def test_local_referers(self): """local referers return true""" ok_request = MockRequest( 'GET', { 'HTTP_REFERER': 'http://misago-project.org/', 'HTTP_HOST': 'misago-project.org/', } ) self.assertTrue(is_referer_local(ok_request)) ok_request = MockRequest( 'GET', { 'HTTP_REFERER': 'http://misago-project.org/', 'HTTP_HOST': 'misago-project.org/', } ) self.assertTrue(is_referer_local(ok_request)) ok_request = MockRequest( 'GET', { 'HTTP_REFERER': 'http://misago-project.org/login/', 'HTTP_HOST': 'misago-project.org/', } ) self.assertTrue(is_referer_local(ok_request))
def test_foreign_referers(self): """non-local referers return false""" bad_request = MockRequest( 'GET', { 'HTTP_REFERER': 'http://else-project.org/', 'HTTP_HOST': 'misago-project.org/', } ) self.assertFalse(is_referer_local(bad_request)) bad_request = MockRequest( 'GET', { 'HTTP_REFERER': 'https://misago-project.org/', 'HTTP_HOST': 'misago-project.org/', } ) self.assertFalse(is_referer_local(bad_request)) bad_request = MockRequest( 'GET', { 'HTTP_REFERER': 'http://misago-project.org/', 'HTTP_HOST': 'misago-project.org/assadsa/', } ) self.assertFalse(is_referer_local(bad_request))
def uiserver(request): mute_tracker(request) if not is_referer_local(request): raise PermissionDenied() resolver_match = get_resolver_match(request) response_dict = {} now = int(time()) for name, cache_frequency, view in UI_VIEWS: cache_key = 'uijson_%s' % name cache = request.session.get(cache_key) if not cache or cache['expires'] < now: try: view_response = view(request, resolver_match) except PermissionDenied: view_response = None request.session[cache_key] = { 'json': view_response, 'expires': now + cache_frequency } if view_response: response_dict[name] = view_response elif cache['json']: response_dict[name] = cache['json'] return JsonResponse(response_dict)
def uiserver(request): mute_tracker(request) if not is_referer_local(request): raise PermissionDenied() resolver_match = get_resolver_match(request) response_dict = {} for name, view in UI_VIEWS: try: view_response = view(request, resolver_match) if view_response: response_dict[name] = view_response except PermissionDenied: pass return JsonResponse(response_dict)
def uiserver(request): mute_tracker(request) if not is_referer_local(request): raise PermissionDenied() resolver_match = get_resolver_match(request) response_dict = {'total_count': 0} for name, view in UI_VIEWS: try: view_response = view(request, resolver_match) if view_response: response_dict['total_count'] += view_response.get('count', 0) response_dict[name] = view_response except (Http404, PermissionDenied): pass return JsonResponse(response_dict)