def test_incorrect_key(self): AccessKey.objects.create(key="12345678901234567890", accessesLeft=1) request = self._get_request('/unlock?key=12345111111234567111') resp = RestrictAccessMiddleware().process_request(request) self.assertNotEqual(resp, None) self.assertEqual(resp.status_code, 403) self.assertNotEqual(resp._get_content().find(RestrictAccessMiddleware().PROTECTED_INCORRECT_KEY), -1)
def test_admin_correct_key(self): with self.settings(PROTECTED_ADMIN_KEY='99999999998888888888'): request = self._get_request('/protect_admin?admin_key=99999999998888888888') request.META['HTTP_HOST']="localhost:8000" request.session.sessionkey='3333333333' resp = RestrictAccessMiddleware().process_request(request) self.assertNotEqual(resp._get_content().find(RestrictAccessMiddleware().PROTECTED_NEW_ACCESSKEY_CREATED.split('{')[0]), -1)
def test_authorized_accesspage(self): WhitelistedSession.objects.create(sessionkey="1111111111", expiry=datetime.datetime.now().replace(tzinfo=timezone.utc)+datetime.timedelta(hours=1)) request = self._get_request('/unlock?key=22222222221111111111') resp = RestrictAccessMiddleware().process_request(request) self.assertNotEqual(resp, None) self.assertEqual(resp.status_code, 200) self.assertNotEqual(resp._get_content().find(RestrictAccessMiddleware().PROTECTED_ACCESS_GRANTED_ALREADY), -1)
def test_no_session(self): AccessKey.objects.create(key="12345678901234567890", accessesLeft=1) request = self._get_request('/any') request.session = None resp = RestrictAccessMiddleware().process_request(request) self.assertNotEqual(resp, None) self.assertEqual(resp.status_code, 500) self.assertNotEqual(resp._get_content().find(RestrictAccessMiddleware().PROTECTED_NO_SESSION), -1)
def test_unauthorized_no_session(self): AccessKey.objects.create(key="12345678901234567890", accessesLeft=1) WhitelistedSession.objects.create(sessionkey="111122222", expiry=datetime.datetime.now().replace(tzinfo=timezone.utc)+datetime.timedelta(hours=1)) request = self._get_request('/normalsite') resp = RestrictAccessMiddleware().process_request(request) self.assertNotEqual(resp, None) self.assertEqual(resp.status_code, 403) self.assertNotEqual(resp._get_content().find(RestrictAccessMiddleware().PROTECTED_SITE_NOT_PUBLIC_MSG), -1)
def test_incorrect_key(self): AccessKey.objects.create(key="12345678901234567890", accessesLeft=1) request = self._get_request('/unlock?key=12345111111234567111') resp = RestrictAccessMiddleware().process_request(request) self.assertNotEqual(resp, None) self.assertEqual(resp.status_code, 403) self.assertNotEqual( resp._get_content().find( RestrictAccessMiddleware().PROTECTED_INCORRECT_KEY), -1)
def test_correct_key(self): AccessKey.objects.create(key="12345678901234567890", accessesLeft=1) request = self._get_request('/unlock?key=12345678901234567890') resp = RestrictAccessMiddleware().process_request(request) self.assertEqual(resp.status_code, 200) self.assertNotEqual( resp._get_content().find( RestrictAccessMiddleware().PROTECTED_ACCESS_GRANTED.split( '{')[0]), -1)
def test_no_session(self): AccessKey.objects.create(key="12345678901234567890", accessesLeft=1) request = self._get_request('/any') request.session = None resp = RestrictAccessMiddleware().process_request(request) self.assertNotEqual(resp, None) self.assertEqual(resp.status_code, 500) self.assertNotEqual( resp._get_content().find( RestrictAccessMiddleware().PROTECTED_NO_SESSION), -1)
def test_admin_correct_key(self): with self.settings(PROTECTED_ADMIN_KEY='99999999998888888888'): request = self._get_request( '/protect_admin?admin_key=99999999998888888888') request.META['HTTP_HOST'] = "localhost:8000" request.session.sessionkey = '3333333333' resp = RestrictAccessMiddleware().process_request(request) self.assertNotEqual( resp._get_content().find(RestrictAccessMiddleware( ).PROTECTED_NEW_ACCESSKEY_CREATED.split('{')[0]), -1)
def test_admin_unauthorized(self): with self.settings(PROTECTED_ADMIN_KEY='99999999998888888888'): request = self._get_request( '/protect_admin?admin_key=22222111112222211111') request.session.sessionkey = '3333333333' resp = RestrictAccessMiddleware().process_request(request) self.assertNotEqual( resp._get_content().find( RestrictAccessMiddleware().PROTECTED_INCORRECT_ADMIN_KEY), -1)
def test_authorized_accesspage(self): WhitelistedSession.objects.create( sessionkey="1111111111", expiry=datetime.datetime.now().replace(tzinfo=timezone.utc) + datetime.timedelta(hours=1)) request = self._get_request('/unlock?key=22222222221111111111') resp = RestrictAccessMiddleware().process_request(request) self.assertNotEqual(resp, None) self.assertEqual(resp.status_code, 200) self.assertNotEqual( resp._get_content().find( RestrictAccessMiddleware().PROTECTED_ACCESS_GRANTED_ALREADY), -1)
def test_unauthorized_no_session(self): AccessKey.objects.create(key="12345678901234567890", accessesLeft=1) WhitelistedSession.objects.create( sessionkey="111122222", expiry=datetime.datetime.now().replace(tzinfo=timezone.utc) + datetime.timedelta(hours=1)) request = self._get_request('/normalsite') resp = RestrictAccessMiddleware().process_request(request) self.assertNotEqual(resp, None) self.assertEqual(resp.status_code, 403) self.assertNotEqual( resp._get_content().find( RestrictAccessMiddleware().PROTECTED_SITE_NOT_PUBLIC_MSG), -1)
def test_access_decrease(self): a = AccessKey.objects.create(key='22222222222222222222', accessesLeft=2) request = self._get_request('/unlock?key=22222222222222222222') request.session.sessionkey = '2222222222' resp = RestrictAccessMiddleware().process_request(request) acc = AccessKey.objects.get(key='22222222222222222222') self.assertEqual(acc.accessesLeft, 1)
def test_authorized(self): WhitelistedSession.objects.create( sessionkey="1111111111", expiry=datetime.datetime.now().replace(tzinfo=timezone.utc) + datetime.timedelta(hours=1)) request = self._get_request('/normalsite') resp = RestrictAccessMiddleware().process_request(request) self.assertEqual(resp, None)
def test_access_last(self): AccessKey.objects.create(key='33333333333333333333', accessesLeft=1) request = self._get_request('/unlock?key=33333333333333333333') request.session.sessionkey = '3333333333' resp = RestrictAccessMiddleware().process_request(request) try: AccessKey.objects.get(key='33333333333333333333') self.assertFalse(True, "AccessKey should be deleted.") except AccessKey.DoesNotExist: pass
class SimpleTest(TestCase): def _create_request(self, path): request = HttpRequest() request.META = { 'SERVER_NAME': 'localhost', 'SERVER_PORT': 8000, } request.path = request.path_info = path request.session = MockupSession() return request def _assertContains(self, resp, message): ''' Asserts that given response contains the given message. Response content is a template so the message should occur as template tag (eg {TEST_MSG}). ''' self.assertNotEqual(resp._get_content().find(message.split('{')[0]), -1) def _createRandomAccessKey(self, accessesLeft=1, id=None): ''' Creates an AccessKey and inserts it into the database. If no id is given a random id is generated. ''' if id and len(id) is not 20: assertFalse(True, "Length of id should be 20") if not id: idStr = "".join(random.choice(string.digits) for x in range(20)) else: if len(id) is not 20: assertFalse(True, "Length of id should be 20") idStr = id AccessKey.objects.create(key=idStr, accessesLeft=accessesLeft) return idStr def _createWhitelistedSession(self, sessionid=None): if sessionid is None: sessionid = MockupSession.TEST_SESSION_KEY WhitelistedSession.objects.create(sessionkey=sessionid, expiry=datetime.datetime.now().replace(tzinfo=timezone.utc) + datetime.timedelta(hours=1)) def setUp(self): self.mw = RestrictAccessMiddleware() pass def tearDown(self): for k in AccessKey.objects.all(): k.delete() for k in WhitelistedSession.objects.all(): k.delete() # # TEST CASES START # def test_correct_key(self): # setup id = self._createRandomAccessKey() request = self._create_request('/unlock?key=' + id) # process resp = self.mw.process_request(request) # validate self.assertEqual(resp.status_code, 200) self._assertContains(resp, self.mw.PROTECTED_ACCESS_GRANTED) def test_incorrect_key(self): # setup id = self._createRandomAccessKey() request = self._create_request('/unlock?key=' + id[:-6] + "111111") # unrecognized key # process resp = self.mw.process_request(request) # validate self.assertNotEqual(resp, None) self.assertEqual(resp.status_code, 403) self._assertContains(resp, self.mw.PROTECTED_INCORRECT_KEY) def test_unauthorized_no_session(self): # setup self._createRandomAccessKey() self._createWhitelistedSession(sessionid="9999999999") # unrecognized sessionid request = self._create_request('/normalsite') # process resp = self.mw.process_request(request) # validate self.assertNotEqual(resp, None) self.assertEqual(resp.status_code, 403) self._assertContains(resp, self.mw.PROTECTED_SITE_NOT_PUBLIC_MSG) def test_authorized(self): # setup self._createWhitelistedSession() request = self._create_request('/normalsite') # process resp = self.mw.process_request(request) # validate self.assertEqual(resp, None) def test_already_authorized_accesspage(self): # setup self._createWhitelistedSession() anykey = "22222222221111111111" request = self._create_request('/unlock?key=' + anykey) # process resp = self.mw.process_request(request) # validate self.assertNotEqual(resp, None) self.assertEqual(resp.status_code, 200) self._assertContains(resp, self.mw.PROTECTED_ACCESS_GRANTED_ALREADY) def test_access_decrease(self): # setup id = self._createRandomAccessKey(accessesLeft=2) request = self._create_request('/unlock?key=' + id) request.session.sessionkey = '2222222222' # process self.mw.process_request(request) # validate acc = AccessKey.objects.get(key=id) self.assertEqual(acc.accessesLeft, 1) def test_access_last(self): # setup id = self._createRandomAccessKey(accessesLeft=1) request = self._create_request('/unlock?key=' + id) request.session.sessionkey = '3333333333' # process self.mw.process_request(request) # validate try: AccessKey.objects.get(key=id) self.assertFalse(True, "AccessKey should be deleted.") except AccessKey.DoesNotExist: pass def test_admin_unauthorized(self): # setup with self.settings(PROTECTED_ADMIN_KEY='99999999998888888888'): request = self._create_request('/protect_admin?admin_key=22222111112222211111') request.session.sessionkey = '3333333333' # process resp = self.mw.process_request(request) # validate self._assertContains(resp, self.mw.PROTECTED_INCORRECT_ADMIN_KEY) def test_admin_correct_key(self): # setup adminkey = '99999999998888888888' with self.settings(PROTECTED_ADMIN_KEY=adminkey): request = self._create_request('/protect_admin?admin_key=' + adminkey) request.META['HTTP_HOST'] = "localhost:8000" request.session.sessionkey = '3333333333' # process resp = self.mw.process_request(request) # validate self._assertContains(resp, self.mw.PROTECTED_NEW_ACCESSKEY_CREATED) def test_no_session(self): # setup self._createRandomAccessKey(accessesLeft=1) request = self._create_request('/any') request.session = None # process resp = self.mw.process_request(request) # validate self.assertNotEqual(resp, None) self.assertEqual(resp.status_code, 500) self._assertContains(resp, self.mw.PROTECTED_NO_SESSION)
def test_correct_key(self): AccessKey.objects.create(key="12345678901234567890", accessesLeft=1) request = self._get_request('/unlock?key=12345678901234567890') resp = RestrictAccessMiddleware().process_request(request) self.assertEqual(resp.status_code, 200) self.assertNotEqual(resp._get_content().find(RestrictAccessMiddleware().PROTECTED_ACCESS_GRANTED.split('{')[0]), -1)
def setUp(self): self.mw = RestrictAccessMiddleware() pass
def test_admin_unauthorized(self): with self.settings(PROTECTED_ADMIN_KEY='99999999998888888888'): request = self._get_request('/protect_admin?admin_key=22222111112222211111') request.session.sessionkey='3333333333' resp = RestrictAccessMiddleware().process_request(request) self.assertNotEqual(resp._get_content().find(RestrictAccessMiddleware().PROTECTED_INCORRECT_ADMIN_KEY), -1)