def test_disable_sanity_checks(self):
# If BROWSERID_DISABLE_SANITY_CHECKS is True, do not run any
# checks.
request = self.factory.get('/')
request.is_secure = Mock(return_value=False)
with patch('django_browserid.base.logger.warning') as warning:
base.sanity_checks(request)
ok_(not warning.called)
def test_sanity_session_cookie(self):
# If SESSION_COOKIE_SECURE == True and the current request isn't
# https, log a debug message warning about it.
request = self.factory.get('/')
request.is_secure = Mock(return_value=False)
with patch('django_browserid.base.logger.warning') as warning:
base.sanity_checks(request)
ok_(warning.called)
def test_sanity_session_cookie(self):
# If SESSION_COOKIE_SECURE == True and the current request isn't
# https, log a debug message warning about it.
request = self.factory.get('/')
request.is_secure = Mock(return_value=False)
with patch('django_browserid.base.logger.warning') as warning:
base.sanity_checks(request)
ok_(warning.called)
def test_sanity_csp(self, warning):
# If the django-csp middleware is present and Persona isn't
# allowed by CSP, log a debug message warning about it.
request = self.factory.get('/')
# Test if allowed properly.
with self.settings(CSP_DEFAULT_SRC=[],
CSP_SCRIPT_SRC=['https://login.persona.org'],
CSP_FRAME_SRC=['https://login.persona.org']):
base.sanity_checks(request)
ok_(not warning.called)
warning.reset_mock()
# Test fallback to default-src.
with self.settings(CSP_DEFAULT_SRC=['https://login.persona.org'],
CSP_SCRIPT_SRC=[],
CSP_FRAME_SRC=[]):
base.sanity_checks(request)
ok_(not warning.called)
warning.reset_mock()
# Test incorrect csp.
with self.settings(CSP_DEFAULT_SRC=[],
CSP_SCRIPT_SRC=[],
CSP_FRAME_SRC=[]):
base.sanity_checks(request)
ok_(warning.called)
warning.reset_mock()
# Test partial incorrectness.
with self.settings(CSP_DEFAULT_SRC=[],
CSP_SCRIPT_SRC=['https://login.persona.org'],
CSP_FRAME_SRC=[]):
base.sanity_checks(request)
ok_(warning.called)
def test_sanity_csp(self, warning):
# If the django-csp middleware is present and Persona isn't
# allowed by CSP, log a debug message warning about it.
request = self.factory.get('/')
# Test if allowed properly.
with self.settings(CSP_DEFAULT_SRC=[],
CSP_SCRIPT_SRC=['https://login.persona.org'],
CSP_FRAME_SRC=['https://login.persona.org']):
base.sanity_checks(request)
ok_(not warning.called)
warning.reset_mock()
# Test fallback to default-src.
with self.settings(CSP_DEFAULT_SRC=['https://login.persona.org'],
CSP_SCRIPT_SRC=[],
CSP_FRAME_SRC=[]):
base.sanity_checks(request)
ok_(not warning.called)
warning.reset_mock()
# Test incorrect csp.
with self.settings(CSP_DEFAULT_SRC=[],
CSP_SCRIPT_SRC=[],
CSP_FRAME_SRC=[]):
base.sanity_checks(request)
ok_(warning.called)
warning.reset_mock()
# Test partial incorrectness.
with self.settings(CSP_DEFAULT_SRC=[],
CSP_SCRIPT_SRC=['https://login.persona.org'],
CSP_FRAME_SRC=[]):
base.sanity_checks(request)
ok_(warning.called)
def test_disable_sanity_checks(self):
"""
If BROWSERID_DISABLE_SANITY_CHECKS is True, do not run any
checks.
"""
request = self.factory.get('/')
ok_(not base.sanity_checks(request))
def test_debug_false(self):
"""
If DEBUG is True and BROWSERID_DISABLE_SANITY_CHECKS is not set,
run the checks.
"""
request = self.factory.get('/')
ok_(not base.sanity_checks(request))
def test_disable_sanity_checks(self):
"""
If BROWSERID_DISABLE_SANITY_CHECKS is True, do not run any
checks.
"""
request = self.factory.get('/')
self.assertTrue(not base.sanity_checks(request))
def test_debug_false(self):
"""
If DEBUG is True and BROWSERID_DISABLE_SANITY_CHECKS is not set,
run the checks.
"""
request = self.factory.get('/')
self.assertTrue(not base.sanity_checks(request))
def test_unset_csp(self, warning):
"""Check for errors when CSP settings aren't specified."""
request = self.factory.get('/')
correct = ['https://login.persona.org']
setting_kwargs = {
'CSP_DEFAULT_SRC': correct,
'CSP_SCRIPT_SRC': correct,
'CSP_FRAME_SRC': correct
}
# There's no easy way to use a variable for deleting the
# attribute on the settings object, so we can't easily turn this
# into a function, sadly.
with self.settings(**setting_kwargs):
del settings.CSP_DEFAULT_SRC
base.sanity_checks(request)
ok_(not warning.called)
warning.reset_mock()
with self.settings(**setting_kwargs):
del settings.CSP_FRAME_SRC
base.sanity_checks(request)
ok_(not warning.called)
warning.reset_mock()
with self.settings(**setting_kwargs):
del settings.CSP_SCRIPT_SRC
base.sanity_checks(request)
ok_(not warning.called)
warning.reset_mock()
def test_unset_csp(self, warning):
"""Check for errors when CSP settings aren't specified."""
request = self.factory.get('/')
correct = ['https://login.persona.org']
setting_kwargs = {
'CSP_DEFAULT_SRC': correct,
'CSP_SCRIPT_SRC': correct,
'CSP_FRAME_SRC': correct
}
# There's no easy way to use a variable for deleting the
# attribute on the settings object, so we can't easily turn this
# into a function, sadly.
with self.settings(**setting_kwargs):
del settings.CSP_DEFAULT_SRC
base.sanity_checks(request)
self.assertTrue(not warning.called)
warning.reset_mock()
with self.settings(**setting_kwargs):
del settings.CSP_FRAME_SRC
base.sanity_checks(request)
self.assertTrue(not warning.called)
warning.reset_mock()
with self.settings(**setting_kwargs):
del settings.CSP_SCRIPT_SRC
base.sanity_checks(request)
self.assertTrue(not warning.called)
warning.reset_mock()
def dispatch(self, request, *args, **kwargs):
"""
Run some sanity checks on the request prior to dispatching it.
"""
sanity_checks(request)
return super(Verify, self).dispatch(request, *args, **kwargs)
def test_disable_sanity_checks(self):
# If BROWSERID_DISABLE_SANITY_CHECKS is True, do not run any
# checks.
request = self.factory.get('/')
ok_(not base.sanity_checks(request))
def test_debug_false(self):
# If DEBUG is True and BROWSERID_DISABLE_SANITY_CHECKS is not
# set, run the checks.
request = self.factory.get('/')
ok_(not base.sanity_checks(request))
def dispatch(self, request, *args, **kwargs):
"""
Run some sanity checks on the request prior to dispatching it.
"""
sanity_checks(request)
return super(Verify, self).dispatch(request, *args, **kwargs)
def test_debug_true(self):
# If DEBUG is True and BROWSERID_DISABLE_SANITY_CHECKS is not
# set, run the checks.
request = self.factory.get('/')
ok_(base.sanity_checks(request))
