Exemple #1
0
 def setUp(self):
     super(SecureTestCase, self).setUp()
     self.url = '/hilbert/test/secure/'
     self.client.handler.load_middleware()
     self.middleware = SSLRedirectMiddleware()
     self.client.handler._request_middleware.insert(0, self.middleware.process_request)
     self.client.handler._view_middleware.insert(0, self.middleware.process_view)
Exemple #2
0
 def setUp(self):
     super(SSLRedirectMiddlewareTestCase, self).setUp()
     settings.SSL_PATTERNS = [r'pattern/$', ]
     self.middleware = SSLRedirectMiddleware()
Exemple #3
0
class SSLRedirectMiddlewareTestCase(MiddlewareTestCase):

    def setUp(self):
        super(SSLRedirectMiddlewareTestCase, self).setUp()
        settings.SSL_PATTERNS = [r'pattern/$', ]
        self.middleware = SSLRedirectMiddleware()

    def test_ssl_kwarg(self):
        """
        Make HTTP request to SSL view and check for redirect.
        """
        request = self.get('http/')
        self.assertFalse(request.is_secure())
        response = self.middleware.process_view(request, simple_view, [], {'SSL': True})
        self.assertTrue(isinstance(response, HttpResponse))
        self.assertEqual(response.status_code, 301)

    def test_no_redirect(self):
        """
        Make HTTPS request to SSL view.
        There should be no redirect.
        """
        request = self.get('https/', ssl=True)
        self.assertTrue(request.is_secure())
        response = self.middleware.process_request(request)
        self.assertTrue(response is None)
        response = self.middleware.process_view(request, simple_view, [], {'SSL': True})
        self.assertTrue(response is None)

    def test_post_redirect_warning(self):
        """
        Make HTTP POST to SSL view with DEBUG on.
        Raises RuntimeError to warn the user.
        """
        settings.DEBUG = True
        request = self.post('post/')
        self.assertFalse(request.is_secure())
        self.assertRaises(RuntimeError, self.middleware.process_view, request, simple_view, [], {'SSL': True})
        settings.DEBUG = False

    def test_http_no_kwarg(self):
        """
        Make HTTP request to non-SSL view.
        There should be no redirect.
        """
        request = self.get('http/')
        self.assertFalse(request.is_secure())
        response = self.middleware.process_request(request)
        self.assertTrue(response is None)
        response = self.middleware.process_view(request, simple_view, [], {})
        self.assertTrue(response is None)

    def test_https_no_kwarg_no_whitelist(self):
        """
        Make HTTPS request to non-SSL view.
        There should be no redirect if SSL_WHITELIST is FALSE.
        """
        whitelist = getattr(settings, 'SSL_WHITELIST', False)
        settings.SSL_WHITELIST = False
        try:
            request = self.get('https/', ssl=True)
            self.assertTrue(request.is_secure())
            response = self.middleware.process_request(request)
            self.assertTrue(response is None)
            response = self.middleware.process_view(request, simple_view, [], {})
            self.assertTrue(response is None)
        finally:
            settings.SSL_WHITELIST = whitelist

    def test_https_no_kwarg_whitelist(self):
        """
        Make HTTPS request to non-SSL view.
        Check for redirect if SSL_WHITELIST is True.
        """
        whitelist = getattr(settings, 'SSL_WHITELIST', False)
        settings.SSL_WHITELIST = True
        try:
            request = self.get('http/', ssl=True)
            self.assertTrue(request.is_secure())
            response = self.middleware.process_view(request, simple_view, [], {})
            self.assertTrue(isinstance(response, HttpResponse))
            self.assertEqual(response.status_code, 301)
        finally:
            settings.SSL_WHITELIST = whitelist

    def test_whitelist_keep_secure(self):
        """
        Make HTTPS request to non-SSL view but request was marked as keep_secure.
        There should be no redirect even if SSL_WHITELIST is True.
        """
        whitelist = getattr(settings, 'SSL_WHITELIST', False)
        settings.SSL_WHITELIST = True
        try:
            request = self.get('http/', ssl=True)
            self.assertTrue(request.is_secure())
            request.keep_secure = True
            response = self.middleware.process_request(request)
            self.assertTrue(response is None)
            response = self.middleware.process_view(request, simple_view, [], {})
            self.assertTrue(response is None)
        finally:
            settings.SSL_WHITELIST = whitelist

    def test_https_kwarg_whitelist(self):
        """
        Make HTTPS request to SSL view and SSL_WHITELIST is True.
        There should be no redirect.
        """
        whitelist = getattr(settings, 'SSL_WHITELIST', False)
        settings.SSL_WHITELIST = True
        try:
            request = self.get('https/', ssl=True)
            self.assertTrue(request.is_secure())
            response = self.middleware.process_request(request)
            self.assertTrue(response is None)
            response = self.middleware.process_view(request, simple_view, [], {'SSL': True})
            self.assertTrue(response is None)
        finally:
            settings.SSL_WHITELIST = whitelist

    def test_pattern_match(self):
        """
        Make HTTP request to SSL pattern and check for redirect.
        """
        request = self.get('pattern/')
        self.assertFalse(request.is_secure())
        response = self.middleware.process_request(request)
        self.assertTrue(isinstance(response, HttpResponse))
        self.assertEqual(response.status_code, 301)

    def test_no_pattern_match(self):
        """
        Make HTTP request to non-SSL pattern.
        There should be no redirect.
        """
        request = self.get('simple/')
        self.assertFalse(request.is_secure())
        response = self.middleware.process_request(request)
        self.assertTrue(response is None)
        response = self.middleware.process_view(request, simple_view, [], {})
        self.assertTrue(response is None)

    def test_no_pattern_match_https_no_whitelist(self):
        """
        Make HTTPS request to non-SSL pattern.
        There should be no redirect if SSL_WHITELIST is False.
        """
        whitelist = getattr(settings, 'SSL_WHITELIST', False)
        settings.SSL_WHITELIST = False
        try:
            request = self.get('simple/', ssl=True)
            self.assertTrue(request.is_secure())
            response = self.middleware.process_request(request)
            self.assertTrue(response is None)
            response = self.middleware.process_view(request, simple_view, [], {})
            self.assertTrue(response is None)
        finally:
            settings.SSL_WHITELIST = whitelist

    def test_no_pattern_match_https_whitelist(self):
        """
        Make HTTPS request to non-SSL pattern.
        Check for redirect if SSL_WHITELIST is True.
        """
        whitelist = getattr(settings, 'SSL_WHITELIST', False)
        settings.SSL_WHITELIST = True
        try:
            request = self.get('simple/', ssl=True)
            self.assertTrue(request.is_secure())
            response = self.middleware.process_request(request)
            self.assertTrue(response is None)
            response = self.middleware.process_view(request, simple_view, [], {})
            self.assertTrue(isinstance(response, HttpResponse))
            self.assertEqual(response.status_code, 301)
        finally:
            settings.SSL_WHITELIST = whitelist

    def test_pattern_match_https_whitelist(self):
        """
        Make HTTPS request to SSL pattern with SSL_WHITELIST is True.
        There should be no redirect.
        """
        whitelist = getattr(settings, 'SSL_WHITELIST', False)
        settings.SSL_WHITELIST = True
        try:
            request = self.get('pattern/', ssl=True)
            self.assertTrue(request.is_secure())
            response = self.middleware.process_request(request)
            self.assertTrue(response is None)
            response = self.middleware.process_view(request, simple_view, [], {})
            self.assertTrue(response is None)
        finally:
            settings.SSL_WHITELIST = whitelist

    def test_not_enabled_kwarg(self):
        """
        Make HTTP request to SSL view without SSL_ENABLED.
        There should be no redirect.
        """
        ssl = getattr(settings, 'SSL_ENABLED', False)
        settings.SSL_ENABLED = False
        try:
            request = self.get('http/')
            self.assertFalse(request.is_secure())
            response = self.middleware.process_request(request)
            self.assertTrue(response is None)
            response = self.middleware.process_view(request, simple_view, [], {'SSL': True})
            self.assertTrue(response is None)
        finally:
            settings.SSL_ENABLED = ssl

    def test_not_enabled_pattern(self):
        """
        Make HTTP request to SSL pattern without SSL_ENABLED.
        There should be no redirect.
        """      
        ssl = getattr(settings, 'SSL_ENABLED', False)
        settings.SSL_ENABLED = False
        try:
            request = self.get('pattern/')
            self.assertFalse(request.is_secure())
            response = self.middleware.process_request(request)
            self.assertTrue(response is None)
            response = self.middleware.process_view(request, simple_view, [], {})
            self.assertTrue(response is None)
        finally:
            settings.SSL_ENABLED = ssl