def test_site_in_maintenance_mode(self):
"""
:return:
"""
request = self.request_factory.request()
request.path_info = u'/admin/'
request.site = get_current_site(request)
user = request.user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME})
request.session = self.SessionStore(hashlib.md5(smart_bytes(getattr(user, user.USERNAME_FIELD))).hexdigest())
middleware = FirewallMiddleware()
site_rules = SiteRoutingRules.objects.get(site=request.site)
site_rules.maintenance_mode = True
site_rules.save()
request.META['HTTP_ACCEPT'] = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
response = middleware.process_request(request)
self.assertEqual(503, response.status_code)
self.assertIn('503', smart_text(response.content))
request.META['HTTP_ACCEPT'] = "application/json, text/javascript, */*; q=0.01"
response = middleware.process_request(request)
self.assertEqual(503, response.status_code)
self.assertIsInstance(response, JsonResponse)
self.assertEqual(json.loads(smart_text(response.content))['meta']['status'], 503)
# Make sure no maintenance mode restriction
clean_all_lru_caches()
HACS_SITE_CACHE.clear()
site_rules.maintenance_mode = False
site_rules.save()
response = middleware.process_request(request)
self.assertIsNone(response)
def test_site_http_method_filter(self):
""""""
request = self.request_factory.request()
request.path_info = u'/admin/sites/site/'
request.site = get_current_site(request)
user = request.user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME})
request.session = self.SessionStore(hashlib.md5(smart_bytes(getattr(user, user.USERNAME_FIELD))).hexdigest())
request.META['HTTP_ACCEPT'] = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
middleware = FirewallMiddleware()
site_rules = SiteRoutingRules.objects.get(site=request.site)
site_rules.allowed_method = ['GET', 'HEAD']
site_rules.save()
request.method = 'POST'
response = middleware.process_request(request)
# Should not be None
self.assertIsNotNone(response)
self.assertEqual(response.status_code, 405)
self.assertIn(request.method, smart_text(response.content))
HACS_SITE_CACHE.clear()
request.META['HTTP_ACCEPT'] = "application/json, text/javascript, */*; q=0.01"
response = middleware.process_request(request)
self.assertEqual(405, response.status_code)
self.assertIsInstance(response, JsonResponse)
self.assertEqual(json.loads(smart_text(response.content))['meta']['status'], 405)
HACS_SITE_CACHE.clear()
request.method = 'GET'
response = middleware.process_request(request)
# Should be None
self.assertIsNone(response)
def test_set_group_urlconf(self):
request = self.request_factory.request()
request.site = get_current_site(request)
user = request.user = UserModel.objects.get(username=TEST_USER_NAME)
middleware = FirewallMiddleware()
middleware._set_group_urlconf(request, user.groups.get(name='administrator'))
group_key = get_group_key(request, user.groups.get(name='administrator'))
group_urlconf_module = get_generated_urlconf_module(get_generated_urlconf_file(TEST_GROUP_ROUTE_NAME))
# We make sure cache is updated and right values are assigned
self.assertEqual(group_urlconf_module, self.cache.get(group_key)['urlconf'])
self.assertEqual(RoutingTable.objects.get(route_name=TEST_GROUP_ROUTE_NAME),
RoutingTable.objects.get(pk=self.cache.get(group_key)['route_id']))
def test_calculate_user_urlconf(self):
"""
:return:
"""
urls_confs = []
for route in RoutingTable.objects.all().order_by('-id'):
if not os.path.exists(get_generated_urlconf_file(route.route_name)):
generate_urlconf_file(get_generated_urlconf_file(route.route_name), route)
urls_confs.append(get_generated_urlconf_module(get_generated_urlconf_file(route.route_name)))
middleware = FirewallMiddleware()
result = middleware._calculate_user_urlconf('/admin/', urls_confs)
expected_urlconf = get_generated_urlconf_module(
get_generated_urlconf_file(TEST_GROUP_ROUTE_NAME),
RoutingTable.objects.get(route_name=TEST_GROUP_ROUTE_NAME))
self.assertEqual(result, expected_urlconf)
def test_set_auth_group_settings(self):
""""""
request = self.request_factory.request()
request.site = get_current_site(request)
user = request.user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME})
middleware = FirewallMiddleware()
group = user.groups.unrestricted().first()
middleware.set_auth_group_settings(request, group)
group_key = get_group_key(request, group)
group_urlconf_module = get_generated_urlconf_module(get_generated_urlconf_file(TEST_GROUP_ROUTE_NAME))
# We make sure cache is updated and right values are assigned
self.assertEqual(group_urlconf_module, self.cache.get(group_key)['urlconf'])
self.assertEqual(RoutingTable.objects.get_by_natural_key(TEST_GROUP_ROUTE_NAME),
RoutingTable.objects.get(pk=self.cache.get(group_key)['route_id']))
def test_process_request(self):
request = self.request_factory.request()
request.urlconf = None
request.path_info = '/admin/'
request.site = get_current_site(request)
user = request.user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME})
request.session = self.SessionStore(hashlib.md5(smart_bytes(getattr(user, user.USERNAME_FIELD))).hexdigest())
middleware = FirewallMiddleware()
middleware.process_request(request)
user_urlconf_module = get_generated_urlconf_module(get_generated_urlconf_file(TEST_USER_ROUTE_NAME))
# Make sure user's urlconf module is assigned
self.assertEqual(user_urlconf_module, request.urlconf)
# Let's Try for Anonymous User
request.urlconf = None
request.user = AnonymousUser()
self.cache.clear()
request.session.clear()
middleware.process_request(request)
# Should be Fallback urlconf module
self.assertEqual(request.urlconf, HACS_FALLBACK_URLCONF)
ContentTypeRoutingRules.objects.filter(content_type=ContentType.objects.get_for_model(self.user_model_cls),
object_id=user.id).delete()
user_urlconf_module = get_generated_urlconf_module(get_generated_urlconf_file(TEST_GROUP_ROUTE_NAME), validation=False)
self.cache.clear()
request.session.clear()
# Restore original user
request.user = user
middleware.process_request(request)
# Make sure user's group's urlconf is assigned as user's routing is not available
self.assertEqual(user_urlconf_module, request.urlconf)
ContentTypeRoutingRules.objects.filter(content_type=ContentType.objects.get_for_model(HacsGroupModel)).delete()
self.cache.clear()
request.session.clear()
request.urlconf = None
middleware.process_request(request)
# As urlconf is unavailable for user as well as groups and request urlconf attribute has None value
# So showing warning and assign fallback urlconf
self.assertEqual(request.urlconf, HACS_FALLBACK_URLCONF)
def test_set_user_urlconf(self):
request = self.request_factory.request()
request.path_info = u'/admin/'
request.site = get_current_site(request)
session = request.session = self.SessionStore(hashlib.md5('hacs').hexdigest())
user = request.user = UserModel.objects.get(username=TEST_USER_NAME)
middleware = FirewallMiddleware()
request.session['settings'] = dict()
middleware._set_user_urlconf(request)
user_urlconf_module = get_generated_urlconf_module(get_generated_urlconf_file(TEST_USER_ROUTE_NAME))
# We Make sure session is updated
try:
self.assertEqual(session['settings']['urlconf'], user_urlconf_module)
except KeyError:
raise AssertionError("Code should not come here")
# Make sure cache is also updated
user_cache_key = get_user_key(request)
self.assertEqual(self.cache.get(user_cache_key)['urlconf'], user_urlconf_module)
ContentTypeRoutingTable.objects.filter(content_type=ContentType.objects.get_for_model(UserModel),
object_id=user.id).delete()
request.session.clear()
request.session['settings'] = dict()
self.cache.clear()
middleware._set_user_urlconf(request)
# Make sure session updated and urlconf changed to Group Routing specific
user_urlconf_module = get_generated_urlconf_module(get_generated_urlconf_file(TEST_GROUP_ROUTE_NAME))
try:
# user's urlconf should be instance of tuple, because use could be member of several groups
self.assertEqual(session['settings']['urlconf'][0], user_urlconf_module)
except KeyError:
raise AssertionError("Code should not come here")
# Make sure cache also be updated and Group specific routing
self.assertEqual(self.cache.get(user_cache_key)['urlconf'][0], user_urlconf_module)
ContentTypeRoutingTable.objects.filter(content_type=ContentType.objects.get_for_model(Group)).delete()
request.session.clear()
request.session['settings'] = dict()
self.cache.clear()
middleware._set_user_urlconf(request)
# Make sure fallback urlconf is None, because request has no urlconf attribute either set by DynamicMiddleware
# or from django settings
try:
# user's urlconf should be none, because either user or groups have no urlconf
self.assertIsNone(session['settings']['urlconf'])
except KeyError:
raise AssertionError("Code should not come here")
def test_calculate_user_urlconf(self):
"""
:return:
"""
middleware = FirewallMiddleware()
request = self.request_factory.request()
test_user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME})
test_site = Site.objects.get(domain=TEST_HOST_NAME)
request.site = test_site
user_rules = ContentTypeRoutingRules.objects.get(
content_type=ContentType.objects.get_for_model(self.user_model_cls),
object_id=test_user.pk,
site=test_site
)
request.user = test_user
request.path_info = '/admin/'
user_settings = {
'urlconf': get_generated_urlconf_module(get_generated_urlconf_file(user_rules.route.slug), False),
'allowed_http_methods': user_rules.allowed_method,
'blacklisted_uri': None,
'whitelisted_uri': None,
'has_own_rules': True
}
result = middleware._calculate_user_urlconf(request, user_settings)
expected_urlconf = get_generated_urlconf_module(get_generated_urlconf_file(TEST_USER_ROUTE_NAME), False)
self.assertEqual(result, expected_urlconf)
# we remove user's rules so should come from groups
ContentTypeRoutingRules.objects.filter(
content_type=ContentType.objects.get_for_model(self.user_model_cls),
object_id=test_user.pk,
site=test_site
).delete()
user_settings['has_own_rules'] = False
user_settings['urlconf'] = None
user_settings['allowed_http_methods'] = None
user_settings['groups'] = []
for group in test_user.groups.unrestricted():
user_settings['groups'].append((get_group_key(request, group), group.natural_key()))
# We will trigger auth group settings from here
middleware.set_auth_group_settings(request, group, False)
result = middleware._calculate_user_urlconf(request, user_settings)
expected_urlconf = get_generated_urlconf_module(get_generated_urlconf_file(TEST_GROUP_ROUTE_NAME), False)
self.assertEqual(result, expected_urlconf)
# Make sure user settings is updated
self.assertEqual(len( user_settings['allowed_http_methods']), 2)
self.assertEqual(tuple(user_settings['allowed_http_methods']), ('GET', 'POST', ))
def test_set_auth_user_settings(self):
""""""
request = self.request_factory.request()
request.path_info = '/admin/'
request.site = get_current_site(request)
user = request.user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME})
middleware = FirewallMiddleware()
middleware.set_auth_user_settings(request)
user_urlconf_module = get_generated_urlconf_module(get_generated_urlconf_file(TEST_USER_ROUTE_NAME))
# Make sure cache is updated
user_cache_key = get_user_key(request)
self.assertEqual(self.cache.get(user_cache_key)['urlconf'], user_urlconf_module)
ContentTypeRoutingRules.objects.filter(content_type=ContentType.objects.get_for_model(self.user_model_cls),
object_id=user.id).delete()
self.cache.clear()
middleware.set_auth_user_settings(request)
# Make sure cache be updated and should be None
self.assertIsNone(self.cache.get(user_cache_key)['urlconf'])
def test_contenttype_http_method_filter(self):
""""""
request = self.request_factory.request()
request.path_info = u'/admin/sites/site/'
request.site = get_current_site(request)
user = request.user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME})
user_key = get_user_key(request)
request.session = self.SessionStore(hashlib.md5(smart_bytes(getattr(user, user.USERNAME_FIELD))).hexdigest())
request.META['HTTP_ACCEPT'] = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
middleware = FirewallMiddleware()
##
# User Level Filter
##
user_rules = ContentTypeRoutingRules.objects.get(
site=request.site,
content_type=ContentType.objects.get_for_model(self.user_model_cls),
object_id=user.pk
)
user_rules.allowed_method = ['GET', 'HEAD']
user_rules.save()
request.method = 'POST'
response = middleware.process_request(request)
# Should not be None
self.assertIsNotNone(response)
self.assertEqual(response.status_code, 405)
self.assertIn(request.method, smart_text(response.content))
self.cache.clear()
request.session.clear()
request.method = 'HEAD'
response = middleware.process_request(request)
# Should be None
self.assertIsNone(response)
##
# Group Level Filter
##
user_rules.delete()
self.cache.clear()
request.session.clear()
clean_all_lru_caches()
group_rules = ContentTypeRoutingRules.objects.get(
site=request.site,
content_type=ContentType.objects.get_for_model(HacsGroupModel),
object_id=HacsGroupModel.objects.get(name='Editors').pk
)
group_rules.allowed_method = ['GET']
group_rules.save()
response = middleware.process_request(request)
# Should not be None
self.assertIsNotNone(response)
self.assertEqual(response.status_code, 405)
self.assertIn(request.method, smart_text(response.content))
self.assertEqual(self.cache.get(user_key)['allowed_http_methods'], ['GET'])
self.cache.clear()
request.session.clear()
clean_all_lru_caches()
request.method = 'GET'
response = middleware.process_request(request)
self.assertIsNone(response)
def test_contenttype_uri_blacklist_whitelist_filter(self):
"""
:return:
"""
request = self.request_factory.request()
request.path_info = u'/admin/sites/site/'
request.site = get_current_site(request)
request.urlconf = None
user = request.user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME})
user_key = get_user_key(request)
request.session = self.SessionStore(hashlib.md5(smart_bytes(getattr(user, user.USERNAME_FIELD))).hexdigest())
user_rules = ContentTypeRoutingRules.objects.get(
site=request.site,
content_type=ContentType.objects.get_for_model(self.user_model_cls), object_id=user.pk)
user_rules.blacklisted_uri = "^a[a-zA-Z0-9/]+/sites/"
user_rules.save()
middleware = FirewallMiddleware()
##
# User Level URI Filter Test Start
##
# BlackList
response = middleware.process_request(request)
self.assertIsNotNone(response)
self.assertEqual(response.status_code, 503)
self.assertIn("503", smart_text(response.content))
request.session.clear()
self.cache.clear()
user_rules.blacklisted_uri = None
user_rules.save()
response = middleware.process_request(request)
# should not return anything
self.assertIsNone(response)
# Whitelist
user_rules.whitelisted_uri = "^a[a-zA-Z0-9/]+/sites/"
user_rules.save()
request.session.clear()
self.cache.clear()
response = middleware.process_request(request)
# as match with white list so should not gives errors
self.assertIsNone(response)
user_rules.whitelisted_uri = "^f[a-zA-Z0-9/]+/sites/"
user_rules.save()
request.session.clear()
self.cache.clear()
response = middleware.process_request(request)
self.assertIsNotNone(response)
self.assertEqual(response.status_code, 503)
self.assertIn("503", smart_text(response.content))
##
# Group Level URI Filter Test Start
##
# BlackList
request.session.clear()
self.cache.clear()
user_rules.delete()
group_rules = ContentTypeRoutingRules.objects.get(
site=request.site,
content_type=ContentType.objects.get_for_model(HacsGroupModel),
object_id=HacsGroupModel.objects.get(name='Editors').pk
)
group_rules.blacklisted_uri = "^a[a-zA-Z0-9/]+/sites/"
group_rules.save()
response = middleware.process_request(request)
# Should not None, as inherited from group
self.assertIsNotNone(self.cache.get(user_key)['urlconf'])
self.assertEqual(self.cache.get(user_key)['blacklisted_uri'], "^a[a-zA-Z0-9/]+/sites/")
self.assertIsNotNone(response)
self.assertEqual(response.status_code, 503)
self.assertIn("503", smart_text(response.content))
request.session.clear()
self.cache.clear()
group_rules.blacklisted_uri = "^f[a-zA-Z0-9/]+/sites/"
group_rules.save()
response = middleware.process_request(request)
# Should be none as blacklisted not match
self.assertIsNone(response)
# Whitelist
request.session.clear()
self.cache.clear()
group_rules.blacklisted_uri = None
group_rules.whitelisted_uri = "^a[a-zA-Z0-9/]+/sites/"
group_rules.save()
response = middleware.process_request(request)
# Should be none as whitelisted not match
self.assertIsNone(response)
self.assertIsNotNone(self.cache.get(user_key)['urlconf'])
self.assertEqual(self.cache.get(user_key)['whitelisted_uri'], "^a[a-zA-Z0-9/]+/sites/")
request.session.clear()
self.cache.clear()
group_rules.whitelisted_uri = "^f[a-zA-Z0-9/]+/sites/"
group_rules.save()
response = middleware.process_request(request)
self.assertIsNotNone(response)
self.assertEqual(response.status_code, 503)
self.assertIn("503", smart_text(response.content))
def test_site_uri_blacklist_whitelist_filter(self):
"""
:return:
"""
request = self.request_factory.request()
request.urlconf = None
request.path_info = u'/admin/sites/site/'
request.site = get_current_site(request)
user = request.user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME})
request.session = self.SessionStore(hashlib.md5(smart_bytes(getattr(user, user.USERNAME_FIELD))).hexdigest())
middleware = FirewallMiddleware()
##
# Site Level URI Filter Test Start
##
# BlackList
site_rules = SiteRoutingRules.objects.get(site=request.site)
site_rules.blacklisted_uri = "^a[a-zA-Z0-9/]+/sites/"
site_rules.save()
request.META['HTTP_ACCEPT'] = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
response = middleware.process_request(request)
self.assertIsNotNone(response)
self.assertEqual(response.status_code, 503)
self.assertIn("503", smart_text(response.content))
request.META['HTTP_ACCEPT'] = "application/json, text/javascript, */*; q=0.01"
response = middleware.process_request(request)
self.assertEqual(503, response.status_code)
self.assertIsInstance(response, JsonResponse)
self.assertEqual(json.loads(smart_text(response.content))['meta']['status'], 503)
clean_all_lru_caches()
HACS_SITE_CACHE.clear()
site_rules.blacklisted_uri = None
site_rules.save()
response = middleware.process_request(request)
self.assertIsNone(response)
# Whitelist
clean_all_lru_caches()
HACS_SITE_CACHE.clear()
site_rules = SiteRoutingRules.objects.get(site=request.site)
site_rules.whitelisted_uri = "^a[a-zA-Z0-9/]+/sites/"
site_rules.save()
request.META['HTTP_ACCEPT'] = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
response = middleware.process_request(request)
# pass filter, so should be None
self.assertIsNone(response)
clean_all_lru_caches()
HACS_SITE_CACHE.clear()
site_rules.whitelisted_uri = "^f[a-zA-Z0-9/]+/sites/"
site_rules.save()
response = middleware.process_request(request)
self.assertIsNotNone(response)
self.assertEqual(response.status_code, 503)
self.assertIn("503", smart_text(response.content))
request.META['HTTP_ACCEPT'] = "application/json, text/javascript, */*; q=0.01"
response = middleware.process_request(request)
self.assertEqual(503, response.status_code)
self.assertIsInstance(response, JsonResponse)
self.assertEqual(json.loads(smart_text(response.content))['meta']['status'], 503)
def test_validate(self):
middleware = FirewallMiddleware()
# Validate
self.assertTrue(middleware._validate)