Example #1
0
def test_trusted_hosts():
    """Test trusted hosts configuration."""
    app = create_ui(
        APP_ALLOWED_HOSTS=['example.org', 'www.example.org'],
        APP_ENABLE_SECURE_HEADERS=False,
    )

    @app.route('/')
    def index():
        return request.host

    with app.test_client() as client:
        res = client.get('/', headers={'Host': 'attacker.org'})
        assert res.status_code == 400

        res = client.get('/', headers={'Host': 'example.org'})
        assert res.status_code == 200

        res = client.get('/', headers={'Host': 'www.example.org'})
        assert res.status_code == 200

    # Make sure X-Forwarded-Host can be used as well.
    with app.test_client() as client:
        res = client.get('/',
                         headers={
                             'Host': 'example.org',
                             'X-Forwarded-Host': 'attacker.org'
                         })
        assert res.status_code == 400
Example #2
0
def test_trusted_hosts():
    """Test trusted hosts configuration."""
    app = create_ui(APP_ALLOWED_HOSTS=['example.org', 'www.example.org'],
                    APP_ENABLE_SECURE_HEADERS=False,
                    RATELIMIT_ENABLED=False)

    @app.route('/host')
    def index_host():
        return request.host

    @app.route('/url-for')
    def index_url():
        return url_for('index_url', _external=True)

    with app.test_client() as client:
        for u in ['/host', '/url-for']:
            res = client.get(u, headers={'Host': 'attacker.org'})
            assert res.status_code == 400

            res = client.get(u, headers={'Host': 'example.org'})
            assert res.status_code == 200

            res = client.get(u, headers={'Host': 'www.example.org'})
            assert res.status_code == 200
Example #3
0
def test_config_loader():
    """Test config loader."""
    app = create_ui()
    assert 'cache_size' in app.jinja_options
Example #4
0
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""Celery application for Invenio flavours."""

from __future__ import absolute_import, print_function

from dotenv import load_dotenv
from flask_celeryext import create_celery_app
from invenio_app.factory import create_ui

# load .env and .flaskenv
load_dotenv()

celery = create_celery_app(
    create_ui(
        SENTRY_TRANSPORT='raven.transport.http.HTTPTransport',
        RATELIMIT_ENABLED=False,
    ))
"""Celery application for Invenio.
Overrides SENTRY_TRANSPORT wih synchronous HTTP transport since Celery does not
deal nicely with the default threaded transport.
"""

# Trigger an app log message upon import. This makes Sentry logging
# work with `get_task_logger(__name__)`.
celery.flask_app.logger.info('Created Celery app')
Example #5
0
def theme_app(instance_path, blueprint):
    """Application with template theming."""
    app = create_ui(APP_THEME=['semantic-ui', 'bootstrap3'])
    app.register_blueprint(blueprint)
    with app.app_context():
        yield app
Example #6
0
def notheme_app(instance_path, blueprint):
    """Application without template theming."""
    app = create_ui()
    app.register_blueprint(blueprint)
    with app.app_context():
        yield app
Example #7
0
def test_config_loader():
    """Test config loader."""
    app = create_ui()
    assert app.jinja_env.cache_size == 1000