def test_response_sensitive_headers_should_be_hidden(self):
responses.add(responses.POST, 'http://test.cz', body='test')
requests.post('http://test.cz', headers={'token': 'secret'})
output_logged_request = OutputLoggedRequest.objects.get()
assert_equal(output_logged_request.request_headers['token'],
'[Filtered]')
assert_equal(responses.calls[0].request.headers['token'], 'secret')
def test_response_sensitive_params_data_should_be_hidden(self):
responses.add(responses.POST, 'http://test.cz', body='test')
requests.post('http://test.cz', params={'token': 'secret'})
output_logged_request = OutputLoggedRequest.objects.get()
assert_equal(output_logged_request.queries['token'], '[Filtered]')
assert_equal(responses.calls[0].request.url,
'http://test.cz/?token=secret')
def test_response_sensitive_data_body_in_json_should_be_hidden(self):
responses.add(responses.POST, 'http://test.cz', body='test')
requests.post('http://test.cz', data=json.dumps({'password': '******'}))
output_logged_requst = OutputLoggedRequest.objects.get()
assert_in('"password": "******"', output_logged_requst.request_body)
assert_not_in('"password": "******"', output_logged_requst.request_body)
assert_in('"password": "******"', responses.calls[0].request.body)
assert_not_in('"password": "******"', responses.calls[0].request.body)
def test_response_sensitive_data_body_in_json_should_be_hidden(self):
responses.add(responses.POST, 'http://test.cz', body='test')
requests.post('http://test.cz',
data=json.dumps({'password': '******'}))
output_logged_requst = OutputLoggedRequest.objects.get()
assert_in('"password": "******"',
output_logged_requst.request_body)
assert_not_in('"password": "******"',
output_logged_requst.request_body)
assert_in('"password": "******"',
responses.calls[0].request.body)
assert_not_in('"password": "******"',
responses.calls[0].request.body)
def test_response_sensitive_params_and_url_query_together_data_should_be_logged(
self):
responses.add(responses.POST, 'http://test.cz', body='test')
requests.post('http://test.cz?a=1&a=2',
params={
'b': '6',
'a': '3',
'c': ['5']
})
output_logged_request = OutputLoggedRequest.objects.get()
assert_equal(output_logged_request.queries, {
'b': '6',
'a': ['3', '1', '2'],
'c': '5'
})
def _post(url, **kwargs):
return security.post(url, slug='spitzel', **kwargs)
def test_response_sensitive_params_and_url_query_together_data_should_be_logged(self):
responses.add(responses.POST, 'http://test.cz', body='test')
requests.post('http://test.cz?a=1&a=2', params={'b': '6', 'a': '3', 'c': ['5']})
output_logged_request = OutputLoggedRequest.objects.get()
assert_equal(output_logged_request.queries, {'b': '6', 'a': ['3', '1', '2'], 'c': '5'})
def test_response_more_sensitive_params_data_should_be_hidden(self):
responses.add(responses.POST, 'http://test.cz', body='test')
requests.post('http://test.cz', params={'token': ['secret', 'secret2']})
output_logged_request = OutputLoggedRequest.objects.get()
assert_equal(output_logged_request.queries['token'], ['[Filtered]', '[Filtered]'])
assert_equal(responses.calls[0].request.url, 'http://test.cz/?token=secret&token=secret2')
def test_response_sensitive_headers_should_be_hidden(self):
responses.add(responses.POST, 'http://test.cz', body='test')
requests.post('http://test.cz', headers={'token': 'secret'})
output_logged_request = OutputLoggedRequest.objects.get()
assert_equal(output_logged_request.request_headers['token'], '[Filtered]')
assert_equal(responses.calls[0].request.headers['token'], 'secret')
