def test_disable_sanity_checks(self): # If BROWSERID_DISABLE_SANITY_CHECKS is True, do not run any # checks. request = self.factory.get('/') request.is_secure = Mock(return_value=False) with patch('django_browserid.base.logger.warning') as warning: base.sanity_checks(request) ok_(not warning.called)
def test_sanity_session_cookie(self): # If SESSION_COOKIE_SECURE == True and the current request isn't # https, log a debug message warning about it. request = self.factory.get('/') request.is_secure = Mock(return_value=False) with patch('django_browserid.base.logger.warning') as warning: base.sanity_checks(request) ok_(warning.called)
def test_sanity_csp(self, warning): # If the django-csp middleware is present and Persona isn't # allowed by CSP, log a debug message warning about it. request = self.factory.get('/') # Test if allowed properly. with self.settings(CSP_DEFAULT_SRC=[], CSP_SCRIPT_SRC=['https://login.persona.org'], CSP_FRAME_SRC=['https://login.persona.org']): base.sanity_checks(request) ok_(not warning.called) warning.reset_mock() # Test fallback to default-src. with self.settings(CSP_DEFAULT_SRC=['https://login.persona.org'], CSP_SCRIPT_SRC=[], CSP_FRAME_SRC=[]): base.sanity_checks(request) ok_(not warning.called) warning.reset_mock() # Test incorrect csp. with self.settings(CSP_DEFAULT_SRC=[], CSP_SCRIPT_SRC=[], CSP_FRAME_SRC=[]): base.sanity_checks(request) ok_(warning.called) warning.reset_mock() # Test partial incorrectness. with self.settings(CSP_DEFAULT_SRC=[], CSP_SCRIPT_SRC=['https://login.persona.org'], CSP_FRAME_SRC=[]): base.sanity_checks(request) ok_(warning.called)
def test_disable_sanity_checks(self): """ If BROWSERID_DISABLE_SANITY_CHECKS is True, do not run any checks. """ request = self.factory.get('/') ok_(not base.sanity_checks(request))
def test_debug_false(self): """ If DEBUG is True and BROWSERID_DISABLE_SANITY_CHECKS is not set, run the checks. """ request = self.factory.get('/') ok_(not base.sanity_checks(request))
def test_disable_sanity_checks(self): """ If BROWSERID_DISABLE_SANITY_CHECKS is True, do not run any checks. """ request = self.factory.get('/') self.assertTrue(not base.sanity_checks(request))
def test_debug_false(self): """ If DEBUG is True and BROWSERID_DISABLE_SANITY_CHECKS is not set, run the checks. """ request = self.factory.get('/') self.assertTrue(not base.sanity_checks(request))
def test_unset_csp(self, warning): """Check for errors when CSP settings aren't specified.""" request = self.factory.get('/') correct = ['https://login.persona.org'] setting_kwargs = { 'CSP_DEFAULT_SRC': correct, 'CSP_SCRIPT_SRC': correct, 'CSP_FRAME_SRC': correct } # There's no easy way to use a variable for deleting the # attribute on the settings object, so we can't easily turn this # into a function, sadly. with self.settings(**setting_kwargs): del settings.CSP_DEFAULT_SRC base.sanity_checks(request) ok_(not warning.called) warning.reset_mock() with self.settings(**setting_kwargs): del settings.CSP_FRAME_SRC base.sanity_checks(request) ok_(not warning.called) warning.reset_mock() with self.settings(**setting_kwargs): del settings.CSP_SCRIPT_SRC base.sanity_checks(request) ok_(not warning.called) warning.reset_mock()
def test_unset_csp(self, warning): """Check for errors when CSP settings aren't specified.""" request = self.factory.get('/') correct = ['https://login.persona.org'] setting_kwargs = { 'CSP_DEFAULT_SRC': correct, 'CSP_SCRIPT_SRC': correct, 'CSP_FRAME_SRC': correct } # There's no easy way to use a variable for deleting the # attribute on the settings object, so we can't easily turn this # into a function, sadly. with self.settings(**setting_kwargs): del settings.CSP_DEFAULT_SRC base.sanity_checks(request) self.assertTrue(not warning.called) warning.reset_mock() with self.settings(**setting_kwargs): del settings.CSP_FRAME_SRC base.sanity_checks(request) self.assertTrue(not warning.called) warning.reset_mock() with self.settings(**setting_kwargs): del settings.CSP_SCRIPT_SRC base.sanity_checks(request) self.assertTrue(not warning.called) warning.reset_mock()
def dispatch(self, request, *args, **kwargs): """ Run some sanity checks on the request prior to dispatching it. """ sanity_checks(request) return super(Verify, self).dispatch(request, *args, **kwargs)
def test_disable_sanity_checks(self): # If BROWSERID_DISABLE_SANITY_CHECKS is True, do not run any # checks. request = self.factory.get('/') ok_(not base.sanity_checks(request))
def test_debug_false(self): # If DEBUG is True and BROWSERID_DISABLE_SANITY_CHECKS is not # set, run the checks. request = self.factory.get('/') ok_(not base.sanity_checks(request))
def test_debug_true(self): # If DEBUG is True and BROWSERID_DISABLE_SANITY_CHECKS is not # set, run the checks. request = self.factory.get('/') ok_(base.sanity_checks(request))