def test_setlang_http_next(self): """ The set_language view only redirects to the 'next' argument if it is "safe" and its scheme is https if the request was sent over https. """ lang_code = self._get_inactive_language_code() non_https_next_url = 'http://testserver/redirection/' post_data = {'language': lang_code, 'next': non_https_next_url} # Insecure URL in POST data. response = self.client.post('/i18n/setlang/', data=post_data, secure=True) self.assertEqual(response.url, '/') self.assertEqual( self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code) with ignore_warnings(category=RemovedInDjango40Warning): self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code) # Insecure URL in HTTP referer. response = self.client.post('/i18n/setlang/', secure=True, HTTP_REFERER=non_https_next_url) self.assertEqual(response.url, '/') self.assertEqual( self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code) with ignore_warnings(category=RemovedInDjango40Warning): self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_explicit_default_app_config_without_apps(self): """ Load an app that specifies a default AppConfig class in __init__ and do not have an apps module. """ msg = ( "'apps.explicit_default_config_without_apps' defines " "default_app_config = 'apps.explicit_default_config_without_apps." "ExplicitDefaultConfigWithoutApps'. However, Django's automatic " "detection did not find this configuration. You should move the " "default config class to the apps submodule of your application " "and, if this module defines several config classes, mark the " "default one with default = True.") with self.assertRaisesMessage(RemovedInDjango41Warning, msg): with self.settings(INSTALLED_APPS=[ 'apps.explicit_default_config_without_apps' ]): pass with ignore_warnings(category=RemovedInDjango41Warning): with self.settings(INSTALLED_APPS=[ 'apps.explicit_default_config_without_apps' ]): self.assertIsInstance( apps.get_app_config( 'explicit_default_config_without_apps'), ExplicitDefaultConfigWithoutApps, )
def test_locale_aware(self): d = datetime(2007, 9, 17, 12, 51, 34, 482548) # RemovedInDjango50Warning: When the deprecation ends, remove # @ignore_warnings and USE_L10N=False. The assertion should remain # because format-related settings will take precedence over # locale-dictated formats. with ignore_warnings(category=RemovedInDjango50Warning): with self.settings(USE_L10N=False): with self.settings(DATETIME_INPUT_FORMATS=[ '%Y-%m-%d %H:%M:%S', '%Y-%m-%d %H:%M:%S.%f', '%Y-%m-%d %H:%M', ]): self.check_html( self.widget, 'date', d, html= '<input type="text" name="date" value="2007-09-17 12:51:34">', ) with translation.override('es'): self.check_html( self.widget, 'date', d, html= '<input type="text" name="date" value="17/09/2007 12:51:34">', )
def test_explicit_default_app_config_mismatch(self): """ Load an app that specifies a default AppConfig class not matching the autodetected one. """ msg = ( "'apps.explicit_default_config_mismatch_app' defines " "default_app_config = 'apps.explicit_default_config_mismatch_app." "not_apps.ExplicitDefaultConfigMismatch'. However, Django's " "automatic detection picked another configuration, 'apps." "explicit_default_config_mismatch_app.apps." "ImplicitDefaultConfigMismatch'. You should move the default " "config class to the apps submodule of your application and, if " "this module defines several config classes, mark the default one " "with default = True.") with self.assertRaisesMessage(RemovedInDjango41Warning, msg): with self.settings(INSTALLED_APPS=[ 'apps.explicit_default_config_mismatch_app' ]): pass with ignore_warnings(category=RemovedInDjango41Warning): with self.settings(INSTALLED_APPS=[ 'apps.explicit_default_config_mismatch_app' ]): self.assertIsInstance( apps.get_app_config( 'explicit_default_config_mismatch_app'), ExplicitDefaultConfigMismatch, )
def test_include_error08(self): template = self.engine.get_template('include-error08') if self.engine.debug: with self.assertRaises(TemplateSyntaxError): template.render(Context()) else: with ignore_warnings(category=RemovedInDjango21Warning): self.assertEqual(template.render(Context()), '')
def test_include_error07(self): template = self.engine.get_template("include-error07") if self.engine.debug: with self.assertRaises(RuntimeError): template.render(Context()) else: with ignore_warnings(category=RemovedInDjango21Warning): self.assertEqual(template.render(Context()), "")
def test_include_error10(self): context = Context({'failed_include': 'include-fail2'}) template = self.engine.get_template('include-error10') if self.engine.debug: with self.assertRaises(TemplateSyntaxError): template.render(context) else: with ignore_warnings(category=RemovedInDjango21Warning): self.assertEqual(template.render(context), '')
def test_include_error09(self): context = Context({"failed_include": "include-fail1"}) template = self.engine.get_template("include-error09") if self.engine.debug: with self.assertRaises(RuntimeError): template.render(context) else: with ignore_warnings(category=RemovedInDjango21Warning): self.assertEqual(template.render(context), "")
def test_logs_exceptions_during_rendering_with_no_template_name(self): template = self.engine.from_string('{% include "child" %}') with ignore_warnings(category=RemovedInDjango21Warning): self.assertEqual(template.render(self.ctx), '') self.assertEqual( self.test_handler.log_record.getMessage(), "Exception raised while rendering {% include %} for template " "'unknown'. Empty string rendered instead.") self.assertIsNotNone(self.test_handler.log_record.exc_info) self.assertEqual(self.test_handler.log_record.levelno, logging.WARN)
def test_serialize_datetime(self): self.assertSerializedEqual(datetime.datetime.now()) self.assertSerializedEqual(datetime.datetime.now) self.assertSerializedEqual(datetime.datetime.today()) self.assertSerializedEqual(datetime.datetime.today) self.assertSerializedEqual(datetime.date.today()) self.assertSerializedEqual(datetime.date.today) self.assertSerializedEqual(datetime.datetime.now().time()) self.assertSerializedEqual( datetime.datetime(2014, 1, 1, 1, 1, tzinfo=get_default_timezone())) self.assertSerializedEqual( datetime.datetime(2013, 12, 31, 22, 1, tzinfo=get_fixed_timezone(180))) self.assertSerializedResultEqual( datetime.datetime(2014, 1, 1, 1, 1), ("datetime.datetime(2014, 1, 1, 1, 1)", {"import datetime"}), ) with ignore_warnings(category=RemovedInDjango50Warning): from django.utils.timezone import utc for tzinfo in (utc, datetime.timezone.utc): with self.subTest(tzinfo=tzinfo): self.assertSerializedResultEqual( datetime.datetime(2012, 1, 1, 1, 1, tzinfo=tzinfo), ( "datetime.datetime" "(2012, 1, 1, 1, 1, tzinfo=datetime.timezone.utc)", {"import datetime"}, ), ) self.assertSerializedResultEqual( datetime.datetime(2012, 1, 1, 2, 1, tzinfo=zoneinfo.ZoneInfo("Europe/Paris")), ( "datetime.datetime(2012, 1, 1, 1, 1, tzinfo=datetime.timezone.utc)", {"import datetime"}, ), ) if pytz: self.assertSerializedResultEqual( pytz.timezone("Europe/Paris").localize( datetime.datetime(2012, 1, 1, 2, 1)), ( "datetime.datetime(2012, 1, 1, 1, 1, tzinfo=datetime.timezone.utc)", {"import datetime"}, ), )
def test_setlang_http_next(self): """ The set_language view only redirects to the 'next' argument if it is "safe" and its scheme is https if the request was sent over https. """ lang_code = self._get_inactive_language_code() non_https_next_url = 'http://testserver/redirection/' post_data = {'language': lang_code, 'next': non_https_next_url} # Insecure URL in POST data. response = self.client.post('/i18n/setlang/', data=post_data, secure=True) self.assertEqual(response.url, '/') self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code) with ignore_warnings(category=RemovedInDjango40Warning): self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code) # Insecure URL in HTTP referer. response = self.client.post('/i18n/setlang/', secure=True, HTTP_REFERER=non_https_next_url) self.assertEqual(response.url, '/') self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code) with ignore_warnings(category=RemovedInDjango40Warning): self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_setlang_doesnt_perform_a_default_redirect_for_ajax(self): """ The set_language view returns 204 for AJAX calls by default. """ lang_code = self._get_inactive_language_code() post_data = {'language': lang_code} response = self.client.post('/i18n/setlang/', post_data, HTTP_X_REQUESTED_WITH='XMLHttpRequest') self.assertEqual(response.status_code, 204) self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code) with ignore_warnings(category=RemovedInDjango40Warning): self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_setlang_performs_redirect_for_ajax_if_explicitly_requested(self): """ The set_language view redirects to the "next" parameter for AJAX calls. """ lang_code = self._get_inactive_language_code() post_data = {'language': lang_code, 'next': '/'} response = self.client.post('/i18n/setlang/', post_data, HTTP_X_REQUESTED_WITH='XMLHttpRequest') self.assertRedirects(response, '/') self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code) with ignore_warnings(category=RemovedInDjango40Warning): self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_logs_exceptions_during_rendering_with_no_template_name(self): template = self.engine.from_string('{% include "child" %}') with ignore_warnings(category=RemovedInDjango21Warning): self.assertEqual(template.render(self.ctx), '') self.assertEqual( self.test_handler.log_record.getMessage(), "Exception raised while rendering {% include %} for template " "'unknown'. Empty string rendered instead." ) self.assertIsNotNone(self.test_handler.log_record.exc_info) self.assertEqual(self.test_handler.log_record.levelno, logging.WARN)
def test_setlang_default_redirect(self): """ The set_language view redirects to '/' when there isn't a referer or "next" parameter. """ lang_code = self._get_inactive_language_code() post_data = {'language': lang_code} response = self.client.post('/i18n/setlang/', post_data) self.assertRedirects(response, '/') self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code) with ignore_warnings(category=RemovedInDjango40Warning): self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_setlang_redirect_to_referer(self): """ The set_language view redirects to the URL in the referer header when there isn't a "next" parameter. """ lang_code = self._get_inactive_language_code() post_data = {'language': lang_code} response = self.client.post('/i18n/setlang/', post_data, HTTP_REFERER='/i18n/') self.assertRedirects(response, '/i18n/', fetch_redirect_response=False) self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code) with ignore_warnings(category=RemovedInDjango40Warning): self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_setlang_unsafe_next(self): """ The set_language view only redirects to the 'next' argument if it is "safe". """ lang_code = self._get_inactive_language_code() post_data = {'language': lang_code, 'next': '//unsafe/redirection/'} response = self.client.post('/i18n/setlang/', data=post_data) self.assertEqual(response.url, '/') self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code) with ignore_warnings(category=RemovedInDjango40Warning): self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_setlang_doesnt_perform_a_redirect_to_referer_for_ajax(self): """ The set_language view doesn't redirect to the HTTP referer header for AJAX calls. """ lang_code = self._get_inactive_language_code() post_data = {'language': lang_code} headers = {'HTTP_REFERER': '/', 'HTTP_X_REQUESTED_WITH': 'XMLHttpRequest'} response = self.client.post('/i18n/setlang/', post_data, **headers) self.assertEqual(response.status_code, 204) self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code) with ignore_warnings(category=RemovedInDjango40Warning): self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_setlang_decodes_http_referer_url(self): """ The set_language view decodes the HTTP_REFERER URL. """ # The URL & view must exist for this to work as a regression test. self.assertEqual(reverse('with_parameter', kwargs={'parameter': 'x'}), '/test-setlang/x/') lang_code = self._get_inactive_language_code() encoded_url = '/test-setlang/%C3%A4/' # (%C3%A4 decodes to ä) response = self.client.post('/i18n/setlang/', {'language': lang_code}, HTTP_REFERER=encoded_url) self.assertRedirects(response, encoded_url, fetch_redirect_response=False) self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code) with ignore_warnings(category=RemovedInDjango40Warning): self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_lang_from_translated_i18n_pattern(self): response = self.client.post( '/i18n/setlang/', data={'language': 'nl'}, follow=True, HTTP_REFERER='/en/translated/' ) self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, 'nl') with ignore_warnings(category=RemovedInDjango40Warning): self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], 'nl') self.assertRedirects(response, '/nl/vertaald/') # And reverse response = self.client.post( '/i18n/setlang/', data={'language': 'en'}, follow=True, HTTP_REFERER='/nl/vertaald/' ) self.assertRedirects(response, '/en/translated/')
def test_setlang_doesnt_perform_a_default_redirect_for_ajax(self): """ The set_language view returns 204 by default for requests not accepting HTML response content. """ lang_code = self._get_inactive_language_code() post_data = {'language': lang_code} response = self.client.post('/i18n/setlang/', post_data, HTTP_ACCEPT='application/json') self.assertEqual(response.status_code, 204) self.assertEqual( self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code) with ignore_warnings(category=RemovedInDjango40Warning): self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_setlang_performs_redirect_for_ajax_if_explicitly_requested(self): """ The set_language view redirects to the "next" parameter for requests not accepting HTML response content. """ lang_code = self._get_inactive_language_code() post_data = {'language': lang_code, 'next': '/'} response = self.client.post('/i18n/setlang/', post_data, HTTP_ACCEPT='application/json') self.assertRedirects(response, '/') self.assertEqual( self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code) with ignore_warnings(category=RemovedInDjango40Warning): self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_setlang(self): """ The set_language view can be used to change the session language. The user is redirected to the 'next' argument if provided. """ lang_code = self._get_inactive_language_code() post_data = {'language': lang_code, 'next': '/'} response = self.client.post('/i18n/setlang/', post_data, HTTP_REFERER='/i_should_not_be_used/') self.assertRedirects(response, '/') with ignore_warnings(category=RemovedInDjango40Warning): self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code) # The language is set in a cookie. language_cookie = self.client.cookies[settings.LANGUAGE_COOKIE_NAME] self.assertEqual(language_cookie.value, lang_code) self.assertEqual(language_cookie['domain'], '') self.assertEqual(language_cookie['path'], '/') self.assertEqual(language_cookie['max-age'], '')
def test_bad_urls(self): bad_urls = ( 'http://example.com', 'http:///example.com', 'https://example.com', 'ftp://example.com', r'\\example.com', r'\\\example.com', r'/\\/example.com', r'\\\example.com', r'\\example.com', r'\\//example.com', r'/\/example.com', r'\/example.com', r'/\example.com', 'http:///example.com', r'http:/\//example.com', r'http:\/example.com', r'http:/\example.com', 'javascript:alert("XSS")', '\njavascript:alert(x)', '\x08//example.com', r'http://otherserver\@example.com', r'http:\\testserver\@example.com', r'http://testserver\me:[email protected]', r'http://testserver\@example.com', r'http:\\testserver\confirm\[email protected]', 'http:999999999', 'ftp:9999999999', '\n', 'http://[2001:cdba:0000:0000:0000:0000:3257:9652/', 'http://2001:cdba:0000:0000:0000:0000:3257:9652]/', ) for bad_url in bad_urls: with self.subTest(url=bad_url): with ignore_warnings(category=RemovedInDjango21Warning): self.assertIs(http.is_safe_url(bad_url, host='testserver'), False) self.assertIs( is_safe_url(bad_url, allowed_hosts={'testserver', 'testserver2'}), False)
def test_explicit_default_app_config_warning(self): """ Load an app that specifies a default AppConfig class matching the autodetected one. """ msg = ( "'apps.explicit_default_config_app' defines default_app_config = " "'apps.explicit_default_config_app.apps.ExplicitDefaultConfig'. " "Django now detects this configuration automatically. You can " "remove default_app_config." ) with self.assertRaisesMessage(RemovedInDjango41Warning, msg): with self.settings(INSTALLED_APPS=['apps.explicit_default_config_app']): pass with ignore_warnings(category=RemovedInDjango41Warning): with self.settings(INSTALLED_APPS=['apps.explicit_default_config_app']): self.assertIsInstance( apps.get_app_config('explicit_default_config_app'), ExplicitDefaultConfig, )
def test_good_urls(self): good_urls = ( '/view/?param=http://example.com', '/view/?param=https://example.com', '/view?param=ftp://example.com', 'view/?param=//example.com', 'https://testserver/', 'HTTPS://testserver/', '//testserver/', 'http://testserver/[email protected]', '/url%20with%20spaces/', 'path/http:2222222222', ) for good_url in good_urls: with self.subTest(url=good_url): with ignore_warnings(category=RemovedInDjango21Warning): self.assertIs( http.is_safe_url(good_url, host='testserver'), True) self.assertIs( is_safe_url(good_url, allowed_hosts={'otherserver', 'testserver'}), True)
from __future__ import unicode_literals from django.conf.urls.i18n import i18n_patterns from django.http import HttpResponse, StreamingHttpResponse from django.test import ignore_warnings from django.utils.deprecation import RemovedInDjango20Warning from django.utils.translation import ugettext_lazy as _ # test deprecated version of i18n_patterns() function (with prefix). Remove it # and convert to list of urls() in Django 2.0 i18n_patterns = ignore_warnings( category=RemovedInDjango20Warning)(i18n_patterns) urlpatterns = i18n_patterns( '', (r'^simple/$', lambda r: HttpResponse()), (r'^streaming/$', lambda r: StreamingHttpResponse([_("Yes"), "/", _("No")])), )
def test_is_safe_url(self): bad_urls = ( 'http://example.com', 'http:///example.com', 'https://example.com', 'ftp://example.com', r'\\example.com', r'\\\example.com', r'/\\/example.com', r'\\\example.com', r'\\example.com', r'\\//example.com', r'/\/example.com', r'\/example.com', r'/\example.com', 'http:///example.com', r'http:/\//example.com', r'http:\/example.com', r'http:/\example.com', 'javascript:alert("XSS")', '\njavascript:alert(x)', '\x08//example.com', r'http://otherserver\@example.com', r'http:\\testserver\@example.com', r'http://testserver\me:[email protected]', r'http://testserver\@example.com', r'http:\\testserver\confirm\[email protected]', 'http:999999999', 'ftp:9999999999', '\n', ) for bad_url in bad_urls: with ignore_warnings(category=RemovedInDjango21Warning): self.assertFalse(http.is_safe_url(bad_url, host='testserver'), "%s should be blocked" % bad_url) self.assertFalse( http.is_safe_url(bad_url, allowed_hosts={'testserver', 'testserver2'}), "%s should be blocked" % bad_url, ) good_urls = ( '/view/?param=http://example.com', '/view/?param=https://example.com', '/view?param=ftp://example.com', 'view/?param=//example.com', 'https://testserver/', 'HTTPS://testserver/', '//testserver/', 'http://testserver/[email protected]', '/url%20with%20spaces/', 'path/http:2222222222', ) for good_url in good_urls: with ignore_warnings(category=RemovedInDjango21Warning): self.assertTrue(http.is_safe_url(good_url, host='testserver'), "%s should be allowed" % good_url) self.assertTrue( http.is_safe_url(good_url, allowed_hosts={'otherserver', 'testserver'}), "%s should be allowed" % good_url, ) if six.PY2: # Check binary URLs, regression tests for #26308 self.assertTrue( http.is_safe_url(b'https://testserver/', allowed_hosts={'testserver'}), "binary URLs should be allowed on Python 2") self.assertFalse( http.is_safe_url(b'\x08//example.com', allowed_hosts={'testserver'})) self.assertTrue( http.is_safe_url('àview/'.encode('utf-8'), allowed_hosts={'testserver'})) self.assertFalse( http.is_safe_url('àview'.encode('latin-1'), allowed_hosts={'testserver'})) # Valid basic auth credentials are allowed. self.assertTrue( http.is_safe_url(r'http://*****:*****@testserver/', allowed_hosts={'user:pass@testserver'})) # A path without host is allowed. self.assertTrue(http.is_safe_url('/confirm/[email protected]')) # Basic auth without host is not allowed. self.assertFalse(http.is_safe_url(r'http://testserver\@example.com'))
from django.contrib.gis.db import models from django.test import ignore_warnings from django.utils.deprecation import RemovedInDjango50Warning from ..admin import admin class City(models.Model): name = models.CharField(max_length=30) point = models.PointField() class Meta: app_label = "geoadmini_deprecated" def __str__(self): return self.name site = admin.AdminSite(name="admin_gis") with ignore_warnings(category=RemovedInDjango50Warning): site.register(City, admin.OSMGeoAdmin)
from __future__ import unicode_literals from django.conf.urls.i18n import i18n_patterns from django.http import HttpResponse, StreamingHttpResponse from django.test import ignore_warnings from django.utils.deprecation import RemovedInDjango20Warning from django.utils.translation import ugettext_lazy as _ # test deprecated version of i18n_patterns() function (with prefix). Remove it # and convert to list of urls() in Django 2.0 i18n_patterns = ignore_warnings(category=RemovedInDjango20Warning)(i18n_patterns) urlpatterns = i18n_patterns('', (r'^simple/$', lambda r: HttpResponse()), (r'^streaming/$', lambda r: StreamingHttpResponse([_("Yes"), "/", _("No")])), )
def test_eq(self): constraint_1 = ExclusionConstraint( name="exclude_overlapping", expressions=[ (F("datespan"), RangeOperators.OVERLAPS), (F("room"), RangeOperators.EQUAL), ], condition=Q(cancelled=False), ) constraint_2 = ExclusionConstraint( name="exclude_overlapping", expressions=[ ("datespan", RangeOperators.OVERLAPS), ("room", RangeOperators.EQUAL), ], ) constraint_3 = ExclusionConstraint( name="exclude_overlapping", expressions=[("datespan", RangeOperators.OVERLAPS)], condition=Q(cancelled=False), ) constraint_4 = ExclusionConstraint( name="exclude_overlapping", expressions=[ ("datespan", RangeOperators.OVERLAPS), ("room", RangeOperators.EQUAL), ], deferrable=Deferrable.DEFERRED, ) constraint_5 = ExclusionConstraint( name="exclude_overlapping", expressions=[ ("datespan", RangeOperators.OVERLAPS), ("room", RangeOperators.EQUAL), ], deferrable=Deferrable.IMMEDIATE, ) constraint_6 = ExclusionConstraint( name="exclude_overlapping", expressions=[ ("datespan", RangeOperators.OVERLAPS), ("room", RangeOperators.EQUAL), ], deferrable=Deferrable.IMMEDIATE, include=["cancelled"], ) constraint_7 = ExclusionConstraint( name="exclude_overlapping", expressions=[ ("datespan", RangeOperators.OVERLAPS), ("room", RangeOperators.EQUAL), ], include=["cancelled"], ) with ignore_warnings(category=RemovedInDjango50Warning): constraint_8 = ExclusionConstraint( name="exclude_overlapping", expressions=[ ("datespan", RangeOperators.OVERLAPS), ("room", RangeOperators.EQUAL), ], include=["cancelled"], opclasses=["range_ops", "range_ops"], ) constraint_9 = ExclusionConstraint( name="exclude_overlapping", expressions=[ ("datespan", RangeOperators.OVERLAPS), ("room", RangeOperators.EQUAL), ], opclasses=["range_ops", "range_ops"], ) self.assertNotEqual(constraint_2, constraint_9) self.assertNotEqual(constraint_7, constraint_8) self.assertEqual(constraint_1, constraint_1) self.assertEqual(constraint_1, mock.ANY) self.assertNotEqual(constraint_1, constraint_2) self.assertNotEqual(constraint_1, constraint_3) self.assertNotEqual(constraint_1, constraint_4) self.assertNotEqual(constraint_2, constraint_3) self.assertNotEqual(constraint_2, constraint_4) self.assertNotEqual(constraint_2, constraint_7) self.assertNotEqual(constraint_4, constraint_5) self.assertNotEqual(constraint_5, constraint_6) self.assertNotEqual(constraint_1, object())
def test_is_safe_url(self): bad_urls = ( "http://example.com", "http:///example.com", "https://example.com", "ftp://example.com", r"\\example.com", r"\\\example.com", r"/\\/example.com", r"\\\example.com", r"\\example.com", r"\\//example.com", r"/\/example.com", r"\/example.com", r"/\example.com", "http:///example.com", r"http:/\//example.com", r"http:\/example.com", r"http:/\example.com", 'javascript:alert("XSS")', "\njavascript:alert(x)", "\x08//example.com", r"http://otherserver\@example.com", r"http:\\testserver\@example.com", r"http://testserver\me:[email protected]", r"http://testserver\@example.com", r"http:\\testserver\confirm\[email protected]", "\n", ) for bad_url in bad_urls: with ignore_warnings(category=RemovedInDjango21Warning): self.assertFalse(http.is_safe_url(bad_url, host="testserver"), "%s should be blocked" % bad_url) self.assertFalse( http.is_safe_url(bad_url, allowed_hosts={"testserver", "testserver2"}), "%s should be blocked" % bad_url ) good_urls = ( "/view/?param=http://example.com", "/view/?param=https://example.com", "/view?param=ftp://example.com", "view/?param=//example.com", "https://testserver/", "HTTPS://testserver/", "//testserver/", "http://testserver/[email protected]", "/url%20with%20spaces/", ) for good_url in good_urls: with ignore_warnings(category=RemovedInDjango21Warning): self.assertTrue(http.is_safe_url(good_url, host="testserver"), "%s should be allowed" % good_url) self.assertTrue( http.is_safe_url(good_url, allowed_hosts={"otherserver", "testserver"}), "%s should be allowed" % good_url, ) # Valid basic auth credentials are allowed. self.assertTrue(http.is_safe_url(r"http://*****:*****@testserver/", allowed_hosts={"user:pass@testserver"})) # A path without host is allowed. self.assertTrue(http.is_safe_url("/confirm/[email protected]")) # Basic auth without host is not allowed. self.assertFalse(http.is_safe_url(r"http://testserver\@example.com"))
def test_is_safe_url(self): bad_urls = ( 'http://example.com', 'http:///example.com', 'https://example.com', 'ftp://example.com', r'\\example.com', r'\\\example.com', r'/\\/example.com', r'\\\example.com', r'\\example.com', r'\\//example.com', r'/\/example.com', r'\/example.com', r'/\example.com', 'http:///example.com', r'http:/\//example.com', r'http:\/example.com', r'http:/\example.com', 'javascript:alert("XSS")', '\njavascript:alert(x)', '\x08//example.com', r'http://otherserver\@example.com', r'http:\\testserver\@example.com', r'http://testserver\me:[email protected]', r'http://testserver\@example.com', r'http:\\testserver\confirm\[email protected]', 'http:999999999', 'ftp:9999999999', '\n', 'http://[2001:cdba:0000:0000:0000:0000:3257:9652/', 'http://*****:*****@example.com', '/url%20with%20spaces/', 'path/http:2222222222', ) for good_url in good_urls: with ignore_warnings(category=RemovedInDjango21Warning): self.assertTrue(http.is_safe_url(good_url, host='testserver'), "%s should be allowed" % good_url) self.assertTrue( http.is_safe_url(good_url, allowed_hosts={'otherserver', 'testserver'}), "%s should be allowed" % good_url, ) # Valid basic auth credentials are allowed. self.assertTrue( http.is_safe_url(r'http://*****:*****@testserver/', allowed_hosts={'user:pass@testserver'})) # A path without host is allowed. self.assertTrue(http.is_safe_url('/confirm/[email protected]')) # Basic auth without host is not allowed. self.assertFalse(http.is_safe_url(r'http://testserver\@example.com'))
def test_is_safe_url(self): bad_urls = ( 'http://example.com', 'http:///example.com', 'https://example.com', 'ftp://example.com', r'\\example.com', r'\\\example.com', r'/\\/example.com', r'\\\example.com', r'\\example.com', r'\\//example.com', r'/\/example.com', r'\/example.com', r'/\example.com', 'http:///example.com', r'http:/\//example.com', r'http:\/example.com', r'http:/\example.com', 'javascript:alert("XSS")', '\njavascript:alert(x)', '\x08//example.com', r'http://otherserver\@example.com', r'http:\\testserver\@example.com', r'http://testserver\me:[email protected]', r'http://testserver\@example.com', r'http:\\testserver\confirm\[email protected]', '\n', ) for bad_url in bad_urls: with ignore_warnings(category=RemovedInDjango21Warning): self.assertFalse(http.is_safe_url(bad_url, host='testserver'), "%s should be blocked" % bad_url) self.assertFalse( http.is_safe_url(bad_url, allowed_hosts={'testserver', 'testserver2'}), "%s should be blocked" % bad_url, ) good_urls = ( '/view/?param=http://example.com', '/view/?param=https://example.com', '/view?param=ftp://example.com', 'view/?param=//example.com', 'https://testserver/', 'HTTPS://testserver/', '//testserver/', 'http://testserver/[email protected]', '/url%20with%20spaces/', ) for good_url in good_urls: with ignore_warnings(category=RemovedInDjango21Warning): self.assertTrue(http.is_safe_url(good_url, host='testserver'), "%s should be allowed" % good_url) self.assertTrue( http.is_safe_url(good_url, allowed_hosts={'otherserver', 'testserver'}), "%s should be allowed" % good_url, ) if six.PY2: # Check binary URLs, regression tests for #26308 self.assertTrue( http.is_safe_url(b'https://testserver/', allowed_hosts={'testserver'}), "binary URLs should be allowed on Python 2" ) self.assertFalse(http.is_safe_url(b'\x08//example.com', allowed_hosts={'testserver'})) self.assertTrue(http.is_safe_url('àview/'.encode('utf-8'), allowed_hosts={'testserver'})) self.assertFalse(http.is_safe_url('àview'.encode('latin-1'), allowed_hosts={'testserver'})) # Valid basic auth credentials are allowed. self.assertTrue(http.is_safe_url(r'http://*****:*****@testserver/', allowed_hosts={'user:pass@testserver'})) # A path without host is allowed. self.assertTrue(http.is_safe_url('/confirm/[email protected]')) # Basic auth without host is not allowed. self.assertFalse(http.is_safe_url(r'http://testserver\@example.com'))
def test_is_safe_url(self): bad_urls = ( 'http://example.com', 'http:///example.com', 'https://example.com', 'ftp://example.com', r'\\example.com', r'\\\example.com', r'/\\/example.com', r'\\\example.com', r'\\example.com', r'\\//example.com', r'/\/example.com', r'\/example.com', r'/\example.com', 'http:///example.com', r'http:/\//example.com', r'http:\/example.com', r'http:/\example.com', 'javascript:alert("XSS")', '\njavascript:alert(x)', '\x08//example.com', r'http://otherserver\@example.com', r'http:\\testserver\@example.com', r'http://testserver\me:[email protected]', r'http://testserver\@example.com', r'http:\\testserver\confirm\[email protected]', 'http:999999999', 'ftp:9999999999', '\n', 'http://[2001:cdba:0000:0000:0000:0000:3257:9652/', 'http://*****:*****@example.com', '/url%20with%20spaces/', 'path/http:2222222222', ) for good_url in good_urls: with ignore_warnings(category=RemovedInDjango21Warning): self.assertTrue(http.is_safe_url(good_url, host='testserver'), "%s should be allowed" % good_url) self.assertTrue( http.is_safe_url(good_url, allowed_hosts={'otherserver', 'testserver'}), "%s should be allowed" % good_url, ) # Valid basic auth credentials are allowed. self.assertTrue(http.is_safe_url(r'http://*****:*****@testserver/', allowed_hosts={'user:pass@testserver'})) # A path without host is allowed. self.assertTrue(http.is_safe_url('/confirm/[email protected]')) # Basic auth without host is not allowed. self.assertFalse(http.is_safe_url(r'http://testserver\@example.com'))