def test_process_response_elevate_revoked_without_cookie(self):
self.login()
self.middleware.process_request(self.request)
grant_elevated_privileges(self.request)
revoke_elevated_privileges(self.request)
response = self.middleware.process_response(self.request,
HttpResponse())
morsels = list(response.cookies.items())
self.assertEqual(len(morsels), 0)
def test_process_response_elevate_revoked_removes_cookie(self):
self.login()
self.middleware.process_request(self.request)
grant_elevated_privileges(self.request)
self.request.COOKIES[COOKIE_NAME] = self.request._elevate_token
revoke_elevated_privileges(self.request)
response = self.middleware.process_response(self.request,
HttpResponse())
morsels = list(response.cookies.items())
self.assertEqual(len(morsels), 1)
self.assertEqual(morsels[0][0], COOKIE_NAME)
_, elevate = morsels[0]
# Deleting a cookie is just setting it's value to empty
# and telling it to expire
self.assertEqual(elevate.key, COOKIE_NAME)
self.assertFalse(elevate.value)
self.assertEqual(elevate['max-age'], 0)
def revoke(sender, request, **kwargs):
"""
Automatically revoke elevated privileges when logging out.
"""
revoke_elevated_privileges(request)
def test_revoked(self):
self.login()
grant_elevated_privileges(self.request)
revoke_elevated_privileges(self.request)
self.assertFalse(has_elevated_privileges(self.request))
def test_revoke_elevated_privileges(self):
self.login()
grant_elevated_privileges(self.request)
revoke_elevated_privileges(self.request)
self.assertRequestNotElevated(self.request)
def test_revoke_elevated_privileges_noop(self):
revoke_elevated_privileges(self.request)
self.assertRequestNotElevated(self.request)