def test_site_in_maintenance_mode(self): """ :return: """ request = self.request_factory.request() request.path_info = u'/admin/' request.site = get_current_site(request) user = request.user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME}) request.session = self.SessionStore(hashlib.md5(smart_bytes(getattr(user, user.USERNAME_FIELD))).hexdigest()) middleware = FirewallMiddleware() site_rules = SiteRoutingRules.objects.get(site=request.site) site_rules.maintenance_mode = True site_rules.save() request.META['HTTP_ACCEPT'] = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" response = middleware.process_request(request) self.assertEqual(503, response.status_code) self.assertIn('503', smart_text(response.content)) request.META['HTTP_ACCEPT'] = "application/json, text/javascript, */*; q=0.01" response = middleware.process_request(request) self.assertEqual(503, response.status_code) self.assertIsInstance(response, JsonResponse) self.assertEqual(json.loads(smart_text(response.content))['meta']['status'], 503) # Make sure no maintenance mode restriction clean_all_lru_caches() HACS_SITE_CACHE.clear() site_rules.maintenance_mode = False site_rules.save() response = middleware.process_request(request) self.assertIsNone(response)
def test_site_http_method_filter(self): """""" request = self.request_factory.request() request.path_info = u'/admin/sites/site/' request.site = get_current_site(request) user = request.user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME}) request.session = self.SessionStore(hashlib.md5(smart_bytes(getattr(user, user.USERNAME_FIELD))).hexdigest()) request.META['HTTP_ACCEPT'] = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" middleware = FirewallMiddleware() site_rules = SiteRoutingRules.objects.get(site=request.site) site_rules.allowed_method = ['GET', 'HEAD'] site_rules.save() request.method = 'POST' response = middleware.process_request(request) # Should not be None self.assertIsNotNone(response) self.assertEqual(response.status_code, 405) self.assertIn(request.method, smart_text(response.content)) HACS_SITE_CACHE.clear() request.META['HTTP_ACCEPT'] = "application/json, text/javascript, */*; q=0.01" response = middleware.process_request(request) self.assertEqual(405, response.status_code) self.assertIsInstance(response, JsonResponse) self.assertEqual(json.loads(smart_text(response.content))['meta']['status'], 405) HACS_SITE_CACHE.clear() request.method = 'GET' response = middleware.process_request(request) # Should be None self.assertIsNone(response)
def test_set_group_urlconf(self): request = self.request_factory.request() request.site = get_current_site(request) user = request.user = UserModel.objects.get(username=TEST_USER_NAME) middleware = FirewallMiddleware() middleware._set_group_urlconf(request, user.groups.get(name='administrator')) group_key = get_group_key(request, user.groups.get(name='administrator')) group_urlconf_module = get_generated_urlconf_module(get_generated_urlconf_file(TEST_GROUP_ROUTE_NAME)) # We make sure cache is updated and right values are assigned self.assertEqual(group_urlconf_module, self.cache.get(group_key)['urlconf']) self.assertEqual(RoutingTable.objects.get(route_name=TEST_GROUP_ROUTE_NAME), RoutingTable.objects.get(pk=self.cache.get(group_key)['route_id']))
def test_calculate_user_urlconf(self): """ :return: """ urls_confs = [] for route in RoutingTable.objects.all().order_by('-id'): if not os.path.exists(get_generated_urlconf_file(route.route_name)): generate_urlconf_file(get_generated_urlconf_file(route.route_name), route) urls_confs.append(get_generated_urlconf_module(get_generated_urlconf_file(route.route_name))) middleware = FirewallMiddleware() result = middleware._calculate_user_urlconf('/admin/', urls_confs) expected_urlconf = get_generated_urlconf_module( get_generated_urlconf_file(TEST_GROUP_ROUTE_NAME), RoutingTable.objects.get(route_name=TEST_GROUP_ROUTE_NAME)) self.assertEqual(result, expected_urlconf)
def test_set_auth_group_settings(self): """""" request = self.request_factory.request() request.site = get_current_site(request) user = request.user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME}) middleware = FirewallMiddleware() group = user.groups.unrestricted().first() middleware.set_auth_group_settings(request, group) group_key = get_group_key(request, group) group_urlconf_module = get_generated_urlconf_module(get_generated_urlconf_file(TEST_GROUP_ROUTE_NAME)) # We make sure cache is updated and right values are assigned self.assertEqual(group_urlconf_module, self.cache.get(group_key)['urlconf']) self.assertEqual(RoutingTable.objects.get_by_natural_key(TEST_GROUP_ROUTE_NAME), RoutingTable.objects.get(pk=self.cache.get(group_key)['route_id']))
def test_process_request(self): request = self.request_factory.request() request.urlconf = None request.path_info = '/admin/' request.site = get_current_site(request) user = request.user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME}) request.session = self.SessionStore(hashlib.md5(smart_bytes(getattr(user, user.USERNAME_FIELD))).hexdigest()) middleware = FirewallMiddleware() middleware.process_request(request) user_urlconf_module = get_generated_urlconf_module(get_generated_urlconf_file(TEST_USER_ROUTE_NAME)) # Make sure user's urlconf module is assigned self.assertEqual(user_urlconf_module, request.urlconf) # Let's Try for Anonymous User request.urlconf = None request.user = AnonymousUser() self.cache.clear() request.session.clear() middleware.process_request(request) # Should be Fallback urlconf module self.assertEqual(request.urlconf, HACS_FALLBACK_URLCONF) ContentTypeRoutingRules.objects.filter(content_type=ContentType.objects.get_for_model(self.user_model_cls), object_id=user.id).delete() user_urlconf_module = get_generated_urlconf_module(get_generated_urlconf_file(TEST_GROUP_ROUTE_NAME), validation=False) self.cache.clear() request.session.clear() # Restore original user request.user = user middleware.process_request(request) # Make sure user's group's urlconf is assigned as user's routing is not available self.assertEqual(user_urlconf_module, request.urlconf) ContentTypeRoutingRules.objects.filter(content_type=ContentType.objects.get_for_model(HacsGroupModel)).delete() self.cache.clear() request.session.clear() request.urlconf = None middleware.process_request(request) # As urlconf is unavailable for user as well as groups and request urlconf attribute has None value # So showing warning and assign fallback urlconf self.assertEqual(request.urlconf, HACS_FALLBACK_URLCONF)
def test_set_user_urlconf(self): request = self.request_factory.request() request.path_info = u'/admin/' request.site = get_current_site(request) session = request.session = self.SessionStore(hashlib.md5('hacs').hexdigest()) user = request.user = UserModel.objects.get(username=TEST_USER_NAME) middleware = FirewallMiddleware() request.session['settings'] = dict() middleware._set_user_urlconf(request) user_urlconf_module = get_generated_urlconf_module(get_generated_urlconf_file(TEST_USER_ROUTE_NAME)) # We Make sure session is updated try: self.assertEqual(session['settings']['urlconf'], user_urlconf_module) except KeyError: raise AssertionError("Code should not come here") # Make sure cache is also updated user_cache_key = get_user_key(request) self.assertEqual(self.cache.get(user_cache_key)['urlconf'], user_urlconf_module) ContentTypeRoutingTable.objects.filter(content_type=ContentType.objects.get_for_model(UserModel), object_id=user.id).delete() request.session.clear() request.session['settings'] = dict() self.cache.clear() middleware._set_user_urlconf(request) # Make sure session updated and urlconf changed to Group Routing specific user_urlconf_module = get_generated_urlconf_module(get_generated_urlconf_file(TEST_GROUP_ROUTE_NAME)) try: # user's urlconf should be instance of tuple, because use could be member of several groups self.assertEqual(session['settings']['urlconf'][0], user_urlconf_module) except KeyError: raise AssertionError("Code should not come here") # Make sure cache also be updated and Group specific routing self.assertEqual(self.cache.get(user_cache_key)['urlconf'][0], user_urlconf_module) ContentTypeRoutingTable.objects.filter(content_type=ContentType.objects.get_for_model(Group)).delete() request.session.clear() request.session['settings'] = dict() self.cache.clear() middleware._set_user_urlconf(request) # Make sure fallback urlconf is None, because request has no urlconf attribute either set by DynamicMiddleware # or from django settings try: # user's urlconf should be none, because either user or groups have no urlconf self.assertIsNone(session['settings']['urlconf']) except KeyError: raise AssertionError("Code should not come here")
def test_calculate_user_urlconf(self): """ :return: """ middleware = FirewallMiddleware() request = self.request_factory.request() test_user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME}) test_site = Site.objects.get(domain=TEST_HOST_NAME) request.site = test_site user_rules = ContentTypeRoutingRules.objects.get( content_type=ContentType.objects.get_for_model(self.user_model_cls), object_id=test_user.pk, site=test_site ) request.user = test_user request.path_info = '/admin/' user_settings = { 'urlconf': get_generated_urlconf_module(get_generated_urlconf_file(user_rules.route.slug), False), 'allowed_http_methods': user_rules.allowed_method, 'blacklisted_uri': None, 'whitelisted_uri': None, 'has_own_rules': True } result = middleware._calculate_user_urlconf(request, user_settings) expected_urlconf = get_generated_urlconf_module(get_generated_urlconf_file(TEST_USER_ROUTE_NAME), False) self.assertEqual(result, expected_urlconf) # we remove user's rules so should come from groups ContentTypeRoutingRules.objects.filter( content_type=ContentType.objects.get_for_model(self.user_model_cls), object_id=test_user.pk, site=test_site ).delete() user_settings['has_own_rules'] = False user_settings['urlconf'] = None user_settings['allowed_http_methods'] = None user_settings['groups'] = [] for group in test_user.groups.unrestricted(): user_settings['groups'].append((get_group_key(request, group), group.natural_key())) # We will trigger auth group settings from here middleware.set_auth_group_settings(request, group, False) result = middleware._calculate_user_urlconf(request, user_settings) expected_urlconf = get_generated_urlconf_module(get_generated_urlconf_file(TEST_GROUP_ROUTE_NAME), False) self.assertEqual(result, expected_urlconf) # Make sure user settings is updated self.assertEqual(len( user_settings['allowed_http_methods']), 2) self.assertEqual(tuple(user_settings['allowed_http_methods']), ('GET', 'POST', ))
def test_set_auth_user_settings(self): """""" request = self.request_factory.request() request.path_info = '/admin/' request.site = get_current_site(request) user = request.user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME}) middleware = FirewallMiddleware() middleware.set_auth_user_settings(request) user_urlconf_module = get_generated_urlconf_module(get_generated_urlconf_file(TEST_USER_ROUTE_NAME)) # Make sure cache is updated user_cache_key = get_user_key(request) self.assertEqual(self.cache.get(user_cache_key)['urlconf'], user_urlconf_module) ContentTypeRoutingRules.objects.filter(content_type=ContentType.objects.get_for_model(self.user_model_cls), object_id=user.id).delete() self.cache.clear() middleware.set_auth_user_settings(request) # Make sure cache be updated and should be None self.assertIsNone(self.cache.get(user_cache_key)['urlconf'])
def test_contenttype_http_method_filter(self): """""" request = self.request_factory.request() request.path_info = u'/admin/sites/site/' request.site = get_current_site(request) user = request.user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME}) user_key = get_user_key(request) request.session = self.SessionStore(hashlib.md5(smart_bytes(getattr(user, user.USERNAME_FIELD))).hexdigest()) request.META['HTTP_ACCEPT'] = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" middleware = FirewallMiddleware() ## # User Level Filter ## user_rules = ContentTypeRoutingRules.objects.get( site=request.site, content_type=ContentType.objects.get_for_model(self.user_model_cls), object_id=user.pk ) user_rules.allowed_method = ['GET', 'HEAD'] user_rules.save() request.method = 'POST' response = middleware.process_request(request) # Should not be None self.assertIsNotNone(response) self.assertEqual(response.status_code, 405) self.assertIn(request.method, smart_text(response.content)) self.cache.clear() request.session.clear() request.method = 'HEAD' response = middleware.process_request(request) # Should be None self.assertIsNone(response) ## # Group Level Filter ## user_rules.delete() self.cache.clear() request.session.clear() clean_all_lru_caches() group_rules = ContentTypeRoutingRules.objects.get( site=request.site, content_type=ContentType.objects.get_for_model(HacsGroupModel), object_id=HacsGroupModel.objects.get(name='Editors').pk ) group_rules.allowed_method = ['GET'] group_rules.save() response = middleware.process_request(request) # Should not be None self.assertIsNotNone(response) self.assertEqual(response.status_code, 405) self.assertIn(request.method, smart_text(response.content)) self.assertEqual(self.cache.get(user_key)['allowed_http_methods'], ['GET']) self.cache.clear() request.session.clear() clean_all_lru_caches() request.method = 'GET' response = middleware.process_request(request) self.assertIsNone(response)
def test_contenttype_uri_blacklist_whitelist_filter(self): """ :return: """ request = self.request_factory.request() request.path_info = u'/admin/sites/site/' request.site = get_current_site(request) request.urlconf = None user = request.user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME}) user_key = get_user_key(request) request.session = self.SessionStore(hashlib.md5(smart_bytes(getattr(user, user.USERNAME_FIELD))).hexdigest()) user_rules = ContentTypeRoutingRules.objects.get( site=request.site, content_type=ContentType.objects.get_for_model(self.user_model_cls), object_id=user.pk) user_rules.blacklisted_uri = "^a[a-zA-Z0-9/]+/sites/" user_rules.save() middleware = FirewallMiddleware() ## # User Level URI Filter Test Start ## # BlackList response = middleware.process_request(request) self.assertIsNotNone(response) self.assertEqual(response.status_code, 503) self.assertIn("503", smart_text(response.content)) request.session.clear() self.cache.clear() user_rules.blacklisted_uri = None user_rules.save() response = middleware.process_request(request) # should not return anything self.assertIsNone(response) # Whitelist user_rules.whitelisted_uri = "^a[a-zA-Z0-9/]+/sites/" user_rules.save() request.session.clear() self.cache.clear() response = middleware.process_request(request) # as match with white list so should not gives errors self.assertIsNone(response) user_rules.whitelisted_uri = "^f[a-zA-Z0-9/]+/sites/" user_rules.save() request.session.clear() self.cache.clear() response = middleware.process_request(request) self.assertIsNotNone(response) self.assertEqual(response.status_code, 503) self.assertIn("503", smart_text(response.content)) ## # Group Level URI Filter Test Start ## # BlackList request.session.clear() self.cache.clear() user_rules.delete() group_rules = ContentTypeRoutingRules.objects.get( site=request.site, content_type=ContentType.objects.get_for_model(HacsGroupModel), object_id=HacsGroupModel.objects.get(name='Editors').pk ) group_rules.blacklisted_uri = "^a[a-zA-Z0-9/]+/sites/" group_rules.save() response = middleware.process_request(request) # Should not None, as inherited from group self.assertIsNotNone(self.cache.get(user_key)['urlconf']) self.assertEqual(self.cache.get(user_key)['blacklisted_uri'], "^a[a-zA-Z0-9/]+/sites/") self.assertIsNotNone(response) self.assertEqual(response.status_code, 503) self.assertIn("503", smart_text(response.content)) request.session.clear() self.cache.clear() group_rules.blacklisted_uri = "^f[a-zA-Z0-9/]+/sites/" group_rules.save() response = middleware.process_request(request) # Should be none as blacklisted not match self.assertIsNone(response) # Whitelist request.session.clear() self.cache.clear() group_rules.blacklisted_uri = None group_rules.whitelisted_uri = "^a[a-zA-Z0-9/]+/sites/" group_rules.save() response = middleware.process_request(request) # Should be none as whitelisted not match self.assertIsNone(response) self.assertIsNotNone(self.cache.get(user_key)['urlconf']) self.assertEqual(self.cache.get(user_key)['whitelisted_uri'], "^a[a-zA-Z0-9/]+/sites/") request.session.clear() self.cache.clear() group_rules.whitelisted_uri = "^f[a-zA-Z0-9/]+/sites/" group_rules.save() response = middleware.process_request(request) self.assertIsNotNone(response) self.assertEqual(response.status_code, 503) self.assertIn("503", smart_text(response.content))
def test_site_uri_blacklist_whitelist_filter(self): """ :return: """ request = self.request_factory.request() request.urlconf = None request.path_info = u'/admin/sites/site/' request.site = get_current_site(request) user = request.user = self.user_model_cls.objects.get(**{self.user_model_cls.USERNAME_FIELD: TEST_USER_NAME}) request.session = self.SessionStore(hashlib.md5(smart_bytes(getattr(user, user.USERNAME_FIELD))).hexdigest()) middleware = FirewallMiddleware() ## # Site Level URI Filter Test Start ## # BlackList site_rules = SiteRoutingRules.objects.get(site=request.site) site_rules.blacklisted_uri = "^a[a-zA-Z0-9/]+/sites/" site_rules.save() request.META['HTTP_ACCEPT'] = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" response = middleware.process_request(request) self.assertIsNotNone(response) self.assertEqual(response.status_code, 503) self.assertIn("503", smart_text(response.content)) request.META['HTTP_ACCEPT'] = "application/json, text/javascript, */*; q=0.01" response = middleware.process_request(request) self.assertEqual(503, response.status_code) self.assertIsInstance(response, JsonResponse) self.assertEqual(json.loads(smart_text(response.content))['meta']['status'], 503) clean_all_lru_caches() HACS_SITE_CACHE.clear() site_rules.blacklisted_uri = None site_rules.save() response = middleware.process_request(request) self.assertIsNone(response) # Whitelist clean_all_lru_caches() HACS_SITE_CACHE.clear() site_rules = SiteRoutingRules.objects.get(site=request.site) site_rules.whitelisted_uri = "^a[a-zA-Z0-9/]+/sites/" site_rules.save() request.META['HTTP_ACCEPT'] = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" response = middleware.process_request(request) # pass filter, so should be None self.assertIsNone(response) clean_all_lru_caches() HACS_SITE_CACHE.clear() site_rules.whitelisted_uri = "^f[a-zA-Z0-9/]+/sites/" site_rules.save() response = middleware.process_request(request) self.assertIsNotNone(response) self.assertEqual(response.status_code, 503) self.assertIn("503", smart_text(response.content)) request.META['HTTP_ACCEPT'] = "application/json, text/javascript, */*; q=0.01" response = middleware.process_request(request) self.assertEqual(503, response.status_code) self.assertIsInstance(response, JsonResponse) self.assertEqual(json.loads(smart_text(response.content))['meta']['status'], 503)
def test_validate(self): middleware = FirewallMiddleware() # Validate self.assertTrue(middleware._validate)