def test_response_sensitive_data_body_in_json_should_be_hidden(self): responses.add(responses.POST, 'http://test.cz', body='test') requests.post('http://test.cz', data=json.dumps({'password': '******'})) output_logged_requst = OutputLoggedRequest.objects.get() assert_in('"password": "******"', output_logged_requst.request_body) assert_not_in('"password": "******"', output_logged_requst.request_body) assert_in('"password": "******"', responses.calls[0].request.body) assert_not_in('"password": "******"', responses.calls[0].request.body)
def test_sensitive_data_body_in_json_should_be_hidden(self): with capture_security_logs() as logged_data: self.c.post('/admin/login/', data=json.dumps({'username': '******', 'password': '******'}), content_type='application/json') assert_in('"password": "******"', logged_data.input_request[0].request_body) assert_not_in( '"password": "******"', logged_data.input_request[0].request_body )
def test_sensitive_data_body_in_json_should_be_hidden(self): self.c.post('/admin/login/', data=json.dumps({ 'username': '******', 'password': '******' }), content_type='application/json') input_logged_request = InputLoggedRequest.objects.get() assert_in('"password": "******"', input_logged_request.request_body) assert_not_in('"password": "******"', input_logged_request.request_body)
def test_enum_should_contain_only_defined_values(self): enum = Enum('A', 'B') assert_equal(enum.A, 'A') assert_equal(enum.B, 'B') assert_equal(list(enum), ['A', 'B']) assert_equal(enum.all, ('A', 'B')) assert_equal(enum.get_name('A'), 'A') with assert_raises(AttributeError): enum.C # pylint: disable=W0104 assert_is_none(enum.get_name('C')) assert_in('A', enum) assert_in(enum.A, enum) assert_not_in('C', enum)
def test_auto_gemerated_num_enum_should_contain_only_defined_values(self): enum = NumEnum('A', 'B') assert_equal(enum.A, 1) assert_equal(enum.B, 2) assert_equal(list(enum), [1, 2]) assert_equal(enum.all, (1, 2)) assert_equal(enum.get_name(1), 'A') with assert_raises(AttributeError): enum.C # pylint: disable=W0104 assert_is_none(enum.get_name(3)) assert_in(1, enum) assert_in(enum.A, enum) assert_not_in('A', enum)
def test_enum_with_distinct_key_and_value_should_contain_only_defined_values( self): enum = Enum(('A', 'c'), ('B', 'd')) assert_equal(enum.A, 'c') assert_equal(enum.B, 'd') assert_equal(list(enum), ['c', 'd']) assert_equal(enum.all, ('c', 'd')) assert_equal(enum.get_name('c'), 'A') with assert_raises(AttributeError): enum.C # pylint: disable=W0104 assert_is_none(enum.get_name('f')) assert_in('c', enum) assert_in(enum.A, enum) assert_not_in('A', enum)
def test_enum_should_contain_only_defined_values(self): enum = Enum( 'A', 'B' ) assert_equal(enum.A, 'A') assert_equal(enum.B, 'B') assert_equal(list(enum), ['A', 'B']) assert_equal(enum.all, ('A', 'B')) assert_equal(enum.get_name('A'), 'A') with assert_raises(AttributeError): enum.C # pylint: disable=W0104 assert_is_none(enum.get_name('C')) assert_in('A', enum) assert_in(enum.A, enum) assert_not_in('C', enum)
def test_auto_gemerated_num_enum_should_contain_only_defined_values(self): enum = NumEnum( 'A', 'B' ) assert_equal(enum.A, 1) assert_equal(enum.B, 2) assert_equal(list(enum), [1, 2]) assert_equal(enum.all, (1, 2)) assert_equal(enum.get_name(1), 'A') with assert_raises(AttributeError): enum.C # pylint: disable=W0104 assert_is_none(enum.get_name(3)) assert_in(1, enum) assert_in(enum.A, enum) assert_not_in('A', enum)
def test_enum_with_distinct_key_and_value_should_contain_only_defined_values(self): enum = Enum( ('A', 'c'), ('B', 'd') ) assert_equal(enum.A, 'c') assert_equal(enum.B, 'd') assert_equal(list(enum), ['c', 'd']) assert_equal(enum.all, ('c', 'd')) assert_equal(enum.get_name('c'), 'A') with assert_raises(AttributeError): enum.C # pylint: disable=W0104 assert_is_none(enum.get_name('f')) assert_in('c', enum) assert_in(enum.A, enum) assert_not_in('A', enum)
def test_user_should_be_authorized_via_http_header(self, user): assert_http_redirect(self.get(self.INDEX_URL)) resp = self.post(self.API_LOGIN_URL, { 'username': '******', 'password': '******' }) assert_http_ok(resp) assert_in('token', resp.json()) assert_http_ok( self.get(self.INDEX_URL, headers={ 'HTTP_AUTHORIZATION': 'Bearer {}'.format(resp.json()['token']) })) assert_not_in('Authorization', self.c.cookies) assert_true(Token.objects.last().allowed_header) assert_false(Token.objects.last().allowed_cookie)
def test_user_should_be_authorized_from_token_and_uuid(self, user): device_token = DeviceKey.objects.create_token(uuid=UUID, user=user) resp = self.post(self.API_MOBILE_LOGIN_URL, { 'uuid': UUID, 'login_device_token': device_token }) assert_http_ok(resp) assert_in('token', resp.json()) assert_http_ok( self.get(INDEX_URL, headers={ 'HTTP_AUTHORIZATION': 'Bearer {}'.format(resp.json()['token']) })) assert_not_in('Authorization', self.c.cookies) assert_true(Token.objects.last().allowed_header) assert_false(Token.objects.last().allowed_cookie)
def test_not_superuser_should_not_read_is_superuser_field(self): user = self.logged_user.user resp = self.get('%s%s/' % (self.USER_UI_URL, user.pk)) assert_not_in(b'is_superuser', resp.content)
def test_sensitive_data_body_in_json_should_be_hidden(self): self.c.post('/admin/login/', data=json.dumps({'username': '******', 'password': '******'}), content_type='application/json') input_logged_request = InputLoggedRequest.objects.get() assert_in('"password": "******"', input_logged_request.request_body) assert_not_in('"password": "******"', input_logged_request.request_body)