Exemple #1
0
 def test_setlang_http_next(self):
     """
     The set_language view only redirects to the 'next' argument if it is
     "safe" and its scheme is https if the request was sent over https.
     """
     lang_code = self._get_inactive_language_code()
     non_https_next_url = 'http://testserver/redirection/'
     post_data = {'language': lang_code, 'next': non_https_next_url}
     # Insecure URL in POST data.
     response = self.client.post('/i18n/setlang/',
                                 data=post_data,
                                 secure=True)
     self.assertEqual(response.url, '/')
     self.assertEqual(
         self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value,
         lang_code)
     with ignore_warnings(category=RemovedInDjango40Warning):
         self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY],
                          lang_code)
     # Insecure URL in HTTP referer.
     response = self.client.post('/i18n/setlang/',
                                 secure=True,
                                 HTTP_REFERER=non_https_next_url)
     self.assertEqual(response.url, '/')
     self.assertEqual(
         self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value,
         lang_code)
     with ignore_warnings(category=RemovedInDjango40Warning):
         self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY],
                          lang_code)
Exemple #2
0
 def test_explicit_default_app_config_without_apps(self):
     """
     Load an app that specifies a default AppConfig class in __init__ and do
     not have an apps module.
     """
     msg = (
         "'apps.explicit_default_config_without_apps' defines "
         "default_app_config = 'apps.explicit_default_config_without_apps."
         "ExplicitDefaultConfigWithoutApps'. However, Django's automatic "
         "detection did not find this configuration. You should move the "
         "default config class to the apps submodule of your application "
         "and, if this module defines several config classes, mark the "
         "default one with default = True.")
     with self.assertRaisesMessage(RemovedInDjango41Warning, msg):
         with self.settings(INSTALLED_APPS=[
                 'apps.explicit_default_config_without_apps'
         ]):
             pass
     with ignore_warnings(category=RemovedInDjango41Warning):
         with self.settings(INSTALLED_APPS=[
                 'apps.explicit_default_config_without_apps'
         ]):
             self.assertIsInstance(
                 apps.get_app_config(
                     'explicit_default_config_without_apps'),
                 ExplicitDefaultConfigWithoutApps,
             )
Exemple #3
0
 def test_locale_aware(self):
     d = datetime(2007, 9, 17, 12, 51, 34, 482548)
     # RemovedInDjango50Warning: When the deprecation ends, remove
     # @ignore_warnings and USE_L10N=False. The assertion should remain
     # because format-related settings will take precedence over
     # locale-dictated formats.
     with ignore_warnings(category=RemovedInDjango50Warning):
         with self.settings(USE_L10N=False):
             with self.settings(DATETIME_INPUT_FORMATS=[
                     '%Y-%m-%d %H:%M:%S',
                     '%Y-%m-%d %H:%M:%S.%f',
                     '%Y-%m-%d %H:%M',
             ]):
                 self.check_html(
                     self.widget,
                     'date',
                     d,
                     html=
                     '<input type="text" name="date" value="2007-09-17 12:51:34">',
                 )
     with translation.override('es'):
         self.check_html(
             self.widget,
             'date',
             d,
             html=
             '<input type="text" name="date" value="17/09/2007 12:51:34">',
         )
Exemple #4
0
 def test_explicit_default_app_config_mismatch(self):
     """
     Load an app that specifies a default AppConfig class not matching the
     autodetected one.
     """
     msg = (
         "'apps.explicit_default_config_mismatch_app' defines "
         "default_app_config = 'apps.explicit_default_config_mismatch_app."
         "not_apps.ExplicitDefaultConfigMismatch'. However, Django's "
         "automatic detection picked another configuration, 'apps."
         "explicit_default_config_mismatch_app.apps."
         "ImplicitDefaultConfigMismatch'. You should move the default "
         "config class to the apps submodule of your application and, if "
         "this module defines several config classes, mark the default one "
         "with default = True.")
     with self.assertRaisesMessage(RemovedInDjango41Warning, msg):
         with self.settings(INSTALLED_APPS=[
                 'apps.explicit_default_config_mismatch_app'
         ]):
             pass
     with ignore_warnings(category=RemovedInDjango41Warning):
         with self.settings(INSTALLED_APPS=[
                 'apps.explicit_default_config_mismatch_app'
         ]):
             self.assertIsInstance(
                 apps.get_app_config(
                     'explicit_default_config_mismatch_app'),
                 ExplicitDefaultConfigMismatch,
             )
    def test_include_error08(self):
        template = self.engine.get_template('include-error08')

        if self.engine.debug:
            with self.assertRaises(TemplateSyntaxError):
                template.render(Context())
        else:
            with ignore_warnings(category=RemovedInDjango21Warning):
                self.assertEqual(template.render(Context()), '')
Exemple #6
0
    def test_include_error08(self):
        template = self.engine.get_template('include-error08')

        if self.engine.debug:
            with self.assertRaises(TemplateSyntaxError):
                template.render(Context())
        else:
            with ignore_warnings(category=RemovedInDjango21Warning):
                self.assertEqual(template.render(Context()), '')
Exemple #7
0
    def test_include_error07(self):
        template = self.engine.get_template("include-error07")

        if self.engine.debug:
            with self.assertRaises(RuntimeError):
                template.render(Context())
        else:
            with ignore_warnings(category=RemovedInDjango21Warning):
                self.assertEqual(template.render(Context()), "")
    def test_include_error10(self):
        context = Context({'failed_include': 'include-fail2'})
        template = self.engine.get_template('include-error10')

        if self.engine.debug:
            with self.assertRaises(TemplateSyntaxError):
                template.render(context)
        else:
            with ignore_warnings(category=RemovedInDjango21Warning):
                self.assertEqual(template.render(context), '')
Exemple #9
0
    def test_include_error10(self):
        context = Context({'failed_include': 'include-fail2'})
        template = self.engine.get_template('include-error10')

        if self.engine.debug:
            with self.assertRaises(TemplateSyntaxError):
                template.render(context)
        else:
            with ignore_warnings(category=RemovedInDjango21Warning):
                self.assertEqual(template.render(context), '')
Exemple #10
0
    def test_include_error09(self):
        context = Context({"failed_include": "include-fail1"})
        template = self.engine.get_template("include-error09")

        if self.engine.debug:
            with self.assertRaises(RuntimeError):
                template.render(context)
        else:
            with ignore_warnings(category=RemovedInDjango21Warning):
                self.assertEqual(template.render(context), "")
Exemple #11
0
 def test_logs_exceptions_during_rendering_with_no_template_name(self):
     template = self.engine.from_string('{% include "child" %}')
     with ignore_warnings(category=RemovedInDjango21Warning):
         self.assertEqual(template.render(self.ctx), '')
     self.assertEqual(
         self.test_handler.log_record.getMessage(),
         "Exception raised while rendering {% include %} for template "
         "'unknown'. Empty string rendered instead.")
     self.assertIsNotNone(self.test_handler.log_record.exc_info)
     self.assertEqual(self.test_handler.log_record.levelno, logging.WARN)
Exemple #12
0
    def test_serialize_datetime(self):
        self.assertSerializedEqual(datetime.datetime.now())
        self.assertSerializedEqual(datetime.datetime.now)
        self.assertSerializedEqual(datetime.datetime.today())
        self.assertSerializedEqual(datetime.datetime.today)
        self.assertSerializedEqual(datetime.date.today())
        self.assertSerializedEqual(datetime.date.today)
        self.assertSerializedEqual(datetime.datetime.now().time())
        self.assertSerializedEqual(
            datetime.datetime(2014, 1, 1, 1, 1, tzinfo=get_default_timezone()))
        self.assertSerializedEqual(
            datetime.datetime(2013,
                              12,
                              31,
                              22,
                              1,
                              tzinfo=get_fixed_timezone(180)))
        self.assertSerializedResultEqual(
            datetime.datetime(2014, 1, 1, 1, 1),
            ("datetime.datetime(2014, 1, 1, 1, 1)", {"import datetime"}),
        )
        with ignore_warnings(category=RemovedInDjango50Warning):
            from django.utils.timezone import utc
        for tzinfo in (utc, datetime.timezone.utc):
            with self.subTest(tzinfo=tzinfo):
                self.assertSerializedResultEqual(
                    datetime.datetime(2012, 1, 1, 1, 1, tzinfo=tzinfo),
                    (
                        "datetime.datetime"
                        "(2012, 1, 1, 1, 1, tzinfo=datetime.timezone.utc)",
                        {"import datetime"},
                    ),
                )

        self.assertSerializedResultEqual(
            datetime.datetime(2012,
                              1,
                              1,
                              2,
                              1,
                              tzinfo=zoneinfo.ZoneInfo("Europe/Paris")),
            (
                "datetime.datetime(2012, 1, 1, 1, 1, tzinfo=datetime.timezone.utc)",
                {"import datetime"},
            ),
        )
        if pytz:
            self.assertSerializedResultEqual(
                pytz.timezone("Europe/Paris").localize(
                    datetime.datetime(2012, 1, 1, 2, 1)),
                (
                    "datetime.datetime(2012, 1, 1, 1, 1, tzinfo=datetime.timezone.utc)",
                    {"import datetime"},
                ),
            )
Exemple #13
0
 def test_setlang_http_next(self):
     """
     The set_language view only redirects to the 'next' argument if it is
     "safe" and its scheme is https if the request was sent over https.
     """
     lang_code = self._get_inactive_language_code()
     non_https_next_url = 'http://testserver/redirection/'
     post_data = {'language': lang_code, 'next': non_https_next_url}
     # Insecure URL in POST data.
     response = self.client.post('/i18n/setlang/', data=post_data, secure=True)
     self.assertEqual(response.url, '/')
     self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
     with ignore_warnings(category=RemovedInDjango40Warning):
         self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
     # Insecure URL in HTTP referer.
     response = self.client.post('/i18n/setlang/', secure=True, HTTP_REFERER=non_https_next_url)
     self.assertEqual(response.url, '/')
     self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
     with ignore_warnings(category=RemovedInDjango40Warning):
         self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
Exemple #14
0
 def test_setlang_doesnt_perform_a_default_redirect_for_ajax(self):
     """
     The set_language view returns 204 for AJAX calls by default.
     """
     lang_code = self._get_inactive_language_code()
     post_data = {'language': lang_code}
     response = self.client.post('/i18n/setlang/', post_data, HTTP_X_REQUESTED_WITH='XMLHttpRequest')
     self.assertEqual(response.status_code, 204)
     self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
     with ignore_warnings(category=RemovedInDjango40Warning):
         self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
Exemple #15
0
 def test_setlang_performs_redirect_for_ajax_if_explicitly_requested(self):
     """
     The set_language view redirects to the "next" parameter for AJAX calls.
     """
     lang_code = self._get_inactive_language_code()
     post_data = {'language': lang_code, 'next': '/'}
     response = self.client.post('/i18n/setlang/', post_data, HTTP_X_REQUESTED_WITH='XMLHttpRequest')
     self.assertRedirects(response, '/')
     self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
     with ignore_warnings(category=RemovedInDjango40Warning):
         self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
Exemple #16
0
 def test_logs_exceptions_during_rendering_with_no_template_name(self):
     template = self.engine.from_string('{% include "child" %}')
     with ignore_warnings(category=RemovedInDjango21Warning):
         self.assertEqual(template.render(self.ctx), '')
     self.assertEqual(
         self.test_handler.log_record.getMessage(),
         "Exception raised while rendering {% include %} for template "
         "'unknown'. Empty string rendered instead."
     )
     self.assertIsNotNone(self.test_handler.log_record.exc_info)
     self.assertEqual(self.test_handler.log_record.levelno, logging.WARN)
Exemple #17
0
 def test_setlang_default_redirect(self):
     """
     The set_language view redirects to '/' when there isn't a referer or
     "next" parameter.
     """
     lang_code = self._get_inactive_language_code()
     post_data = {'language': lang_code}
     response = self.client.post('/i18n/setlang/', post_data)
     self.assertRedirects(response, '/')
     self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
     with ignore_warnings(category=RemovedInDjango40Warning):
         self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
Exemple #18
0
 def test_setlang_redirect_to_referer(self):
     """
     The set_language view redirects to the URL in the referer header when
     there isn't a "next" parameter.
     """
     lang_code = self._get_inactive_language_code()
     post_data = {'language': lang_code}
     response = self.client.post('/i18n/setlang/', post_data, HTTP_REFERER='/i18n/')
     self.assertRedirects(response, '/i18n/', fetch_redirect_response=False)
     self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
     with ignore_warnings(category=RemovedInDjango40Warning):
         self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
Exemple #19
0
 def test_setlang_unsafe_next(self):
     """
     The set_language view only redirects to the 'next' argument if it is
     "safe".
     """
     lang_code = self._get_inactive_language_code()
     post_data = {'language': lang_code, 'next': '//unsafe/redirection/'}
     response = self.client.post('/i18n/setlang/', data=post_data)
     self.assertEqual(response.url, '/')
     self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
     with ignore_warnings(category=RemovedInDjango40Warning):
         self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
Exemple #20
0
 def test_setlang_doesnt_perform_a_redirect_to_referer_for_ajax(self):
     """
     The set_language view doesn't redirect to the HTTP referer header for
     AJAX calls.
     """
     lang_code = self._get_inactive_language_code()
     post_data = {'language': lang_code}
     headers = {'HTTP_REFERER': '/', 'HTTP_X_REQUESTED_WITH': 'XMLHttpRequest'}
     response = self.client.post('/i18n/setlang/', post_data, **headers)
     self.assertEqual(response.status_code, 204)
     self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
     with ignore_warnings(category=RemovedInDjango40Warning):
         self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
Exemple #21
0
 def test_setlang_decodes_http_referer_url(self):
     """
     The set_language view decodes the HTTP_REFERER URL.
     """
     # The URL & view must exist for this to work as a regression test.
     self.assertEqual(reverse('with_parameter', kwargs={'parameter': 'x'}), '/test-setlang/x/')
     lang_code = self._get_inactive_language_code()
     encoded_url = '/test-setlang/%C3%A4/'  # (%C3%A4 decodes to ä)
     response = self.client.post('/i18n/setlang/', {'language': lang_code}, HTTP_REFERER=encoded_url)
     self.assertRedirects(response, encoded_url, fetch_redirect_response=False)
     self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
     with ignore_warnings(category=RemovedInDjango40Warning):
         self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
Exemple #22
0
 def test_lang_from_translated_i18n_pattern(self):
     response = self.client.post(
         '/i18n/setlang/', data={'language': 'nl'},
         follow=True, HTTP_REFERER='/en/translated/'
     )
     self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, 'nl')
     with ignore_warnings(category=RemovedInDjango40Warning):
         self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], 'nl')
     self.assertRedirects(response, '/nl/vertaald/')
     # And reverse
     response = self.client.post(
         '/i18n/setlang/', data={'language': 'en'},
         follow=True, HTTP_REFERER='/nl/vertaald/'
     )
     self.assertRedirects(response, '/en/translated/')
Exemple #23
0
 def test_setlang_doesnt_perform_a_default_redirect_for_ajax(self):
     """
     The set_language view returns 204 by default for requests not accepting
     HTML response content.
     """
     lang_code = self._get_inactive_language_code()
     post_data = {'language': lang_code}
     response = self.client.post('/i18n/setlang/',
                                 post_data,
                                 HTTP_ACCEPT='application/json')
     self.assertEqual(response.status_code, 204)
     self.assertEqual(
         self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value,
         lang_code)
     with ignore_warnings(category=RemovedInDjango40Warning):
         self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY],
                          lang_code)
Exemple #24
0
 def test_setlang_performs_redirect_for_ajax_if_explicitly_requested(self):
     """
     The set_language view redirects to the "next" parameter for requests
     not accepting HTML response content.
     """
     lang_code = self._get_inactive_language_code()
     post_data = {'language': lang_code, 'next': '/'}
     response = self.client.post('/i18n/setlang/',
                                 post_data,
                                 HTTP_ACCEPT='application/json')
     self.assertRedirects(response, '/')
     self.assertEqual(
         self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value,
         lang_code)
     with ignore_warnings(category=RemovedInDjango40Warning):
         self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY],
                          lang_code)
Exemple #25
0
    def test_setlang(self):
        """
        The set_language view can be used to change the session language.

        The user is redirected to the 'next' argument if provided.
        """
        lang_code = self._get_inactive_language_code()
        post_data = {'language': lang_code, 'next': '/'}
        response = self.client.post('/i18n/setlang/', post_data, HTTP_REFERER='/i_should_not_be_used/')
        self.assertRedirects(response, '/')
        with ignore_warnings(category=RemovedInDjango40Warning):
            self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
        # The language is set in a cookie.
        language_cookie = self.client.cookies[settings.LANGUAGE_COOKIE_NAME]
        self.assertEqual(language_cookie.value, lang_code)
        self.assertEqual(language_cookie['domain'], '')
        self.assertEqual(language_cookie['path'], '/')
        self.assertEqual(language_cookie['max-age'], '')
Exemple #26
0
 def test_bad_urls(self):
     bad_urls = (
         'http://example.com',
         'http:///example.com',
         'https://example.com',
         'ftp://example.com',
         r'\\example.com',
         r'\\\example.com',
         r'/\\/example.com',
         r'\\\example.com',
         r'\\example.com',
         r'\\//example.com',
         r'/\/example.com',
         r'\/example.com',
         r'/\example.com',
         'http:///example.com',
         r'http:/\//example.com',
         r'http:\/example.com',
         r'http:/\example.com',
         'javascript:alert("XSS")',
         '\njavascript:alert(x)',
         '\x08//example.com',
         r'http://otherserver\@example.com',
         r'http:\\testserver\@example.com',
         r'http://testserver\me:[email protected]',
         r'http://testserver\@example.com',
         r'http:\\testserver\confirm\[email protected]',
         'http:999999999',
         'ftp:9999999999',
         '\n',
         'http://[2001:cdba:0000:0000:0000:0000:3257:9652/',
         'http://2001:cdba:0000:0000:0000:0000:3257:9652]/',
     )
     for bad_url in bad_urls:
         with self.subTest(url=bad_url):
             with ignore_warnings(category=RemovedInDjango21Warning):
                 self.assertIs(http.is_safe_url(bad_url, host='testserver'),
                               False)
             self.assertIs(
                 is_safe_url(bad_url,
                             allowed_hosts={'testserver', 'testserver2'}),
                 False)
Exemple #27
0
 def test_explicit_default_app_config_warning(self):
     """
     Load an app that specifies a default AppConfig class matching the
     autodetected one.
     """
     msg = (
         "'apps.explicit_default_config_app' defines default_app_config = "
         "'apps.explicit_default_config_app.apps.ExplicitDefaultConfig'. "
         "Django now detects this configuration automatically. You can "
         "remove default_app_config."
     )
     with self.assertRaisesMessage(RemovedInDjango41Warning, msg):
         with self.settings(INSTALLED_APPS=['apps.explicit_default_config_app']):
             pass
     with ignore_warnings(category=RemovedInDjango41Warning):
         with self.settings(INSTALLED_APPS=['apps.explicit_default_config_app']):
             self.assertIsInstance(
                 apps.get_app_config('explicit_default_config_app'),
                 ExplicitDefaultConfig,
             )
Exemple #28
0
 def test_good_urls(self):
     good_urls = (
         '/view/?param=http://example.com',
         '/view/?param=https://example.com',
         '/view?param=ftp://example.com',
         'view/?param=//example.com',
         'https://testserver/',
         'HTTPS://testserver/',
         '//testserver/',
         'http://testserver/[email protected]',
         '/url%20with%20spaces/',
         'path/http:2222222222',
     )
     for good_url in good_urls:
         with self.subTest(url=good_url):
             with ignore_warnings(category=RemovedInDjango21Warning):
                 self.assertIs(
                     http.is_safe_url(good_url, host='testserver'), True)
             self.assertIs(
                 is_safe_url(good_url,
                             allowed_hosts={'otherserver', 'testserver'}),
                 True)
Exemple #29
0
from __future__ import unicode_literals

from django.conf.urls.i18n import i18n_patterns
from django.http import HttpResponse, StreamingHttpResponse
from django.test import ignore_warnings
from django.utils.deprecation import RemovedInDjango20Warning
from django.utils.translation import ugettext_lazy as _

# test deprecated version of i18n_patterns() function (with prefix). Remove it
# and convert to list of urls() in Django 2.0
i18n_patterns = ignore_warnings(
    category=RemovedInDjango20Warning)(i18n_patterns)

urlpatterns = i18n_patterns(
    '',
    (r'^simple/$', lambda r: HttpResponse()),
    (r'^streaming/$',
     lambda r: StreamingHttpResponse([_("Yes"), "/", _("No")])),
)
Exemple #30
0
    def test_is_safe_url(self):
        bad_urls = (
            'http://example.com',
            'http:///example.com',
            'https://example.com',
            'ftp://example.com',
            r'\\example.com',
            r'\\\example.com',
            r'/\\/example.com',
            r'\\\example.com',
            r'\\example.com',
            r'\\//example.com',
            r'/\/example.com',
            r'\/example.com',
            r'/\example.com',
            'http:///example.com',
            r'http:/\//example.com',
            r'http:\/example.com',
            r'http:/\example.com',
            'javascript:alert("XSS")',
            '\njavascript:alert(x)',
            '\x08//example.com',
            r'http://otherserver\@example.com',
            r'http:\\testserver\@example.com',
            r'http://testserver\me:[email protected]',
            r'http://testserver\@example.com',
            r'http:\\testserver\confirm\[email protected]',
            'http:999999999',
            'ftp:9999999999',
            '\n',
        )
        for bad_url in bad_urls:
            with ignore_warnings(category=RemovedInDjango21Warning):
                self.assertFalse(http.is_safe_url(bad_url, host='testserver'),
                                 "%s should be blocked" % bad_url)
            self.assertFalse(
                http.is_safe_url(bad_url,
                                 allowed_hosts={'testserver', 'testserver2'}),
                "%s should be blocked" % bad_url,
            )

        good_urls = (
            '/view/?param=http://example.com',
            '/view/?param=https://example.com',
            '/view?param=ftp://example.com',
            'view/?param=//example.com',
            'https://testserver/',
            'HTTPS://testserver/',
            '//testserver/',
            'http://testserver/[email protected]',
            '/url%20with%20spaces/',
            'path/http:2222222222',
        )
        for good_url in good_urls:
            with ignore_warnings(category=RemovedInDjango21Warning):
                self.assertTrue(http.is_safe_url(good_url, host='testserver'),
                                "%s should be allowed" % good_url)
            self.assertTrue(
                http.is_safe_url(good_url,
                                 allowed_hosts={'otherserver', 'testserver'}),
                "%s should be allowed" % good_url,
            )

        if six.PY2:
            # Check binary URLs, regression tests for #26308
            self.assertTrue(
                http.is_safe_url(b'https://testserver/',
                                 allowed_hosts={'testserver'}),
                "binary URLs should be allowed on Python 2")
            self.assertFalse(
                http.is_safe_url(b'\x08//example.com',
                                 allowed_hosts={'testserver'}))
            self.assertTrue(
                http.is_safe_url('àview/'.encode('utf-8'),
                                 allowed_hosts={'testserver'}))
            self.assertFalse(
                http.is_safe_url('àview'.encode('latin-1'),
                                 allowed_hosts={'testserver'}))

        # Valid basic auth credentials are allowed.
        self.assertTrue(
            http.is_safe_url(r'http://*****:*****@testserver/',
                             allowed_hosts={'user:pass@testserver'}))
        # A path without host is allowed.
        self.assertTrue(http.is_safe_url('/confirm/[email protected]'))
        # Basic auth without host is not allowed.
        self.assertFalse(http.is_safe_url(r'http://testserver\@example.com'))
Exemple #31
0
from django.contrib.gis.db import models
from django.test import ignore_warnings
from django.utils.deprecation import RemovedInDjango50Warning

from ..admin import admin


class City(models.Model):
    name = models.CharField(max_length=30)
    point = models.PointField()

    class Meta:
        app_label = "geoadmini_deprecated"

    def __str__(self):
        return self.name


site = admin.AdminSite(name="admin_gis")
with ignore_warnings(category=RemovedInDjango50Warning):
    site.register(City, admin.OSMGeoAdmin)
Exemple #32
0
from __future__ import unicode_literals

from django.conf.urls.i18n import i18n_patterns
from django.http import HttpResponse, StreamingHttpResponse
from django.test import ignore_warnings
from django.utils.deprecation import RemovedInDjango20Warning
from django.utils.translation import ugettext_lazy as _

# test deprecated version of i18n_patterns() function (with prefix). Remove it
# and convert to list of urls() in Django 2.0
i18n_patterns = ignore_warnings(category=RemovedInDjango20Warning)(i18n_patterns)

urlpatterns = i18n_patterns('',
    (r'^simple/$', lambda r: HttpResponse()),
    (r'^streaming/$', lambda r: StreamingHttpResponse([_("Yes"), "/", _("No")])),
)
Exemple #33
0
 def test_eq(self):
     constraint_1 = ExclusionConstraint(
         name="exclude_overlapping",
         expressions=[
             (F("datespan"), RangeOperators.OVERLAPS),
             (F("room"), RangeOperators.EQUAL),
         ],
         condition=Q(cancelled=False),
     )
     constraint_2 = ExclusionConstraint(
         name="exclude_overlapping",
         expressions=[
             ("datespan", RangeOperators.OVERLAPS),
             ("room", RangeOperators.EQUAL),
         ],
     )
     constraint_3 = ExclusionConstraint(
         name="exclude_overlapping",
         expressions=[("datespan", RangeOperators.OVERLAPS)],
         condition=Q(cancelled=False),
     )
     constraint_4 = ExclusionConstraint(
         name="exclude_overlapping",
         expressions=[
             ("datespan", RangeOperators.OVERLAPS),
             ("room", RangeOperators.EQUAL),
         ],
         deferrable=Deferrable.DEFERRED,
     )
     constraint_5 = ExclusionConstraint(
         name="exclude_overlapping",
         expressions=[
             ("datespan", RangeOperators.OVERLAPS),
             ("room", RangeOperators.EQUAL),
         ],
         deferrable=Deferrable.IMMEDIATE,
     )
     constraint_6 = ExclusionConstraint(
         name="exclude_overlapping",
         expressions=[
             ("datespan", RangeOperators.OVERLAPS),
             ("room", RangeOperators.EQUAL),
         ],
         deferrable=Deferrable.IMMEDIATE,
         include=["cancelled"],
     )
     constraint_7 = ExclusionConstraint(
         name="exclude_overlapping",
         expressions=[
             ("datespan", RangeOperators.OVERLAPS),
             ("room", RangeOperators.EQUAL),
         ],
         include=["cancelled"],
     )
     with ignore_warnings(category=RemovedInDjango50Warning):
         constraint_8 = ExclusionConstraint(
             name="exclude_overlapping",
             expressions=[
                 ("datespan", RangeOperators.OVERLAPS),
                 ("room", RangeOperators.EQUAL),
             ],
             include=["cancelled"],
             opclasses=["range_ops", "range_ops"],
         )
         constraint_9 = ExclusionConstraint(
             name="exclude_overlapping",
             expressions=[
                 ("datespan", RangeOperators.OVERLAPS),
                 ("room", RangeOperators.EQUAL),
             ],
             opclasses=["range_ops", "range_ops"],
         )
         self.assertNotEqual(constraint_2, constraint_9)
         self.assertNotEqual(constraint_7, constraint_8)
     self.assertEqual(constraint_1, constraint_1)
     self.assertEqual(constraint_1, mock.ANY)
     self.assertNotEqual(constraint_1, constraint_2)
     self.assertNotEqual(constraint_1, constraint_3)
     self.assertNotEqual(constraint_1, constraint_4)
     self.assertNotEqual(constraint_2, constraint_3)
     self.assertNotEqual(constraint_2, constraint_4)
     self.assertNotEqual(constraint_2, constraint_7)
     self.assertNotEqual(constraint_4, constraint_5)
     self.assertNotEqual(constraint_5, constraint_6)
     self.assertNotEqual(constraint_1, object())
Exemple #34
0
    def test_is_safe_url(self):
        bad_urls = (
            "http://example.com",
            "http:///example.com",
            "https://example.com",
            "ftp://example.com",
            r"\\example.com",
            r"\\\example.com",
            r"/\\/example.com",
            r"\\\example.com",
            r"\\example.com",
            r"\\//example.com",
            r"/\/example.com",
            r"\/example.com",
            r"/\example.com",
            "http:///example.com",
            r"http:/\//example.com",
            r"http:\/example.com",
            r"http:/\example.com",
            'javascript:alert("XSS")',
            "\njavascript:alert(x)",
            "\x08//example.com",
            r"http://otherserver\@example.com",
            r"http:\\testserver\@example.com",
            r"http://testserver\me:[email protected]",
            r"http://testserver\@example.com",
            r"http:\\testserver\confirm\[email protected]",
            "\n",
        )
        for bad_url in bad_urls:
            with ignore_warnings(category=RemovedInDjango21Warning):
                self.assertFalse(http.is_safe_url(bad_url, host="testserver"), "%s should be blocked" % bad_url)
            self.assertFalse(
                http.is_safe_url(bad_url, allowed_hosts={"testserver", "testserver2"}), "%s should be blocked" % bad_url
            )

        good_urls = (
            "/view/?param=http://example.com",
            "/view/?param=https://example.com",
            "/view?param=ftp://example.com",
            "view/?param=//example.com",
            "https://testserver/",
            "HTTPS://testserver/",
            "//testserver/",
            "http://testserver/[email protected]",
            "/url%20with%20spaces/",
        )
        for good_url in good_urls:
            with ignore_warnings(category=RemovedInDjango21Warning):
                self.assertTrue(http.is_safe_url(good_url, host="testserver"), "%s should be allowed" % good_url)
            self.assertTrue(
                http.is_safe_url(good_url, allowed_hosts={"otherserver", "testserver"}),
                "%s should be allowed" % good_url,
            )

        # Valid basic auth credentials are allowed.
        self.assertTrue(http.is_safe_url(r"http://*****:*****@testserver/", allowed_hosts={"user:pass@testserver"}))
        # A path without host is allowed.
        self.assertTrue(http.is_safe_url("/confirm/[email protected]"))
        # Basic auth without host is not allowed.
        self.assertFalse(http.is_safe_url(r"http://testserver\@example.com"))
Exemple #35
0
    def test_is_safe_url(self):
        bad_urls = (
            'http://example.com',
            'http:///example.com',
            'https://example.com',
            'ftp://example.com',
            r'\\example.com',
            r'\\\example.com',
            r'/\\/example.com',
            r'\\\example.com',
            r'\\example.com',
            r'\\//example.com',
            r'/\/example.com',
            r'\/example.com',
            r'/\example.com',
            'http:///example.com',
            r'http:/\//example.com',
            r'http:\/example.com',
            r'http:/\example.com',
            'javascript:alert("XSS")',
            '\njavascript:alert(x)',
            '\x08//example.com',
            r'http://otherserver\@example.com',
            r'http:\\testserver\@example.com',
            r'http://testserver\me:[email protected]',
            r'http://testserver\@example.com',
            r'http:\\testserver\confirm\[email protected]',
            'http:999999999',
            'ftp:9999999999',
            '\n',
            'http://[2001:cdba:0000:0000:0000:0000:3257:9652/',
            'http://*****:*****@example.com',
            '/url%20with%20spaces/',
            'path/http:2222222222',
        )
        for good_url in good_urls:
            with ignore_warnings(category=RemovedInDjango21Warning):
                self.assertTrue(http.is_safe_url(good_url, host='testserver'),
                                "%s should be allowed" % good_url)
            self.assertTrue(
                http.is_safe_url(good_url,
                                 allowed_hosts={'otherserver', 'testserver'}),
                "%s should be allowed" % good_url,
            )

        # Valid basic auth credentials are allowed.
        self.assertTrue(
            http.is_safe_url(r'http://*****:*****@testserver/',
                             allowed_hosts={'user:pass@testserver'}))
        # A path without host is allowed.
        self.assertTrue(http.is_safe_url('/confirm/[email protected]'))
        # Basic auth without host is not allowed.
        self.assertFalse(http.is_safe_url(r'http://testserver\@example.com'))
Exemple #36
0
    def test_is_safe_url(self):
        bad_urls = (
            'http://example.com',
            'http:///example.com',
            'https://example.com',
            'ftp://example.com',
            r'\\example.com',
            r'\\\example.com',
            r'/\\/example.com',
            r'\\\example.com',
            r'\\example.com',
            r'\\//example.com',
            r'/\/example.com',
            r'\/example.com',
            r'/\example.com',
            'http:///example.com',
            r'http:/\//example.com',
            r'http:\/example.com',
            r'http:/\example.com',
            'javascript:alert("XSS")',
            '\njavascript:alert(x)',
            '\x08//example.com',
            r'http://otherserver\@example.com',
            r'http:\\testserver\@example.com',
            r'http://testserver\me:[email protected]',
            r'http://testserver\@example.com',
            r'http:\\testserver\confirm\[email protected]',
            '\n',
        )
        for bad_url in bad_urls:
            with ignore_warnings(category=RemovedInDjango21Warning):
                self.assertFalse(http.is_safe_url(bad_url, host='testserver'), "%s should be blocked" % bad_url)
            self.assertFalse(
                http.is_safe_url(bad_url, allowed_hosts={'testserver', 'testserver2'}),
                "%s should be blocked" % bad_url,
            )

        good_urls = (
            '/view/?param=http://example.com',
            '/view/?param=https://example.com',
            '/view?param=ftp://example.com',
            'view/?param=//example.com',
            'https://testserver/',
            'HTTPS://testserver/',
            '//testserver/',
            'http://testserver/[email protected]',
            '/url%20with%20spaces/',
        )
        for good_url in good_urls:
            with ignore_warnings(category=RemovedInDjango21Warning):
                self.assertTrue(http.is_safe_url(good_url, host='testserver'), "%s should be allowed" % good_url)
            self.assertTrue(
                http.is_safe_url(good_url, allowed_hosts={'otherserver', 'testserver'}),
                "%s should be allowed" % good_url,
            )

        if six.PY2:
            # Check binary URLs, regression tests for #26308
            self.assertTrue(
                http.is_safe_url(b'https://testserver/', allowed_hosts={'testserver'}),
                "binary URLs should be allowed on Python 2"
            )
            self.assertFalse(http.is_safe_url(b'\x08//example.com', allowed_hosts={'testserver'}))
            self.assertTrue(http.is_safe_url('àview/'.encode('utf-8'), allowed_hosts={'testserver'}))
            self.assertFalse(http.is_safe_url('àview'.encode('latin-1'), allowed_hosts={'testserver'}))

        # Valid basic auth credentials are allowed.
        self.assertTrue(http.is_safe_url(r'http://*****:*****@testserver/', allowed_hosts={'user:pass@testserver'}))
        # A path without host is allowed.
        self.assertTrue(http.is_safe_url('/confirm/[email protected]'))
        # Basic auth without host is not allowed.
        self.assertFalse(http.is_safe_url(r'http://testserver\@example.com'))
Exemple #37
0
    def test_is_safe_url(self):
        bad_urls = (
            'http://example.com',
            'http:///example.com',
            'https://example.com',
            'ftp://example.com',
            r'\\example.com',
            r'\\\example.com',
            r'/\\/example.com',
            r'\\\example.com',
            r'\\example.com',
            r'\\//example.com',
            r'/\/example.com',
            r'\/example.com',
            r'/\example.com',
            'http:///example.com',
            r'http:/\//example.com',
            r'http:\/example.com',
            r'http:/\example.com',
            'javascript:alert("XSS")',
            '\njavascript:alert(x)',
            '\x08//example.com',
            r'http://otherserver\@example.com',
            r'http:\\testserver\@example.com',
            r'http://testserver\me:[email protected]',
            r'http://testserver\@example.com',
            r'http:\\testserver\confirm\[email protected]',
            'http:999999999',
            'ftp:9999999999',
            '\n',
            'http://[2001:cdba:0000:0000:0000:0000:3257:9652/',
            'http://*****:*****@example.com',
            '/url%20with%20spaces/',
            'path/http:2222222222',
        )
        for good_url in good_urls:
            with ignore_warnings(category=RemovedInDjango21Warning):
                self.assertTrue(http.is_safe_url(good_url, host='testserver'), "%s should be allowed" % good_url)
            self.assertTrue(
                http.is_safe_url(good_url, allowed_hosts={'otherserver', 'testserver'}),
                "%s should be allowed" % good_url,
            )

        # Valid basic auth credentials are allowed.
        self.assertTrue(http.is_safe_url(r'http://*****:*****@testserver/', allowed_hosts={'user:pass@testserver'}))
        # A path without host is allowed.
        self.assertTrue(http.is_safe_url('/confirm/[email protected]'))
        # Basic auth without host is not allowed.
        self.assertFalse(http.is_safe_url(r'http://testserver\@example.com'))