def update(self, request, workspace_id):
user = get_user_authentication(request)
content_type = request.META.get('CONTENT_TYPE', '')
if content_type == None:
content_type = ''
if content_type.startswith('application/json'):
received_json = request.raw_post_data
else:
received_json = PUT_parameter(request, 'variables')
if not received_json:
return HttpResponseBadRequest(get_xml_error(_("variables JSON expected")), mimetype='application/xml; charset=UTF-8')
try:
variables = simplejson.loads(received_json)
igadgetVariables = variables['igadgetVars']
variables_to_notify = []
for igVar in igadgetVariables:
variables_to_notify += set_variable_value(igVar['id'], user, igVar['value'])
data = {'igadgetVars': variables_to_notify}
return HttpResponse(json_encode(data), mimetype='application/json; charset=UTF-8')
except Exception, e:
transaction.rollback()
msg = _("cannot update variables: ") + unicode(e)
raise TracedServerError(e, received_json, request, msg)
def test_secure_data_using_cookies(self):
set_variable_value(1, self.user, 'test_password')
self.assertTrue(VariableValue.objects.get(pk=1).value != 'test_password')
client = Client()
client.login(username='******', password='******')
EZWEB_PROXY._do_request.reset()
EZWEB_PROXY._do_request.set_echo_response('http://example.com/path')
pass_ref = '1/password'
user_ref = '1/username'
secure_data_header = 'action=data, substr=|password|, var_ref=' + pass_ref
secure_data_header += '&action=data, substr=|username|, var_ref=' + user_ref
client.cookies['X-EzWeb-Secure-Data'] = secure_data_header
response = client.post('/proxy/http/example.com/path',
'username=|username|&password=|password|',
content_type='application/x-www-form-urlencoded',
HTTP_HOST='localhost',
HTTP_REFERER='http://localhost')
self.assertEquals(response.status_code, 200)
self.assertEquals(response.content, 'username=test_username&password=test_password')
secure_data_header = 'action=basic_auth, user_ref=' + user_ref + ', pass_ref=' + pass_ref
client.cookies['X-EzWeb-Secure-Data'] = secure_data_header
response = client.post('/proxy/http/example.com/path',
'username=|username|&password=|password|',
content_type='application/x-www-form-urlencoded',
HTTP_HOST='localhost',
HTTP_REFERER='http://localhost')
self.assertEquals(response.status_code, 200)
self.assertEquals(response.content, 'username=|username|&password=|password|')
# Secure data header with empty parameters
secure_data_header = 'action=basic_auth, user_ref=, pass_ref='
client.cookies['X-EzWeb-Secure-Data'] = secure_data_header
response = client.post('/proxy/http/example.com/path',
'username=|username|&password=|password|',
content_type='application/x-www-form-urlencoded',
HTTP_HOST='localhost',
HTTP_REFERER='http://localhost')
self.assertEquals(response.status_code, 200)
def test_secure_data(self):
set_variable_value(1, self.user, 'test_password')
self.assertTrue(VariableValue.objects.get(pk=1).value != 'test_password')
client = Client()
client.login(username='******', password='******')
EZWEB_PROXY._do_request.reset()
EZWEB_PROXY._do_request.set_echo_response('http://example.com/path')
pass_ref = '1/password'
user_ref = '1/username'
secure_data_header = 'action=data, substr=|password|, var_ref=' + pass_ref
secure_data_header += '&action=data, substr=|username|, var_ref=' + user_ref
response = client.post('/proxy/http/example.com/path',
'username=|username|&password=|password|',
content_type='application/x-www-form-urlencoded',
HTTP_HOST='localhost',
HTTP_REFERER='http://localhost',
HTTP_X_EZWEB_SECURE_DATA=secure_data_header)
self.assertEquals(response.status_code, 200)
self.assertEquals(response.content, 'username=test_username&password=test_password')
secure_data_header = 'action=basic_auth, user_ref=' + user_ref + ', pass_ref=' + pass_ref
response = client.post('/proxy/http/example.com/path',
'username=|username|&password=|password|',
content_type='application/x-www-form-urlencoded',
HTTP_HOST='localhost',
HTTP_REFERER='http://localhost',
HTTP_X_EZWEB_SECURE_DATA=secure_data_header)
self.assertEquals(response.status_code, 200)
self.assertEquals(response.content, 'username=|username|&password=|password|')
# Secure data header using constants
EZWEB_PROXY._do_request.reset()
EZWEB_PROXY._do_request.set_echo_response('http://example.com/path')
secure_data_header = 'action=data, substr=|password|, var_ref=c/test_password'
secure_data_header += '&action=data, substr=|username|, var_ref=c/test_username'
response = client.post('/proxy/http/example.com/path',
'username=|username|&password=|password|',
content_type='application/x-www-form-urlencoded',
HTTP_HOST='localhost',
HTTP_REFERER='http://localhost',
HTTP_X_EZWEB_SECURE_DATA=secure_data_header)
self.assertEquals(response.status_code, 200)
self.assertEquals(response.content, 'username=test_username&password=test_password')
# Secure data header using encoding=url
EZWEB_PROXY._do_request.reset()
EZWEB_PROXY._do_request.set_echo_response('http://example.com/path')
secure_data_header = 'action=data, substr=|password|, var_ref=c%2Fa%3D%2C%20z , encoding=url'
secure_data_header += '&action=data, substr=|username|, var_ref=c%2Fa%3D%2C%20z'
response = client.post('/proxy/http/example.com/path',
'username=|username|&password=|password|',
content_type='application/x-www-form-urlencoded',
HTTP_HOST='localhost',
HTTP_REFERER='http://localhost',
HTTP_X_EZWEB_SECURE_DATA=secure_data_header)
self.assertEquals(response.status_code, 200)
self.assertEquals(response.content, 'username=a=, z&password=a%3D%2C%20z')
# Secure data header with empty parameters
secure_data_header = 'action=basic_auth, user_ref=, pass_ref='
response = client.post('/proxy/http/example.com/path',
'username=|username|&password=|password|',
content_type='application/x-www-form-urlencoded',
HTTP_HOST='localhost',
HTTP_REFERER='http://localhost',
HTTP_X_EZWEB_SECURE_DATA=secure_data_header)
self.assertEquals(response.status_code, 422)
