def boot(self, request: Request, response: Response):
"""Boots services required by the container."""
headers = config('middleware.cors') or {}
request.header(headers)
if request.get_request_method().lower() == 'options':
response.view('preflight')
def current_user(self, request: Request):
token = jwt.decode(request.header('HTTP_AUTHORIZATION').replace(
'Token ', ''), KEY, algorithms=['HS256'])
if pendulum.parse(token['expires']).is_past():
request.status(401)
return {'error': 'Your token has expired'}
return {'user': request.user().serialize()}
def currunt_user(self, request: Request):
token = jwt.decode(request.header('HTTP_AUTHORIZATION').replace(
'Token ', ''),
KEY,
algorithms=['HS256'])
if pendulum.parse(token['expires']).is_past():
raise ExpiredToken
return {'user': request.user().serialize()}
class TestSecureHeadersMiddleware:
def setup_method(self):
self.request = Request(generate_wsgi())
self.middleware = SecureHeadersMiddleware(self.request)
self.app = TestSuite().create_container().container
self.app.bind('Request', self.request.load_app(self.app))
self.request = self.app.make('Request')
def test_secure_headers_middleware(self):
self.middleware.after()
assert self.request.header('Strict-Transport-Security'
) == 'max-age=63072000; includeSubdomains'
assert self.request.header('X-Frame-Options') == 'SAMEORIGIN'
def test_secure_headers_gets_middleware_from_the_config(self):
self.request = self.app.make('Request')
self.middleware.after()
assert self.request.header('X-Content-Type-Options') == 'sniff-test'
class TestResponse:
def setup_method(self):
self.app = App()
self.request = Request(generate_wsgi()).load_app(self.app)
self.app.bind('Request', self.request)
self.response = Response(self.app)
def test_can_set_json(self):
self.response.json({'test': 'value'})
assert self.request.is_status(200)
assert self.request.header('Content-Length') == '17'
assert self.request.header(
'Content-Type') == 'application/json; charset=utf-8'
def test_redirect(self):
self.response.redirect('/some/test')
assert self.request.is_status(302)
assert self.request.header('Location', '/some/test')
def test_response_does_not_override_header_from_controller(self):
self.response.view(self.app.resolve(ControllerTest().change_header))
assert self.request.header('Content-Type') == 'application/xml'
def test_view(self):
view = View(self.app).render('test', {'test': 'test'})
self.response.view(view)
assert self.app.make('Response') == 'test'
assert self.request.is_status(200)
self.response.view('foobar')
assert self.app.make('Response') == 'foobar'
def test_view_can_return_integer_as_string(self):
self.response.view(1)
assert self.app.make('Response') == '1'
assert self.request.is_status(200)
class TestCorsMiddleware:
def setup_method(self):
self.request = Request(generate_wsgi())
self.middleware = CorsMiddleware(self.request)
self.app = TestSuite().create_container().container
self.app.bind('Request', self.request.load_app(self.app))
self.request = self.app.make('Request')
def test_secure_headers_middleware(self):
self.middleware.CORS = {"Access-Control-Allow-Origin": "*"}
self.middleware.after()
assert self.request.header('Access-Control-Allow-Origin') == '*'
class TestCorsMiddleware(unittest.TestCase):
def setUp(self):
self.request = Request(generate_wsgi())
self.middleware = CorsMiddleware(self.request)
self.app = TestSuite().create_container().container
self.app.bind('Request', self.request.load_app(self.app))
self.request = self.app.make('Request')
def test_secure_headers_middleware(self):
self.middleware.CORS = {"Access-Control-Allow-Origin": "*"}
self.middleware.before()
self.assertEqual(self.request.header('Access-Control-Allow-Origin'), '*')
def change_header(self, request: Request):
request.header('Content-Type', 'application/xml')
return 'test'
class TestResponse(unittest.TestCase):
def setUp(self):
self.app = App()
self.request = Request(generate_wsgi()).load_app(self.app)
self.app.bind('Request', self.request)
self.app.bind('StatusCode', None)
self.response = Response(self.app)
self.app.bind('Response', self.response)
def test_can_set_json(self):
self.response.json({'test': 'value'})
self.assertTrue(self.request.is_status(200))
self.assertEqual(self.request.header('Content-Length'), '17')
self.assertEqual(self.request.header('Content-Type'),
'application/json; charset=utf-8')
def test_redirect(self):
self.response.redirect('/some/test')
self.request.header('Location', '/some/test')
self.assertTrue(self.request.is_status(302))
self.assertEqual(self.request.header('Location'), '/some/test')
def test_response_does_not_override_header_from_controller(self):
self.response.view(self.app.resolve(ControllerTest().change_header))
self.assertEqual(self.request.header('Content-Type'),
'application/xml')
def test_view(self):
view = View(self.app).render('test', {'test': 'test'})
self.response.view(view)
self.assertEqual(self.app.make('Response'), 'test')
self.assertTrue(self.request.is_status(200))
self.response.view('foobar')
self.assertEqual(self.app.make('Response'), 'foobar')
def test_view_can_return_integer_as_string(self):
self.response.view(1)
self.assertEqual(self.app.make('Response'), '1')
self.assertTrue(self.request.is_status(200))
def test_view_can_set_own_status_code_to_404(self):
self.response.view(self.app.resolve(ControllerTest().change_404))
self.assertTrue(self.request.is_status(404))
def test_view_can_set_own_status_code(self):
self.response.view(self.app.resolve(ControllerTest().change_status))
self.assertTrue(self.request.is_status(203))
def test_view_should_return_a_json_response_when_retrieve_a_user_from_model(
self):
self.assertIsInstance(MockUser(), Model)
self.response.view(MockUser().all())
self.assertIn('"name": "TestUser"', self.app.make('Response'))
self.assertIn('"email": "*****@*****.**"', self.app.make('Response'))
self.response.view(MockUser().find(1))
self.assertIn('"name": "TestUser"', self.app.make('Response'))
self.assertIn('"email": "*****@*****.**"', self.app.make('Response'))
class TestResponse:
def setup_method(self):
self.app = App()
self.request = Request(generate_wsgi()).load_app(self.app)
self.app.bind('Request', self.request)
self.app.bind('StatusCode', None)
self.response = Response(self.app)
self.app.bind('Response', self.response)
def test_can_set_json(self):
self.response.json({'test': 'value'})
assert self.request.is_status(200)
assert self.request.header('Content-Length') == '17'
assert self.request.header(
'Content-Type') == 'application/json; charset=utf-8'
def test_redirect(self):
self.response.redirect('/some/test')
assert self.request.is_status(302)
assert self.request.header('Location', '/some/test')
def test_response_does_not_override_header_from_controller(self):
self.response.view(self.app.resolve(ControllerTest().change_header))
assert self.request.header('Content-Type') == 'application/xml'
def test_view(self):
view = View(self.app).render('test', {'test': 'test'})
self.response.view(view)
assert self.app.make('Response') == 'test'
assert self.request.is_status(200)
self.response.view('foobar')
assert self.app.make('Response') == 'foobar'
def test_view_can_return_integer_as_string(self):
self.response.view(1)
assert self.app.make('Response') == '1'
assert self.request.is_status(200)
def test_view_can_set_own_status_code_to_404(self):
self.response.view(self.app.resolve(ControllerTest().change_404))
assert self.request.is_status(404)
def test_view_can_set_own_status_code(self):
self.response.view(self.app.resolve(ControllerTest().change_status))
assert self.request.is_status(203)
def test_view_should_return_a_json_response_when_retrieve_a_user_from_model(
self):
assert isinstance(MockUser(), Model)
self.response.view(MockUser().all())
json_response = '[{"name": "TestUser", "email": "*****@*****.**"}, {"name": "TestUser", "email": "*****@*****.**"}]'
assert self.app.make('Response') == json_response
self.response.view(MockUser().find(1))
json_response = '{"name": "TestUser", "email": "*****@*****.**"}'
assert self.app.make('Response') == json_response