def test_login_success(self):
cookies = {'PHPSESSID': 1111, ACCESS_TOKEN_COOKIE_KEY: self.generate_access_token()}
client = Client(HTTP_COOKIE=SimpleCookie(cookies).output(header='', sep='; '))
api = StoreApi()
with requests_mock.mock() as m:
m.get(api._make_url(StoreApi.ACCOUNT_INFO), json={'result': {'idx': 1, 'id': 'testuser'}})
response = client.get(reverse('account:login'), secure=True)
self.assertEqual(response.status_code, 302)
self.assertEqual(response.url, '/')
def logout(self) -> None:
"""Log out the user by removing the cookies and session object."""
request = HttpRequest()
engine: SessionStore = import_module(settings.SESSION_ENGINE)
if self.session:
request.session = self.session
request.user = auth.get_user(request)
else:
request.session = engine.SessionStore()
auth.logout(request)
self.cookies = SimpleCookie()
def simulate_simple_authentication(factory, client, email, password, path, add_messages_middleware, views):
auth_request = factory.post('/sessions/')
add_messages_middleware(auth_request)
auth_response = views.sessions_index(auth_request,
email=email,
password=password,
path=path)
# Add auth token cookie to request
auth_token = auth_response.cookies['auth_token'].value
client.cookies = SimpleCookie({'auth_token': auth_token})
def test_pickle(self):
rawdata = 'Customer="WILE_E_COYOTE"; Path=/acme; Version=1'
expected_output = 'Set-Cookie: %s' % rawdata
C = SimpleCookie()
C.load(rawdata)
self.assertEqual(C.output(), expected_output)
for proto in range(pickle.HIGHEST_PROTOCOL + 1):
C1 = pickle.loads(pickle.dumps(C, protocol=proto))
self.assertEqual(C1.output(), expected_output)
def test_encode(self):
"""
Test that we don't output tricky characters in encoded value
"""
# Python 2.4 compatibility note: Python 2.4's cookie implementation
# always returns Set-Cookie headers terminating in semi-colons.
# That's not the bug this test is looking for, so ignore it.
c = SimpleCookie()
c['test'] = "An,awkward;value"
self.assertTrue(";" not in c.output().rstrip(';')) # IE compat
self.assertTrue("," not in c.output().rstrip(';')) # Safari compat
def test_existing(client):
""" When requesting with existing door device secret this is loaded """
door_device = DoorDeviceFactory()
client.cookies = SimpleCookie({'screen_secret': door_device.secret})
response = client.get(reverse('screen'))
assert response.status_code == 200
assert response.context['device'] == door_device
assert response.cookies['screen_secret'].value == door_device.secret
assert DoorDevice.objects.count() == 1
def logout(self):
"""
Removes the authenticated user's cookies and session object.
Causes the authenticated user to be logged out.
"""
session = import_module(settings.SESSION_ENGINE).SessionStore()
session_cookie = self.cookies.get(settings.SESSION_COOKIE_NAME)
if session_cookie:
session.delete(session_key=session_cookie.value)
self.cookies = SimpleCookie()
def post_request(self, page, lang, data, path=None):
if not path:
path = page.get_path(lang)
request = self.request_factory.post(path, data)
request.current_page = page
request.user = self.user
request.session = {}
request.cookies = SimpleCookie()
request.errors = StringIO()
request._dont_enforce_csrf_checks = True
return request
def test_no_page(self):
request = self.request_factory.get('/en/sample/login/')
request.user = self.user
request.session = {}
request.cookies = SimpleCookie()
request.errors = StringIO()
# when config is requested on a non-CMS url, just return empty data
with self.settings(ROOT_URLCONF='cms.test_utils.project.urls'):
config = get_app_instance(request)
self.assertEqual((u'', None), config)
def test_delete_not_owner(self):
"""Testing the DELETE <URL> API when not logged in"""
self.load_fixtures(self.basic_delete_fixtures)
url, cb_args = self.setup_basic_delete_test(self.user, False, None)
self.client.logout()
self.client.cookies = SimpleCookie()
rsp = self.api_delete(url, expected_status=401)
self.assertEqual(rsp['stat'], 'fail')
self.assertEqual(rsp['err']['code'], NOT_LOGGED_IN.code)
def logout(self):
"""Log out the user by removing the cookies and session object."""
from django.contrib.auth import get_user, logout
request = HttpRequest()
if self.session:
request.session = self.session
request.user = get_user(request)
else:
engine = import_module(settings.SESSION_ENGINE)
request.session = engine.SessionStore()
logout(request)
self.cookies = SimpleCookie()
def list_view_test(test_case, resource_name):
with patch('custom_admin.services.auth.is_authenticated') as is_authenticated:
is_authenticated.return_value = True
with patch('custom_admin.services.lists.get_paginator') as paginator:
paginator.return_value = static_paginator
mock_fail_get_list = extract_mock_file('fail_list', resource_name[:-1])
with patch('custom_admin.services.lists.requests.get') as mocked_get:
mocked_get.return_value.json = lambda: mock_fail_get_list
mocked_get.return_value.status_code = 500
test_case.client.cookies = SimpleCookie({'token': token})
resp = test_case.client.get(reverse('custom_admin:{}'.format(resource_name)))
test_case.assertIs(resp.status_code, 200)
test_case.assertTemplateUsed(resp, 'custom_admin/error_page.html')
test_case.assertDictEqual(resp.context['msg'], {
'error_message': 'failed to get {}'.format(resource_name),
'response': mock_fail_get_list,
})
with patch('custom_admin.services.lists.requests.get') as mocked_get:
mocked_get.return_value.json = lambda: extract_mock_file('list', resource_name[:-1])
mocked_get.return_value.status_code = 200
test_case.client.cookies = SimpleCookie({'token': token})
resp = test_case.client.get(reverse('custom_admin:{}'.format(resource_name)))
test_case.assertIs(resp.status_code, 200)
test_case.assertTemplateUsed(resp, 'custom_admin/list_items.html')
result = get_result('list', resource_name[:-1])
for key, val in result.items():
if type(val) == list:
test_case.assertListEqual(list(resp.context[key]), list(val))
else:
test_case.assertEqual(resp.context[key], val)
def test_bypass_maintenance_by_cookie(self):
settings_cookie = 'some_cookie_value'
with self.settings(MIDDLEWARE_CLASSES=self.MIDDLEWARE_CLASSES,
INSTALLED_APPS=self.INSTALLED_APPS,
MAINTENANCE_BYPASS_COOKIE=settings_cookie):
self._activate(verbosity=1)
response = self.client.get('/admin/')
self.assertEqual(response.status_code, 302)
self.client.cookies = SimpleCookie(
{'django_maintenance_bypass_cookie': settings_cookie})
response = self.client.get('/admin/')
self.assertEqual(response.status_code, 200)
def process_request(self, request):
domain = request.META.get('HTTP_HOST', '')
mobile_domain = settings.OPPS_DOMAIN_MOBILE
current_cookie = request.COOKIES.get('template_mode', None)
template_mode = request.GET.get('template_mode', None)
THREAD_LOCALS.template_dirs = settings.TEMPLATE_DIRS_WEB
if hasattr(request, "is_mobile"):
agent_is_mobile = request.is_mobile
else:
agent_is_mobile = is_mobile_agent(request)
domain_is_mobile = domain == mobile_domain
request_is_mobile = agent_is_mobile and domain_is_mobile
if not template_mode and not current_cookie:
if domain_is_mobile:
template_mode = u'mobile'
else:
return
if request_is_mobile and template_mode == u'desktop':
prot = settings.OPPS_PROTOCOL_WEB
web_domain = settings.OPPS_DOMAIN_WEB
url = u"{}://{}/?template_mode=desktop".format(prot, web_domain)
return HttpResponseRedirect(url)
elif not request_is_mobile and template_mode == u'mobile':
prot = settings.OPPS_PROTOCOL_MOBILE
url = u"{}://{}/?template_mode=mobile".format(prot, mobile_domain)
# set cache prefix randon in mobile device
settings.CACHE_MIDDLEWARE_KEY_PREFIX = u"opps_site-{}-{}".format(
settings.SITE_ID, random.getrandbits(32))
return HttpResponseRedirect(url)
request._resp_cookies = SimpleCookie()
request.set_cookie = MethodType(_set_cookie, request, HttpRequest)
request.delete_cookie = MethodType(
_delete_cookie, request, HttpRequest
)
if template_mode:
request.set_cookie('template_mode', template_mode)
current_cookie = template_mode
if current_cookie and current_cookie.strip().lower() == u"mobile":
THREAD_LOCALS.template_dirs = settings.TEMPLATE_DIRS_MOBILE
def test_logout03(self):
# Iniciar sesión via ajax.
response = self.client.post('/auth/login',
self.credentials,
follow=True)
self.assertTrue('sessionid' in response.cookies,
"La respuesta no contiene la cookie de sesión.")
sessionid = response.cookies['sessionid']
# Cerrar sesión
response = self.client.get('/auth/logout', follow=True)
self.assertEqual("", response.cookies['sessionid'].value,
"No se eliminó la cookie de sesión.")
# No debería estar autenticado
self.client.cookies = SimpleCookie({'sessionid': sessionid})
response = self.client.get('/buscar')
self.assertFalse(response.context['user'].is_authenticated)
# Iniciar sesión en la pagina de ingresar
data = {
'usuario': self.credentials['usuario'],
'contrasenia': self.credentials['password'],
'accion': 'login'
}
response = self.client.post('/ingresar', data, follow=True)
# Cerrar sesión
response = self.client.get('/auth/logout', follow=True)
self.assertEqual("", response.cookies['sessionid'].value,
"No se eliminó la cookie de sesión.")
# No debería estar autenticado
self.client.cookies = SimpleCookie({'sessionid': sessionid})
response = self.client.get('/buscar')
self.assertFalse(response.context['user'].is_authenticated)
def test_fetch_demo_manifest_en(self, resource_kind, api_client):
"""测试获取资源列表接口(英文版)"""
api_client.cookies = SimpleCookie(
{settings.LANGUAGE_COOKIE_NAME: 'en-US'})
response = api_client.get(
f'{self.common_prefix}/manifests/?kind={resource_kind}')
assert resource_kind == getitems(response.json(), 'data.kind')
assert response.json()['code'] == 0
if resource_kind not in [
K8sResourceKind.HorizontalPodAutoscaler.value,
K8sResourceKind.CustomObject.value
]:
assert response.json(
)['data']['items'][0]['alias'] == f'{resource_kind} Simple Demo'
def test_cache_headers_with_bad_auth(client, case):
# visiting homepage when logged out is cached ...
response = client.get(reverse('home'))
assert is_cached(response)
# ... but visiting with a bad Authorization header is not cached
client.credentials(HTTP_AUTHORIZATION='Token fake')
response = client.get(reverse('home'))
assert not is_cached(response)
# ... and visiting with a bad session cookie is not cached
client.credentials()
client.cookies = SimpleCookie({settings.SESSION_COOKIE_NAME: 'fake'})
response = client.get(reverse('home'))
assert not is_cached(response)
def test_extension_uninstalled_hook(self):
cid = "{}.{}".format(mommy.random_gen.gen_integer(0),
mommy.random_gen.gen_integer(0))
cid_cookie_val = "{}.{}".format(CID_COOKIE_PREFIX, cid)
self.client.cookies = SimpleCookie(
{ga_cookies.CID_COOKIE: cid_cookie_val})
mocked_consumer_instance = MagicMock()
with patch('apps.analytics.views.GAConsumer',
return_value=mocked_consumer_instance) as MockGAConsumer:
response = self.client.get(self.extension_installed_url)
self.assertEqual(response.status_code, 200)
MockGAConsumer.assert_called_once_with(cid)
mocked_consumer_instance.send_event_extension_uninstalled.assert_called_once_with(
)
def get_request(self, page, lang):
"""
Create a GET request for the given page and language
:param page: current page object
:param lang: request language
:return: request
"""
request = self.request_factory.get(page.get_path(lang))
request.current_page = page
request.user = self.user
request.session = {}
request.cookies = SimpleCookie()
request.errors = StringIO()
return request
def post_request(self, page, lang, data):
"""
Create a POST request for the given page and language with CSRF disabled
:param page: current page object
:param lang: request language
:return: request
"""
request = self.request_factory.post(page.get_path(lang), data)
request.current_page = page
request.user = self.user
request.session = {}
request.cookies = SimpleCookie()
request.errors = StringIO()
request._dont_enforce_csrf_checks = True
return request
def artificial_login(**credentials):
from django.contrib.auth import authenticate, login
cookies = SimpleCookie()
user = authenticate(**credentials)
engine = import_module(settings.SESSION_ENGINE)
# Create a fake request that goes through request middleware
request = WSGIRequest({
"HTTP_COOKIE": cookies.output(header="", sep=";"),
"PATH_INFO": "/",
"REMOTE_ADDR": "127.0.0.1",
"REQUEST_METHOD": "GET",
"SCRIPT_NAME": "",
"SERVER_NAME": "testserver",
"SERVER_PORT": "80",
"SERVER_PROTOCOL": "HTTP/1.1",
"wsgi.version": (1, 0),
"wsgi.url_scheme": "http",
"wsgi.input": BytesIO(),
"wsgi.errors": BytesIO(),
"wsgi.multiprocess": True,
"wsgi.multithread": False,
"wsgi.run_once": False,
})
request.session = engine.SessionStore()
login(request, user)
# Save the session values.
request.session.save()
# Set the cookie to represent the session.
session_cookie = settings.SESSION_COOKIE_NAME
cookies[session_cookie] = request.session.session_key
cookie_data = {
"max-age": None,
"path": "/",
"domain": settings.SESSION_COOKIE_DOMAIN,
"secure": settings.SESSION_COOKIE_SECURE or None,
"expires": None,
}
cookies[session_cookie].update(cookie_data)
return {
session_cookie: cookies[session_cookie].value,
settings.CSRF_COOKIE_NAME: csrf._get_new_csrf_key(),
}
def artificial_login(**credentials):
from django.contrib.auth import authenticate, login
cookies = SimpleCookie()
user = authenticate(**credentials)
engine = import_module(settings.SESSION_ENGINE)
# Create a fake request that goes through request middleware
request = WSGIRequest({
'HTTP_COOKIE': cookies.output(header='', sep=';'),
'PATH_INFO': str('/'),
'REMOTE_ADDR': str('127.0.0.1'),
'REQUEST_METHOD': str('GET'),
'SCRIPT_NAME': str(''),
'SERVER_NAME': str('testserver'),
'SERVER_PORT': str('80'),
'SERVER_PROTOCOL': str('HTTP/1.1'),
'wsgi.version': (1, 0),
'wsgi.url_scheme': str('http'),
'wsgi.input': BytesIO(),
'wsgi.errors': BytesIO(),
'wsgi.multiprocess': True,
'wsgi.multithread': False,
'wsgi.run_once': False,
})
request.session = engine.SessionStore()
login(request, user)
# Save the session values.
request.session.save()
# Set the cookie to represent the session.
session_cookie = settings.SESSION_COOKIE_NAME
cookies[session_cookie] = request.session.session_key
cookie_data = {
'max-age': None,
'path': '/',
'domain': settings.SESSION_COOKIE_DOMAIN,
'secure': settings.SESSION_COOKIE_SECURE or None,
'expires': None,
}
cookies[session_cookie].update(cookie_data)
return {
session_cookie: cookies[session_cookie].value,
settings.CSRF_COOKIE_NAME: csrf._get_new_csrf_key(),
}
def logout(self):
"""
Removes the authenticated user's cookies and session object.
Causes the authenticated user to be logged out.
"""
from django.contrib.auth import get_user, logout
request = HttpRequest()
engine = import_module(settings.SESSION_ENGINE)
if self.session:
request.session = self.session
request.user = get_user(request)
else:
request.session = engine.SessionStore()
logout(request)
self.cookies = SimpleCookie()
def test_logout03(self):
# Iniciar sesión.
response = self.client.post('/auth/login',
self.credentials,
follow=True)
self.assertTrue('sessionid' in response.cookies,
"La respuesta no contiene la cookie de sesión.")
sessionid = response.cookies['sessionid']
# Cerrar sesión
response = self.client.get('/auth/logout', follow=True)
self.assertEqual("", response.cookies['sessionid'].value,
"No se eliminó la cookie de sesión.")
# No debería estar autenticado
self.client.cookies = SimpleCookie({'sessionid': sessionid})
response = self.client.get('/buscar')
self.assertFalse(response.context['user'].is_authenticated)
def logout(self):
"""
Removes the authenticated user's cookies and session object.
Causes the authenticated user to be logged out.
"""
request = HttpRequest()
engine = import_module(settings.SESSION_ENGINE)
UserModel = get_user_model()
if self.session:
request.session = self.session
uid = self.session.get("_auth_user_id")
if uid:
request.user = UserModel._default_manager.get(pk=uid)
else:
request.session = engine.SessionStore()
logout(request)
self.cookies = SimpleCookie()
def _prepare_request(self,
request,
page,
user,
lang,
use_middlewares,
use_toolbar=False,
secure=False):
from django.contrib.auth.models import AnonymousUser
from importlib import import_module
engine = import_module(settings.SESSION_ENGINE)
request.current_page = SimpleLazyObject(lambda: page)
if not user:
if self._login_context:
user = self._login_context.user
else:
user = AnonymousUser()
if user.is_authenticated:
session_key = user._meta.pk.value_to_string(user)
else:
session_key = 'session_key'
request.user = user
request._cached_user = user
request.session = engine.SessionStore(session_key)
if secure:
request.environ['SERVER_PORT'] = str('443')
request.environ['wsgi.url_scheme'] = str('https')
request.cookies = SimpleCookie()
request.errors = StringIO()
request.LANGUAGE_CODE = lang
if request.method == 'POST':
request._dont_enforce_csrf_checks = True
# Let's use middleware in case requested, otherwise just use CMS toolbar if needed
if use_middlewares:
self._apply_middlewares(request)
elif use_toolbar:
from cms.middleware.toolbar import ToolbarMiddleware
mid = ToolbarMiddleware()
mid.process_request(request)
return request
def _prepare_request(self,
request,
page,
user,
lang,
use_middlewares,
use_toolbar=False,
secure=False):
from django.contrib.auth.models import AnonymousUser
request.current_page = SimpleLazyObject(lambda: page)
if not user:
if self._login_context:
user = self._login_context.user
else:
user = AnonymousUser()
request.user = user
request._cached_user = user
request.session = {}
if secure:
request.environ['SERVER_PORT'] = str('443')
request.environ['wsgi.url_scheme'] = str('https')
if user.is_authenticated():
request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
request.cookies = SimpleCookie()
request.errors = StringIO()
request.LANGUAGE_CODE = lang
if request.method == 'POST':
request._dont_enforce_csrf_checks = True
# Let's use middleware in case requested, otherwise just use CMS toolbar if needed
if use_middlewares:
handler = BaseHandler()
handler.load_middleware()
for middleware_method in handler._request_middleware:
if middleware_method(request):
raise Exception('Couldn\'t create request mock object -'
'request middleware returned a response')
elif use_toolbar:
from cms.middleware.toolbar import ToolbarMiddleware
mid = ToolbarMiddleware()
mid.process_request(request)
return request
def get_request(self, path, user, lang, secure=False):
from django.contrib.auth.models import AnonymousUser
request = self.request_factory.get(path, secure=secure)
if not user:
user = AnonymousUser()
request.user = user
request._cached_user = user
request.session = {}
if secure:
request.environ['SERVER_PORT'] = str('443')
request.environ['wsgi.url_scheme'] = str('https')
if callable_or_bool(user.is_authenticated):
request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
request.cookies = SimpleCookie()
request.errors = StringIO()
request.LANGUAGE_CODE = lang
if request.method == 'POST':
request._dont_enforce_csrf_checks = True
return request
def logout(self):
"""
Removes the authenticated user's cookies and session object.
Causes the authenticated user to be logged out.
"""
# Create a fake request that goes through request middleware
request = self.request().request_instance
engine = import_module(settings.SESSION_ENGINE)
UserModel = get_user_model()
if self.session:
request.session = self.session
uid = self.session.get("_auth_user_id")
if uid:
request.user = UserModel._default_manager.get(pk=uid)
else:
request.session = engine.SessionStore()
logout(request)
self.cookies = SimpleCookie()
def test_not_refresh_but_success(self):
class req:
user = self.user
client = self.client
scopes = ['all']
at = JwtHandler.generate(req)
response = Client().post(reverse('ridi:token'),
HTTP_HOST=GeneralConfig.get_site_domain(),
HTTP_COOKIE=SimpleCookie({
'ridi-at': at
}).output(header='', sep='; '),
secure=True)
self.assertEqual(response.status_code, 200)
data = json.dumps(response.content.decode('utf8'))
self.assertIn('expires_at', data)
self.assertIn('expires_in', data)
