request[0].request_body
)
def test_sensitive_data_body_in_json_should_be_hidden(self):
self.c.post('/admin/login/',
data=json.dumps({
'username': '******',
'password': '******'
}),
content_type='application/json')
input_logged_request = InputLoggedRequest.objects.get()
assert_in('"password": "******"',
input_logged_request.request_body)
assert_not_in('"password": "******"',
input_logged_request.request_body)
def test_response_sensitive_data_body_in_json_should_be_hidden(self):
responses.add(responses.POST, 'http://test.cz', body='test')
requests.post('http://test.cz',
data=json.dumps({'password': '******'}))
output_logged_requst = OutputLoggedRequest.objects.get()
assert_in('"password": "******"',
output_logged_requst.request_body)
assert_not_in('"password": "******"',
output_logged_requst.request_body)
assert_in('"password": "******"',
responses.calls[0].request.body)
assert_not_in('"password": "******"',
responses.calls[0].request.body)
def test_enum_should_contain_only_defined_values(self):
enum = Enum('A', 'B')
assert_equal(enum.A, 'A')
assert_equal(enum.B, 'B')
assert_equal(list(enum), ['A', 'B'])
assert_equal(enum.all, ('A', 'B'))
assert_equal(enum.get_name('A'), 'A')
with assert_raises(AttributeError):
enum.C # pylint: disable=W0104
assert_is_none(enum.get_name('C'))
assert_in('A', enum)
assert_in(enum.A, enum)
assert_not_in('C', enum)
def test_auto_gemerated_num_enum_should_contain_only_defined_values(self):
enum = NumEnum('A', 'B')
assert_equal(enum.A, 1)
assert_equal(enum.B, 2)
assert_equal(list(enum), [1, 2])
assert_equal(enum.all, (1, 2))
assert_equal(enum.get_name(1), 'A')
with assert_raises(AttributeError):
enum.C # pylint: disable=W0104
assert_is_none(enum.get_name(3))
assert_in(1, enum)
assert_in(enum.A, enum)
assert_not_in('A', enum)
def test_enum_with_distinct_key_and_value_should_contain_only_defined_values(
self):
enum = Enum(('A', 'c'), ('B', 'd'))
assert_equal(enum.A, 'c')
assert_equal(enum.B, 'd')
assert_equal(list(enum), ['c', 'd'])
assert_equal(enum.all, ('c', 'd'))
assert_equal(enum.get_name('c'), 'A')
with assert_raises(AttributeError):
enum.C # pylint: disable=W0104
assert_is_none(enum.get_name('f'))
assert_in('c', enum)
assert_in(enum.A, enum)
assert_not_in('A', enum)
def test_enum_should_contain_only_defined_values(self):
enum = Enum(
'A', 'B'
)
assert_equal(enum.A, 'A')
assert_equal(enum.B, 'B')
assert_equal(list(enum), ['A', 'B'])
assert_equal(enum.all, ('A', 'B'))
assert_equal(enum.get_name('A'), 'A')
with assert_raises(AttributeError):
enum.C # pylint: disable=W0104
assert_is_none(enum.get_name('C'))
assert_in('A', enum)
assert_in(enum.A, enum)
assert_not_in('C', enum)
def test_auto_gemerated_num_enum_should_contain_only_defined_values(self):
enum = NumEnum(
'A', 'B'
)
assert_equal(enum.A, 1)
assert_equal(enum.B, 2)
assert_equal(list(enum), [1, 2])
assert_equal(enum.all, (1, 2))
assert_equal(enum.get_name(1), 'A')
with assert_raises(AttributeError):
enum.C # pylint: disable=W0104
assert_is_none(enum.get_name(3))
assert_in(1, enum)
assert_in(enum.A, enum)
assert_not_in('A', enum)
def test_enum_with_distinct_key_and_value_should_contain_only_defined_values(self):
enum = Enum(
('A', 'c'), ('B', 'd')
)
assert_equal(enum.A, 'c')
assert_equal(enum.B, 'd')
assert_equal(list(enum), ['c', 'd'])
assert_equal(enum.all, ('c', 'd'))
assert_equal(enum.get_name('c'), 'A')
with assert_raises(AttributeError):
enum.C # pylint: disable=W0104
assert_is_none(enum.get_name('f'))
assert_in('c', enum)
assert_in(enum.A, enum)
assert_not_in('A', enum)
def test_user_should_be_authorized_via_http_header(self, user):
assert_http_redirect(self.get(self.INDEX_URL))
resp = self.post(self.API_LOGIN_URL, {
'username': '******',
'password': '******'
})
assert_http_ok(resp)
assert_in('token', resp.json())
assert_http_ok(
self.get(self.INDEX_URL,
headers={
'HTTP_AUTHORIZATION':
'Bearer {}'.format(resp.json()['token'])
}))
assert_not_in('Authorization', self.c.cookies)
assert_true(Token.objects.last().allowed_header)
assert_false(Token.objects.last().allowed_cookie)
def test_user_should_be_authorized_from_token_and_uuid(self, user):
device_token = DeviceKey.objects.create_token(uuid=UUID, user=user)
resp = self.post(self.API_MOBILE_LOGIN_URL, {
'uuid': UUID,
'login_device_token': device_token
})
assert_http_ok(resp)
assert_in('token', resp.json())
assert_http_ok(
self.get(INDEX_URL,
headers={
'HTTP_AUTHORIZATION':
'Bearer {}'.format(resp.json()['token'])
}))
assert_not_in('Authorization', self.c.cookies)
assert_true(Token.objects.last().allowed_header)
assert_false(Token.objects.last().allowed_cookie)
def test_not_superuser_should_not_read_is_superuser_field(self):
user = self.logged_user.user
resp = self.get('%s%s/' % (self.USER_UI_URL, user.pk))
assert_not_in(b'is_superuser', resp.content)
def test_sensitive_data_body_in_json_should_be_hidden(self):
self.c.post('/admin/login/', data=json.dumps({'username': '******', 'password': '******'}),
content_type='application/json')
input_logged_request = InputLoggedRequest.objects.get()
assert_in('"password": "******"', input_logged_request.request_body)
assert_not_in('"password": "******"', input_logged_request.request_body)
