def test_otp_fido2_check_success_url(self): # Given there is no next querystring set request_factory = RequestFactory() request = request_factory.get("/accounts/2fa/fido2/check/") request.user = self.user request.session = SessionBase() otp_fido2_check_view = Fido2Check() otp_fido2_check_view.request = request # Success url is set to Home self.assertEqual(otp_fido2_check_view.get_success_url(), reverse_lazy("home")) # Given there is a safe url in next querystring request = request_factory.get("/accounts/2fa/fido2/check/") request.user = self.user request.session = SessionBase() request.session["next"] = reverse_lazy("account_index") otp_fido2_check_view = Fido2Check() otp_fido2_check_view.request = request # Success url is set to next url self.assertEqual(otp_fido2_check_view.get_success_url(), reverse_lazy("account_index")) # Given there is an unsafe url in next querystring request = request_factory.get("/accounts/2fa/fido2/check/") request.user = self.user request.session = SessionBase() request.session["next"] = "https://buymybitcoins.plz" otp_fido2_check_view = Fido2Check() otp_fido2_check_view.request = request # Success url is set NOT set to next url, it defaults to Home self.assertEqual(otp_fido2_check_view.get_success_url(), reverse_lazy("home"))
def test_stash_utm_params(): session = SessionBase() assert not stash_utm_params(session, {}) assert stash_utm_params(session, {"utm_medium": "foo"}) assert session.modified assert len(session[SESSION_KEY_UTM_PARAMS]) == 1 assert session[SESSION_KEY_UTM_PARAMS][0] == {"utm_medium": "foo"} # add a second set of params assert stash_utm_params(session, {"utm_medium": "bar"}) assert len(session[SESSION_KEY_UTM_PARAMS]) == 2 assert session[SESSION_KEY_UTM_PARAMS][1] == {"utm_medium": "bar"} # add a duplicate set of params assert not stash_utm_params(session, {"utm_medium": "bar"}) assert len(session[SESSION_KEY_UTM_PARAMS]) == 2
def process_request(self, request): for url in self.IGNORE_URLS: if (request.path_info.startswith(url) and settings.SESSION_COOKIE_NAME not in request.COOKIES and self.cookie_name_fallback not in request.COOKIES): # Hack request.session otherwise the Authentication middleware complains. request.session = SessionBase() # create an empty session return if settings.SESSION_COOKIE_SAMESITE: super().process_request(request) else: if settings.SESSION_COOKIE_NAME in request.COOKIES: session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME) else: session_key = request.COOKIES.get(self.cookie_name_fallback) request.session = self.SessionStore(session_key)
def test_middleware(self, mock_utm): request = mock.Mock(spec=HttpRequest) request.session = SessionBase() mock_utm.return_value = { "utm_medium": "medium", "utm_source": "source", "utm_campaign": "campaign", "utm_term": "term", "utm_content": "content", "gclid": "1C5CHFA_enGB874GB874", } middleware = UtmSessionMiddleware(lambda r: HttpResponse()) middleware(request) assert len(request.session[SESSION_KEY_UTM_PARAMS]) == 1 utm_params = request.session[SESSION_KEY_UTM_PARAMS][0] assert utm_params["utm_medium"] == "medium" assert utm_params["utm_source"] == "source" assert utm_params["utm_campaign"] == "campaign" assert utm_params["utm_term"] == "term" assert utm_params["utm_content"] == "content" assert utm_params["gclid"] == "1C5CHFA_enGB874GB874"
def test_otp_totp_confirm_success_url(self): # Given user didn't set static device request_factory = RequestFactory() request = request_factory.post( f"/accounts/2fa/totp/{self.totp_device.id}/") request.user = self.user request.session = SessionBase() otp_totp_confirm_view = TOTPDeviceConfirm() otp_totp_confirm_view.request = request # Success url is set to otp_static_add self.assertEqual(otp_totp_confirm_view.get_success_url(), reverse_lazy("otp_static_add")) # Given user set one static device setup_2fa_static_device(self.user) request = request_factory.post( f"/accounts/2fa/totp/{self.totp_device.id}/") request.user = self.user otp_totp_confirm_view = TOTPDeviceConfirm() otp_totp_confirm_view.request = request # Success url is set to otp_list self.assertEqual(otp_totp_confirm_view.get_success_url(), reverse_lazy("otp_list")) # Given user set two static devices setup_2fa_static_device(self.user) request = request_factory.post( f"/accounts/2fa/totp/{self.totp_device.id}/") request.user = self.user otp_totp_confirm_view = TOTPDeviceConfirm() otp_totp_confirm_view.request = request # Success url is set to otp_list self.assertEqual(otp_totp_confirm_view.get_success_url(), reverse_lazy("otp_list"))
def test_otp_totp_confirm_form_valid_set_data(self): request_factory = RequestFactory() request = request_factory.post( f"/accounts/2fa/totp/{self.totp_device.id}/") request.user = self.user request.session = SessionBase() # mock session create method because it is required by form_valid of parent view (login call) request.session.create = lambda: True otp_totp_confirm_view = TOTPDeviceConfirm() TOTPDeviceConfirm.setup(otp_totp_confirm_view, request, pk=self.totp_device.id) # to init self.kwargs otp_totp_confirm_view.post(request) # to set self.object otp_totp_confirm_view.request = request form = otp_totp_confirm_view.get_form(otp_totp_confirm_view.form_class) form.is_valid() otp_totp_confirm_view.form_valid(form) # Device is saved with confirmed attribute set to True expected_device = TOTPDevice.objects.get(pk=self.totp_device.id) self.assertEqual(expected_device.confirmed, True)
def __init__(self, cookie): SessionBase.__init__(self, 'cookie') self.cookie = cookie self.deleted = False
def request_with_session(rf): request = rf.get('/slash_doesnt_matter') request.session = SessionBase() return request
def set_tenant(session: Session, tenant: AbstractBaseTenant) -> None: session.update({ 'active_tenant': tenant.pk, 'active_tenant_name': tenant.name })
def clear_tenant(session: Session) -> None: session.pop('active_tenant', None) session.pop('active_tenant_name', None)
def pop_utm_params(session: SessionBase) -> List[UtmParamsDict]: """Pop the list of utm_param dicts from a session.""" return session.pop(SESSION_KEY_UTM_PARAMS, [])
def _build_request(self, url='/'): # TODO: in CremeTestCase ?? request = self.factory.get(url) request.session = SessionBase() request.user = self.user return request
def _build_request(self, url='/'): request = self.factory.get(url) request.session = SessionBase() request.user = self.user return request
def is_user_authenticated(session: SessionBase) -> bool: """Return True if user is authenticated on website and False if not""" return session.get("is_authenticated", False)
def build_request(self, url='/', user=None): request = self.request_factory.get(url) request.session = SessionBase() request.user = user or self.user return request
def generic(self, *args, **kwargs): request = super().generic(*args, **kwargs) request.session = SessionBase() request.user = self.user return request
def flush(cls, session: SessionBase): """Remove the table from the session.""" session.pop(PAYLOAD_SESSION_DICTIONARY, None)
def session_logout(session: SessionBase) -> None: session.pop('user_data')
def generic(self, *args, **kwargs): request = super().generic(*args, **kwargs) request.session = SessionBase() request.user = self.user request._messages = default_storage(request) return request