def setUp(self):
app_config = TestingConfig()
app.config.from_object(app_config)
self.app = app.test_client()
self.app_config = self.app.application.config
self.redis = redis
self.redis.flushall()
def setUp(self):
self.app = app.test_client()
self.app.set_cookie('localhost', 'authorization', 'session_key')
self.headers = {
"Authorization":
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoicmluZ3JhbUBub3d3aGVyZS5jb20iLCJ1c2VyX3Njb3BlcyI6WyJjaS5yZWFkIiwiY2kud3JpdGUiXX0.se0BJtNksVtk14aqjp7SvnXzRbEKoqXb8Q5U9VVdy54" # NOQA
}
def setUp(self):
self.app = app.test_client()
self.oauth_token = {
"id": 1,
"access_token": "8c77e013-d8dc-472c-b4d3-d4fbe21f80e7",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "",
"refresh_token": "b7ac07a6-4c28-43bd-a335-00250b490e9f",
"party_id": "test-id"
}
self.expired_oauth_token = {
"id": 1,
"access_token": "8c77e013-d8dc-472c-b4d3-d4fbe21f80e7",
"expires_in": -1,
"token_type": "Bearer",
"scope": "",
"refresh_token": "b7ac07a6-4c28-43bd-a335-00250b490e9f",
"party_id": "test-id"
}
self.sign_in_form = {
"username": "******",
"password": "******"
}
self.oauth_error = {'detail': 'Unauthorized user credentials'}
def setUp(self):
app_config = TestingConfig()
app.config.from_object(app_config)
self.app = app.test_client()
self.app_config = self.app.application.config
self.survey_file = FileStorage(io.BytesIO(b"my file contents"),
"testfile.xlsx")
def setUp(self):
app.testing = True
app_config = TestingConfig()
app.config.from_object(app_config)
self.app = app.test_client()
self.app_config = self.app.application.config
self.email_form = {"email_address": "*****@*****.**"}
def setUp(self):
app.testing = True
self.app = app.test_client()
self.sign_in_form = {
"username": "******",
"password": "******"
}
def setUp(self):
app.testing = True
self.app = app.test_client()
self.sign_in_form = {"username": "******", "password": "******"}
self.headers = {
"Authorization": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoicmluZ3JhbUBub3d3aGVyZS5jb20iLCJ1c2VyX3Njb3BlcyI6WyJjaS5yZWFkIiwiY2kud3JpdGUiXX0.se0BJtNksVtk14aqjp7SvnXzRbEKoqXb8Q5U9VVdy54" # NOQA
}
def setUp(self):
self.app = app.test_client()
self.app.set_cookie('localhost', 'authorization', 'session_key')
self.headers = {
"Authorization": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoicmluZ3JhbUBub3d3aGVyZS5jb20iLCJ1c2VyX3Njb3BlcyI6WyJjaS5yZWFkIiwiY2kud3JpdGUiXX0.se0BJtNksVtk14aqjp7SvnXzRbEKoqXb8Q5U9VVdy54" # NOQA
}
self.patcher = patch('redis.StrictRedis.get', return_value=encoded_jwt_token)
self.patcher.start()
def setUp(self):
app_config = TestingConfig()
app.config.from_object(app_config)
self.app = app.test_client()
self.app_config = self.app.application.config
self.survey_file = {
"file": ["testfile.xlsx",
io.BytesIO(b'my file contents')]
}
def setUp(self):
self.app = app.test_client()
self.auth_response = {}
self.sign_in_form = {
"username": "******",
"password": "******"
}
self.auth_error = {'detail': 'Unauthorized user credentials'}
os.environ['APP_SETTINGS'] = 'TestingConfig'
def setUp(self):
self.app = app.test_client()
self.app.set_cookie("localhost", "authorization", "session_key")
self.headers = {
"Authorization": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoicmluZ3JhbUBub3d3aGVyZS5jb20iLCJ1c2VyX3Njb3BlcyI6WyJjaS5yZWFkIiwiY2kud3JpdGUiXX0.se0BJtNksVtk14aqjp7SvnXzRbEKoqXb8Q5U9VVdy54" # NOQA
}
self.survey_file = dict(file=(io.BytesIO(b"my file contents"), "testfile.xlsx"))
self.patcher = patch("redis.StrictRedis.get", return_value=encoded_jwt_token)
self.patcher.start()
def setUp(self):
self.app = app.test_client()
self.app.testing = True
self.example_translations = {
"en_GB": {
"message1": "message_1_return",
"message2": False
},
"fr_FR": {
"message1": "message_1_revenir"
},
"es_ES": {}
}
def setUp(self):
self.app = app.test_client()
self.app.set_cookie("localhost", "authorization", "session_key")
self.headers = {
"Authorization":
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoicmluZ3JhbUBub3d3aGVyZS5jb20iLCJ1c2Vy"
"X3Njb3BlcyI6WyJjaS5yZWFkIiwiY2kud3JpdGUiXX0.se0BJtNksVtk14aqjp7SvnXzRbEKoqXb8Q5U9VVdy54"
# NOQA
}
self.patcher = patch("redis.StrictRedis.get",
return_value=encoded_jwt_token)
self.contact_details_form = {"option": "contact_details"}
self.patcher.start()
self.auth_error = {"detail": "Unauthorized user credentials"}
def setUp(self):
self.app = app.test_client()
self.app.set_cookie('localhost', 'authorization', 'session_key')
self.headers = {
"Authorization":
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoicmluZ3JhbUBub3d3aGVyZS5jb20iLCJ1c2VyX3Njb3BlcyI6WyJjaS5yZWFkIiwiY2kud3JpdGUiXX0.se0BJtNksVtk14aqjp7SvnXzRbEKoqXb8Q5U9VVdy54" # NOQA
}
self.survey_file = dict(file=(io.BytesIO(b'my file contents'),
"testfile.xlsx"))
self.upload_error = {"error": {"data": {"message": ".xlsx format"}}}
self.patcher = patch('redis.StrictRedis.get',
return_value=encoded_jwt_token)
self.params = {"encrypted_enrolment_code": encrypted_enrolment_code}
self.patcher.start()
def setUp(self):
self.app = app.test_client()
self.app.testing = True
self.app.set_cookie('localhost', 'authorization', 'session_key')
self.patcher = patch('redis.StrictRedis.get', return_value=encoded_jwt_token)
self.patcher.start()
self.message_form = {
"subject": "subject",
"body": "body",
"send": "Send",
"thread_id": "7bc5d41b-0549-40b3-ba76-42f6d4cf3fdb",
}
self.headers = {
"Authorization": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoicmluZ3JhbUBub3d3aGVyZS5jb20iLCJ1c2VyX3Njb3BlcyI6WyJjaS5yZWFkIiwiY2kud3JpdGUiXX0.se0BJtNksVtk14aqjp7SvnXzRbEKoqXb8Q5U9VVdy54" # NOQA
}
def setUp(self):
self.app = app.test_client()
self.app.set_cookie("localhost", "authorization", "session_key")
self.headers = {
"Authorization":
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoicmluZ3JhbUBub3d3aGVyZS5jb20iLCJ1c2VyX3Njb3BlcyI6WyJjaS5yZWFkIiwiY2kud3JpdGUiXX0.se0BJtNksVtk14aqjp7SvnXzRbEKoqXb8Q5U9VVdy54" # NOQA
}
self.patcher = patch("redis.StrictRedis.get",
return_value=encoded_jwt_token)
self.case_data = {
"collection_exercise": collection_exercise,
"collection_instrument": collection_instrument_seft,
"survey": survey,
"business_party": business_party,
}
self.patcher.start()
def setUp(self):
app.testing = True
self.app = app.test_client()
self.email_form = {"email_address": "*****@*****.**"}
self.oauth2_response = {
'id': 1,
'access_token': '99a81f9c-e827-448b-8fa7-d563b76137ca',
'expires_in': 3600,
'token_type': 'Bearer',
'scope': '',
'refresh_token': 'a74fd471-6981-4503-9f59-00d45d339a15'
}
self.password_form = {
"password": "******",
"password_confirm": "Gizmo007!"
}
def setUp(self):
self.app = app.test_client()
self.headers = {
"Authorization":
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoicmluZ3JhbUBub3d3aGVyZS5jb20iLCJ1c2VyX3Njb3BlcyI6WyJjaS5yZWFkIiwiY2kud3JpdGUiXX0.se0BJtNksVtk14aqjp7SvnXzRbEKoqXb8Q5U9VVdy54" # NOQA
}
self.test_user = {
"first_name": "john",
"last_name": "doe",
"email_address": "*****@*****.**",
"email_address_confirm": "*****@*****.**",
"password": "******",
"password_confirm": "Password123!",
"phone_number": "07717275049",
}
self.organisation_survey_data = {
"survey_name": "test_survey",
"organisation_name": "test_org"
}
self.params = {"encrypted_enrolment_code": encrypted_enrolment_code}
def setUp(self):
self.app = app.test_client()
self.headers = {
"Authorization":
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoicmluZ3JhbUBub3d3aGVyZS5jb20iLCJ1c2VyX3Njb3BlcyI6WyJjaS5yZWFkIiwiY2kud3JpdGUiXX0.se0BJtNksVtk14aqjp7SvnXzRbEKoqXb8Q5U9VVdy54" # NOQA
}
self.test_user = {
'first_name': 'john',
'last_name': 'doe',
'email_address': '*****@*****.**',
'email_address_confirm': '*****@*****.**',
'password': '******',
'password_confirm': 'Password123!',
'phone_number': '07717275049'
}
self.organisation_survey_data = {
'survey_name': 'test_survey',
'organisation_name': 'test_org'
}
self.params = {"encrypted_enrolment_code": encrypted_enrolment_code}
def test_enforces_secure_headers(self):
with app.test_client() as client:
headers = client.get(
'/',
headers={
'X-Forwarded-Proto': 'https'
} # set protocol so that talisman sets HSTS headers
).headers
self.assertEqual('no-cache, no-store, must-revalidate',
headers['Cache-Control'])
self.assertEqual('no-cache', headers['Pragma'])
self.assertEqual('max-age=31536000; includeSubDomains',
headers['Strict-Transport-Security'])
self.assertEqual('DENY', headers['X-Frame-Options'])
self.assertEqual('1; mode=block', headers['X-Xss-Protection'])
self.assertEqual('nosniff', headers['X-Content-Type-Options'])
csp_policy_parts = headers['Content-Security-Policy'].split('; ')
self.assertIn("default-src 'self' https://cdn.ons.gov.uk",
csp_policy_parts)
self.assertIn(
"font-src 'self' data: https://fonts.gstatic.com https://cdn.ons.gov.uk",
csp_policy_parts)
self.assertIn(
"script-src 'self' https://www.googletagmanager.com https://cdn.ons.gov.uk 'nonce-{}'"
.format(request.csp_nonce), csp_policy_parts)
# TODO: fix assertion error
# self.assertIn(
# "connect-src 'self' https://www.googletagmanager.com https://tagmanager.google.com https://cdn.ons.gov.uk "
# 'http://localhost:8082 ws://localhost:8082', csp_policy_parts)
self.assertIn(
"img-src 'self' data: https://www.gstatic.com https://www.google-analytics.com "
'https://www.googletagmanager.com https://ssl.gstatic.com https://cdn.ons.gov.uk',
csp_policy_parts)
self.assertIn(
"style-src 'self' https://cdn.ons.gov.uk 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com",
csp_policy_parts)
def test_enforces_secure_headers(self, mock_request):
mock_request.get(url_banner_api, status_code=404)
with app.test_client() as client:
headers = client.get(
"/", headers={"X-Forwarded-Proto": "https"} # set protocol so that talisman sets HSTS headers
).headers
self.assertEqual("no-cache, no-store, must-revalidate", headers["Cache-Control"])
self.assertEqual("no-cache", headers["Pragma"])
self.assertEqual("max-age=31536000; includeSubDomains", headers["Strict-Transport-Security"])
self.assertEqual("DENY", headers["X-Frame-Options"])
self.assertEqual("1; mode=block", headers["X-Xss-Protection"])
self.assertEqual("nosniff", headers["X-Content-Type-Options"])
csp_policy_parts = headers["Content-Security-Policy"].split("; ")
self.assertIn("default-src 'self' https://cdn.ons.gov.uk", csp_policy_parts)
self.assertIn("font-src 'self' data: https://fonts.gstatic.com https://cdn.ons.gov.uk", csp_policy_parts)
self.assertIn(
"script-src 'self' https://www.googletagmanager.com https://cdn.ons.gov.uk 'nonce-{}'".format(
request.csp_nonce
),
csp_policy_parts,
)
# TODO: fix assertion error
# self.assertIn(
# "connect-src 'self' https://www.googletagmanager.com https://tagmanager.google.com https://cdn.ons.gov.uk "
# 'http://localhost:8082 ws://localhost:8082', csp_policy_parts)
self.assertIn(
"img-src 'self' data: https://www.gstatic.com https://www.google-analytics.com "
"https://www.googletagmanager.com https://ssl.gstatic.com https://cdn.ons.gov.uk",
csp_policy_parts,
)
self.assertIn(
"style-src 'self' https://cdn.ons.gov.uk 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com",
csp_policy_parts,
)
def setUp(self):
app_config = TestingConfig()
app.config.from_object(app_config)
self.app = app.test_client()
self.app_config = self.app.application.config
def setUp(self):
app.testing = True
self.app = app.test_client()
os.environ['APP_SETTINGS'] = 'TestingConfig'
def setUp(self):
app.testing = True
self.app = app.test_client()
self.email_form = {"email_address": "*****@*****.**"}
self.auth_response = {}
self.password_form = {"password": "******", "password_confirm": "Gizmo007!"}
def setUp(self):
app.testing = True
self.app = app.test_client()
def setUp(self):
self.app = app.test_client()
self.app.testing = True
self.redis = redis
self.redis.flushall()
def setUp(self):
self.app = app.test_client()
def setUp(self):
app_config = TestingConfig()
app.config.from_object(app_config)
self.app = app.test_client()
self.survey_file = dict(file=(io.BytesIO(b'my file contents'),
"testfile.xlsx"))
def setUp(self):
self.app = app.test_client()
self.app.testing = True
self.session = Session.from_party_id("test")
def setUp(self):
app.testing = True
self.app = app.test_client()
os.environ["APP_SETTINGS"] = "TestingConfig"
