def test_deletes_jwt_from_cookies_when_unset(self):
response = Response()
response.jwt_cookie = None
response = self.middleware.process_response(None, response)
self.assertEqual(response.cookies['jwt'].value, '')
self.assertEqual(response.cookies['jwt']['expires'], 'Thu, 01-Jan-1970 00:00:00 GMT')
def test_process_response_unsets_cookie(middleware, jwt):
response = Response()
response.jwt_cookie = None
response = middleware.process_response(Request(), response)
morsel = response.cookies['jwt']
assert morsel.value == ''
assert morsel['expires'] == 'Thu, 01-Jan-1970 00:00:00 GMT'
def serve(request, path, document_root=None, show_indexes=False):
"""
Usage in the router:
(r'(?P<path>.*)$', 'rivr.views.serve', {'document_root':'/usr/var/http/'})
"""
# Clean up given path to only allow serving files below document_root.
path = posixpath.normpath(urllib.unquote(path))
path = path.lstrip('/')
newpath = ''
for part in path.split('/'):
if not part:
# Strip empty path components.
continue
drive, part = os.path.splitdrive(part)
head, part = os.path.split(part)
if part in (os.curdir, os.pardir):
# Strip '.' and '..' in path.
continue
newpath = os.path.join(newpath, part).replace('\\', '/')
if newpath and path != newpath:
return ResponseRedirect(newpath)
fullpath = os.path.join(document_root, newpath)
if not os.path.exists(fullpath):
raise Http404, '"%s" does not exist.' % newpath
if os.path.isdir(fullpath):
if show_indexes:
return directory_index(request, newpath, fullpath)
raise Http404, 'Directory indexes are not allowed here.'
statobj = os.stat(fullpath)
if not was_modified_since(request.META.get('HTTP_IF_MODIFIED_SINCE'), statobj[stat.ST_MTIME], statobj[stat.ST_SIZE]):
return ResponseNotModified()
mimetype = mimetypes.guess_type(fullpath)[0] or 'application/octet-stream'
contents = open(fullpath, 'rb').read()
response = Response(contents, content_type=mimetype)
response.headers['Last-Modified'] = '%s GMT' % formatdate(statobj[stat.ST_MTIME])[:25]
response.headers['Content-Length'] = str(len(contents))
return response
def content_type_providers(self):
"""
Returns a dictionary of content type providers, key is a string
of the content type, i.e, `application/json` and the value is a
function that returns a response for that type.
"""
def json_provider(deserializer, content_type):
def inner():
content = json.dumps(deserializer(self))
return Response(
content,
content_type='{}; charset=utf8'.format(content_type))
return inner
return {
'application/json':
json_provider(deserialize_json, 'application/json'),
'application/hal+json':
json_provider(deserialize_hal, 'application/hal+json'),
'application/vnd.siren+json':
json_provider(deserialize_siren, 'application/vnd.siren+json'),
'text/html':
lambda: Response(deserialize_html(self)),
}
def test_process_request_calls_401_for_invalid_token():
jwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJleGFtcGxlLmNvbSJ9.INovSA2CyXeBwzR0Bqq-pFuxfQLVgnFpN4x1JP0Ve84'
middleware = JWTMiddleware(key='secret', audience='prod.example.com')
middleware.custom_401 = lambda r: Response('custom 401')
request = Request(headers={'Authorization': 'Bearer {}'.format(jwt)})
response = middleware.process_request(request)
assert response.content == 'custom 401'
assert request.jwt == None
def status_view(request):
status = {
'entrants':
Entrant.select().count(),
'invited':
Invitation.select().where(
Invitation.state == Invitation.INVITED_STATE).count(),
'accepted':
Invitation.select().where(
Invitation.state == Invitation.ACCEPTED_STATE).count(),
'rejected':
Invitation.select().where(
Invitation.state == Invitation.REJECTED_STATE).count(),
}
return Response(json.dumps(status), content_type='application/json')
def test_process_response_encodes_cookie(middleware, jwt):
response = Response()
response.jwt_cookie = {'name': 'Kyle'}
response = middleware.process_response(Request(), response)
assert response.cookies['jwt'].value == jwt
def test_encodes_jwt_in_cookie(self):
response = Response()
response.jwt_cookie = {'name': 'Kyle'}
response = self.middleware.process_response(None, response)
self.assertEqual(response.cookies['jwt'].value, self.jwt)
def inner():
content = json.dumps(deserializer(self))
return Response(
content,
content_type='{}; charset=utf8'.format(content_type))
