class TestAuth:
def setup_method(self):
self.request = Request(generate_wsgi())
self.auth = Auth(self.request, MockUser())
def test_auth(self):
assert self.auth
def test_login_user(self):
assert isinstance(self.auth.login('*****@*****.**', 'secret'),
MockUser)
assert self.request.get_cookie('token')
def test_get_user(self):
assert self.auth.login_by_id(1)
assert isinstance(self.auth.user(), MockUser)
def test_get_user_returns_false_if_not_loggedin(self):
self.auth.login('*****@*****.**', 'wrong_secret')
assert self.auth.user() is False
def test_logout_user(self):
assert isinstance(self.auth.login('*****@*****.**', 'secret'),
MockUser)
assert self.request.get_cookie('token')
self.auth.logout()
assert not self.request.get_cookie('token')
assert not self.auth.user()
def test_login_user_fails(self):
assert self.auth.login('*****@*****.**', 'bad_password') is False
def test_login_by_id(self):
assert isinstance(self.auth.login_by_id(1), MockUser)
assert self.request.get_cookie('token')
assert self.auth.login_by_id(2) is False
def test_login_once_does_not_set_cookie(self):
assert isinstance(self.auth.once().login_by_id(1), MockUser)
assert self.request.get_cookie('token') is None
class TestCSRFMiddleware:
def setup_method(self):
self.app = App()
self.request = Request(generate_wsgi())
self.view = View(self.app)
self.app.bind('Request', self.request)
self.request = self.app.make('Request')
self.middleware = CsrfMiddleware(self.request, Csrf(self.request),
self.view)
def test_middleware_shares_correct_input(self):
self.middleware.before()
assert 'csrf_field' in self.view._shared
assert self.view._shared['csrf_field'].startswith(
"<input type='hidden' name='__token' value='")
def test_middleware_throws_exception_on_post(self):
self.request.environ['REQUEST_METHOD'] = 'POST'
self.middleware.exempt = []
with pytest.raises(InvalidCSRFToken):
self.middleware.before()
def test_incoming_token_does_not_throw_exception_with_token(self):
self.request.environ['REQUEST_METHOD'] = 'POST'
self.request.request_variables.update(
{'__token': self.request.get_cookie('csrf_token')})
self.middleware.exempt = []
self.middleware.before()
def test_generates_csrf_token(self):
assert len(self.middleware.generate_token()) == 30
def test_generates_token_every_request(self):
token1 = self.middleware.verify_token()
token2 = self.middleware.verify_token()
assert len(token1) == 30
assert len(token2) == 30
assert token1 != token2
def test_does_not_generate_token_every_request(self):
self.middleware.every_request = False
token1 = self.middleware.verify_token()
token2 = self.middleware.verify_token()
assert len(token1) == 30
assert len(token2) == 30
assert token1 == token2
class TestCookieSigning(unittest.TestCase):
def setUp(self):
self.secret_key = 'pK1tLuZA8-upZGz-NiSCP_UVt-fxpxd796TaG6-dp8Y='
self.request = Request(generate_wsgi()).key(self.secret_key)
def test_set_and_get_cookie(self):
self.request.cookie('test', 'testvalue')
self.assertEqual(self.request.get_cookie('test'), 'testvalue')
def test_set_and_get_multiple_cookies(self):
self.request.cookie('cookie1', 'cookie1value')
self.request.cookie('cookie2', 'cookie2value')
self.assertEqual(self.request.get_cookie('cookie1'), 'cookie1value')
self.assertEqual(self.request.get_cookie('cookie2'), 'cookie2value')
def test_set_cookie_without_encryption(self):
self.request.cookie('notencrypted', 'value', False)
self.assertEqual(self.request.get_cookie('notencrypted', False), 'value')
def test_set_and_get_cookie_with_no_existing_cookies(self):
self.request.environ['HTTP_COOKIE'] = ''
self.request.cookie('test', 'testvalue')
self.assertEqual(self.request.get_cookie('test'), 'testvalue')
def test_set_and_get_cookie_with_existing_cookie(self):
self.request.environ['HTTP_COOKIE'] = 'cookie=true'
self.request.cookie('test', 'testvalue')
self.assertEqual(self.request.get_cookie('test'), 'testvalue')
def test_set_and_get_cookie_with_http_only(self):
self.request.cookies = []
self.request.cookie('test', 'testvalue', encrypt=False)
self.assertEqual(self.request.get_cookie('test', decrypt=False), 'testvalue')
self.assertTrue(self.request.get_raw_cookie('test')['httponly'])
self.assertIn('/', self.request.get_raw_cookie('test')['path'])
self.assertIn('testvalue', self.request.get_raw_cookie('test').value)
def test_set_and_get_cookie_without_http_only(self):
self.request.cookies = []
self.request.cookie('test', 'testvalue', http_only=False, encrypt=False)
self.assertEqual(self.request.get_cookie('test', decrypt=False), 'testvalue')
self.assertIn('/', self.request.get_raw_cookie('test')['path'])
self.assertIn('testvalue', self.request.get_raw_cookie('test').value)
class TestCookieSigning:
def setup_method(self):
self.secret_key = 'pK1tLuZA8-upZGz-NiSCP_UVt-fxpxd796TaG6-dp8Y='
self.request = Request(generate_wsgi()).key(self.secret_key)
def test_set_and_get_cookie(self):
self.request.cookie('test', 'testvalue')
assert self.request.get_cookie('test') == 'testvalue'
def test_set_and_get_multiple_cookies(self):
self.request.cookie('cookie1', 'cookie1value')
self.request.cookie('cookie2', 'cookie2value')
assert self.request.get_cookie('cookie1') == 'cookie1value'
assert self.request.get_cookie('cookie2') == 'cookie2value'
def test_set_cookie_without_encryption(self):
self.request.cookie('notencrypted', 'value', False)
assert self.request.get_cookie('notencrypted', False) == 'value'
def test_set_and_get_cookie_with_no_existing_cookies(self):
self.request.environ['HTTP_COOKIE'] = ''
self.request.cookie('test', 'testvalue')
assert self.request.get_cookie('test') == 'testvalue'
def test_set_and_get_cookie_with_existing_cookie(self):
self.request.environ['HTTP_COOKIE'] = 'cookie=true'
self.request.cookie('test', 'testvalue')
assert self.request.get_cookie('test') == 'testvalue'
def test_set_and_get_cookie_with_http_only(self):
self.request.cookies = []
self.request.cookie('test', 'testvalue', encrypt=False)
assert self.request.get_cookie('test', decrypt=False) == 'testvalue'
assert 'HttpOnly' in self.request.cookies[0][1]
assert 'test=testvalue; HttpOnly;Path=/' in self.request.cookies[0][1]
def test_set_and_get_cookie_without_http_only(self):
self.request.cookies = []
self.request.cookie('test',
'testvalue',
http_only=False,
encrypt=False)
assert self.request.get_cookie('test', decrypt=False) == 'testvalue'
assert 'test=testvalue; Path=/' in self.request.cookies[0][1]
def oauthcallback(self, view: View, request: Request, auth: Auth):
nylas_access_token = request.input('access_token')
nylas_account_id = request.input('account_id')
email_address = request.input('email_address')
provider = request.input('provider')
# a cookie is set so we can identify where the user started the auth process
start_page_type = request.get_cookie('callbackpage', decrypt=False)
user = auth.user()
#we want to treat this as a master token so it doesnt change when auth'ing with different scopes
if start_page_type == 'connect_personal':
user.access_token = nylas_access_token
user.nylas_account_id = nylas_account_id
user.save()
try:
Account.update_or_create(
{
"user_id": user.id,
"nylas_account_id": nylas_account_id,
"type": start_page_type
}, {
"access_token": nylas_access_token,
"email": email_address,
"nylas_account_id": nylas_account_id,
"type": start_page_type,
"scopes": start_page_type,
"provider": provider,
"valid": 1
})
except Exception as e:
print(str(e))
return view.render(
'auth.callback', {
'email_address': email_address,
'provider': provider,
'nylas_access_token': nylas_access_token,
'nylas_account_id': nylas_account_id
})
class TestRequest:
def setup_method(self):
self.request = Request(wsgi_request).key(
'NCTpkICMlTXie5te9nJniMj9aVbPM6lsjeq5iDZ0dqY=')
def test_request_is_callable(self):
""" Request should be callable """
if callable(self.request):
assert True
def test_request_input_should_return_input_on_get_request(self):
assert self.request.input('application') == 'Masonite'
assert self.request.input('application', 'foo') == 'Masonite'
def test_request_input_should_return_default_when_not_exists(self):
assert self.request.input('foo', 'bar') == 'bar'
def test_request_all_should_return_params(self):
assert self.request.all() == {'application': 'Masonite'}
def test_request_all_without_internal_request_variables(self):
self.request.request_variables.update({
'__token': 'testing',
'application': 'Masonite'
})
assert self.request.all() == {
'__token': 'testing',
'application': 'Masonite'
}
assert self.request.all(internal_variables=False) == {
'application': 'Masonite'
}
def test_request_has_should_return_bool(self):
assert self.request.has('application') == True
assert self.request.has('shouldreturnfalse') == False
def test_request_has_should_accept_multiple_values(self):
self.request.request_variables.update({
'__token': 'testing',
'application': 'Masonite'
})
assert self.request.has('application') == True
assert self.request.has('shouldreturnfalse') == False
assert self.request.has('__token') == True
assert self.request.has('__token', 'shouldreturnfalse') == False
assert self.request.has('__token', 'application') == True
assert self.request.has('__token', 'application',
'shouldreturnfalse') == False
def test_request_set_params_should_return_self(self):
assert self.request.set_params({'value': 'new'}) == self.request
assert self.request.url_params == {'value': 'new'}
def test_request_param_returns_parameter_set_or_false(self):
self.request.set_params({'value': 'new'})
assert self.request.param('value') == 'new'
assert self.request.param('nullvalue') == False
def test_request_appends_cookie(self):
assert self.request.cookie('appendcookie', 'value') == self.request
assert 'appendcookie' in self.request.environ['HTTP_COOKIE']
def test_request_sets_and_gets_cookies(self):
self.request.cookie('setcookie', 'value')
assert self.request.get_cookie('setcookie') == 'value'
def test_request_sets_expiration_cookie_2_months(self):
self.request.cookies = []
self.request.cookie('setcookie_expiration',
'value',
expires='2 months')
time = cookie_expire_time('2 months')
assert self.request.get_cookie('setcookie_expiration') == 'value'
assert 'Expires={0}'.format(time) in self.request.cookies[0][1]
def test_delete_cookie(self):
self.request.cookies = []
self.request.cookie('delete_cookie', 'value')
assert self.request.get_cookie('delete_cookie') == 'value'
self.request.delete_cookie('delete_cookie')
assert not self.request.get_cookie('delete_cookie')
def test_delete_cookie_with_wrong_key(self):
self.request.cookies = []
self.request.cookie('cookie', 'value')
self.request.key('wrongkey_TXie5te9nJniMj9aVbPM6lsjeq5iDZ0dqY=')
assert self.request.get_cookie('cookie') is None
def test_redirect_returns_request(self):
assert self.request.redirect('newurl') == self.request
assert self.request.redirect_url == '/newurl'
def test_request_no_input_returns_false(self):
assert self.request.input('notavailable') == False
def test_request_mini_field_storage_returns_single_value(self):
storages = {'test': [MiniFieldStorage('key', '1')]}
self.request._set_standardized_request_variables(storages)
assert self.request.input('test') == '1'
def test_request_mini_field_storage_doesnt_return_brackets(self):
storages = {'test[]': [MiniFieldStorage('key', '1')]}
self.request._set_standardized_request_variables(storages)
assert self.request.input('test') == '1'
def test_request_mini_field_storage_index(self):
storages = {'test[index]': [MiniFieldStorage('key', '1')]}
self.request._set_standardized_request_variables(storages)
assert self.request.input('test[index]') == '1'
def test_request_mini_field_storage_with_dot_notation(self):
storages = {'test[index]': [MiniFieldStorage('key', '1')]}
self.request._set_standardized_request_variables(storages)
assert self.request.input('test.index') == '1'
def test_request_mini_field_storage_returns_a_list(self):
storages = {
'test':
[MiniFieldStorage('key', '1'),
MiniFieldStorage('key', '2')]
}
self.request._set_standardized_request_variables(storages)
assert self.request.input('test') == ['1', '2']
def test_request_get_cookies_returns_cookies(self):
assert self.request.get_cookies() == self.request.cookies
def test_request_set_user_sets_object(self):
assert self.request.set_user(object) == self.request
assert self.request.user_model == object
assert self.request.user() == object
def test_request_loads_app(self):
app = App()
app.bind('Request', self.request)
app.make('Request').load_app(app)
assert self.request.app() == app
assert app.make('Request').app() == app
def test_request_gets_input_from_container(self):
container = App()
container.bind('Application', application)
container.bind('Providers', providers)
container.bind('WSGI', object)
container.bind('Environ', wsgi_request)
for provider in container.make('Providers').PROVIDERS:
container.resolve(provider().load_app(container).register)
container.bind('Response', 'test')
container.bind('WebRoutes', [
Get().route('url', None),
Get().route('url/', None),
Get().route('url/@firstname', None),
])
container.bind('Response', 'Route not found. Error 404')
for provider in container.make('Providers').PROVIDERS:
located_provider = provider().load_app(container)
container.resolve(provider().load_app(container).boot)
assert container.make('Request').input('application') == 'Masonite'
assert container.make('Request').all() == {'application': 'Masonite'}
container.make('Request').environ['REQUEST_METHOD'] = 'POST'
assert container.make('Request').environ['REQUEST_METHOD'] == 'POST'
assert container.make('Request').input('application') == 'Masonite'
def test_redirections_reset(self):
app = App()
app.bind('Request', self.request)
app.bind('WebRoutes', WEB_ROUTES)
request = app.make('Request').load_app(app)
request.redirect('test')
assert request.redirect_url == '/test'
request.reset_redirections()
assert request.redirect_url is False
request.redirect_to('test')
assert request.redirect_url == '/test'
request.reset_redirections()
assert request.redirect_url is False
def test_request_has_subdomain_returns_bool(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
assert request.has_subdomain() is False
assert request.subdomain is None
request.environ['HTTP_HOST'] = 'test.localhost.com'
request.header('TEST', 'set_this')
assert request.header('HTTP_TEST') == 'set_this'
request.header('TEST', 'set_this', http_prefix=None)
assert request.header('TEST') == 'set_this'
def test_redirect_compiles_url(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = '/test/url'
assert request.compile_route_to_url(route) == '/test/url'
def test_redirect_compiles_url_with_1_slash(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = '/'
assert request.compile_route_to_url(route) == '/'
def test_request_route_returns_url(self):
app = App()
app.bind('Request', self.request)
app.bind('WebRoutes', [
get('/test/url', None).name('test.url'),
get('/test/url/@id', None).name('test.id')
])
request = app.make('Request').load_app(app)
assert request.route('test.url') == '/test/url'
assert request.route('test.id', {'id': 1}) == '/test/url/1'
def test_request_route_returns_full_url(self):
app = App()
app.bind('Request', self.request)
app.bind('WebRoutes', [
get('/test/url', None).name('test.url'),
get('/test/url/@id', None).name('test.id')
])
request = app.make('Request').load_app(app)
assert request.route('test.url',
full=True) == 'http://localhost/test/url'
def test_redirect_compiles_url_with_multiple_slashes(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = 'test/url/here'
assert request.compile_route_to_url(route) == '/test/url/here'
def test_redirect_compiles_url_with_trailing_slash(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = 'test/url/here/'
assert request.compile_route_to_url(route) == '/test/url/here/'
def test_redirect_compiles_url_with_parameters(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = 'test/@id'
params = {
'id': '1',
}
assert request.compile_route_to_url(route, params) == '/test/1'
def test_redirect_compiles_url_with_multiple_parameters(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = 'test/@id/@test'
params = {
'id': '1',
'test': 'user',
}
def test_redirect_compiles_url_with_http(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = "http://google.com"
assert request.compile_route_to_url(route) == 'http://google.com'
def test_request_gets_correct_header(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
assert request.header('UPGRADE_INSECURE_REQUESTS') == '1'
assert request.header('RAW_URI') == '/'
assert request.header('NOT_IN') == None
def test_request_sets_correct_header(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
request.header('TEST', 'set_this')
assert request.header('HTTP_TEST') == 'set_this'
request.header('TEST', 'set_this', http_prefix=None)
assert request.header('TEST') == 'set_this'
def test_request_gets_all_headers(self):
app = App()
app.bind('Request', Request(wsgi_request))
request = app.make('Request').load_app(app)
request.header('TEST1', 'set_this_item')
request.header('TEST2', 'set_this_item', http_prefix=None)
assert request.get_headers() == [('HTTP_TEST1', 'set_this_item'),
('TEST2', 'set_this_item')]
def test_request_sets_status_code(self):
app = App()
app.bind('Request', self.request)
app.bind('StatusCode', '404 Not Found')
request = app.make('Request').load_app(app)
request.status('200 OK')
assert request.get_status_code() == '200 OK'
def test_request_sets_request_method(self):
wsgi = generate_wsgi()
wsgi['QUERY_STRING'] = '__method=PUT'
request = Request(wsgi)
assert request.has('__method')
assert request.input('__method') == 'PUT'
assert request.get_request_method() == 'PUT'
def test_request_has_should_pop_variables_from_input(self):
self.request.request_variables.update({'key1': 'test', 'key2': 'test'})
self.request.pop('key1', 'key2')
assert self.request.request_variables == {'application': 'Masonite'}
self.request.pop('shouldnotexist')
assert self.request.request_variables == {'application': 'Masonite'}
self.request.pop('application')
assert self.request.request_variables == {}
def test_is_named_route(self):
app = App()
app.bind('Request', self.request)
app.bind('WebRoutes', [
get('/test/url', None).name('test.url'),
get('/test/url/@id', None).name('test.id')
])
request = app.make('Request').load_app(app)
request.path = '/test/url'
assert request.is_named_route('test.url')
request.path = '/test/url/1'
assert request.is_named_route('test.id', {'id': 1})
def test_request_url_from_controller(self):
app = App()
app.bind('Request', self.request)
app.bind('WebRoutes', [
get('/test/url', 'TestController@show').name('test.url'),
get('/test/url/@id', 'ControllerTest@show').name('test.id'),
get('/test/url/controller/@id',
TestController.show).name('test.controller'),
])
request = app.make('Request').load_app(app)
assert request.url_from_controller(
'TestController@show') == '/test/url'
assert request.url_from_controller('ControllerTest@show',
{'id': 1}) == '/test/url/1'
assert request.url_from_controller(
TestController.show, {'id': 1}) == '/test/url/controller/1'
def test_contains_for_path_detection(self):
self.request.path = '/test/path'
assert self.request.contains('/test/*')
assert self.request.contains('/test/path')
assert not self.request.contains('/test/wrong')
def test_contains_for_path_with_digit(self):
self.request.path = '/test/path/1'
assert self.request.contains('/test/path/*')
assert self.request.contains('/test/path/*:int')
def test_contains_for_path_with_digit_and_wrong_contains(self):
self.request.path = '/test/path/joe'
assert not self.request.contains('/test/path/*:int')
def test_contains_for_path_with_alpha_contains(self):
self.request.path = '/test/path/joe'
assert self.request.contains('/test/path/*:string')
def test_contains_multiple_asteriks(self):
self.request.path = '/dashboard/user/edit/1'
assert self.request.contains('/dashboard/user/*:string/*:int')
def test_back_returns_correct_url(self):
self.request.path = '/dashboard/create'
self.request.back()
assert self.request.redirect_url == '/dashboard/create'
self.request.back(default='/home')
assert self.request.redirect_url == '/home'
self.request.request_variables = {'__back': '/login'}
self.request.back(default='/home')
assert self.request.redirect_url == '/login'
class TestAuth:
def setup_method(self):
self.container = App()
self.app = self.container
view = View(self.container)
self.request = Request(generate_wsgi())
self.auth = Auth(self.request, MockUser())
self.container.bind('View', view.render)
self.container.bind('ViewClass', view)
self.app.bind('Application', application)
def reset_method(self):
self.auth = Auth(self.request, MockUser())
def test_auth(self):
assert self.auth
def test_login_user(self):
assert isinstance(self.auth.login('*****@*****.**', 'secret'),
MockUser)
assert self.request.get_cookie('token')
def test_login_user_with_list_auth_column(self):
user = MockUser
user.__auth__ = ['email', 'name']
assert isinstance(self.auth.login('testuser123', 'secret'), user)
assert self.request.get_cookie('token')
def test_get_user(self):
assert self.auth.login_by_id(1)
assert isinstance(self.auth.user(), MockUser)
def test_get_user_returns_false_if_not_loggedin(self):
self.auth.login('*****@*****.**', 'wrong_secret')
assert self.auth.user() is False
def test_logout_user(self):
assert isinstance(self.auth.login('*****@*****.**', 'secret'),
MockUser)
assert self.request.get_cookie('token')
self.auth.logout()
assert not self.request.get_cookie('token')
assert not self.auth.user()
def test_login_user_fails(self):
assert self.auth.login('*****@*****.**', 'bad_password') is False
def test_login_by_id(self):
assert isinstance(self.auth.login_by_id(1), MockUser)
assert self.request.get_cookie('token')
assert self.auth.login_by_id(2) is False
def test_login_once_does_not_set_cookie(self):
assert isinstance(self.auth.once().login_by_id(1), MockUser)
assert self.request.get_cookie('token') is None
def test_user_is_mustverify_instance(self):
self.auth = Auth(self.request, MockVerifyUser())
assert isinstance(self.auth.once().login_by_id(1), MustVerifyEmail)
self.reset_method()
assert not isinstance(self.auth.once().login_by_id(1), MustVerifyEmail)
def get_user(self, id):
return MockVerifyUser()
def test_confirm_controller_success(self):
self.auth = Auth(self.request, MockVerifyUser())
params = {'id': Sign().sign('{0}::{1}'.format(1, time.time()))}
self.request.set_params(params)
user = self.auth.once().login_by_id(1)
self.request.set_user(user)
self.app.bind('Request', self.request)
self.app.make('Request').load_app(self.app)
# Create the route
route = get('/email/verify/@id', ConfirmController.confirm_email)
ConfirmController.get_user = self.get_user
# Resolve the controller constructor
controller = self.app.resolve(route.controller)
# Resolve the method
response = self.app.resolve(
getattr(controller, route.controller_method))
self.reset_method()
assert response.rendered_template == 'confirm'
def test_confirm_controller_failure(self):
self.auth = Auth(self.request, MockVerifyUser())
timestamp_plus_11 = datetime.datetime.now() - datetime.timedelta(
minutes=11)
params = {
'id': Sign().sign('{0}::{1}'.format(1,
timestamp_plus_11.timestamp()))
}
self.request.set_params(params)
user = self.auth.once().login_by_id(1)
self.request.set_user(user)
self.app.bind('Request', self.request)
self.app.make('Request').load_app(self.app)
# Create the route
route = get('/email/verify/@id', ConfirmController.confirm_email)
ConfirmController.get_user = self.get_user
# Resolve the controller constructor
controller = self.app.resolve(route.controller)
# Resolve the method
response = self.app.resolve(
getattr(controller, route.controller_method))
self.reset_method()
assert response.rendered_template == 'error'
def visible(self, request: Request):
if request.get_cookie('_real_token'):
return True
class TestRequest(unittest.TestCase):
def setUp(self):
self.app = App()
self.request = Request(wsgi_request).key(
'NCTpkICMlTXie5te9nJniMj9aVbPM6lsjeq5iDZ0dqY=').load_app(self.app)
self.app.bind('Request', self.request)
self.response = Response(self.app)
self.app.simple(Response)
def test_request_is_callable(self):
""" Request should be callable """
self.assertIsInstance(self.request, object)
def test_request_input_should_return_input_on_get_request(self):
self.assertEqual(self.request.input('application'), 'Masonite')
self.assertEqual(self.request.input('application', 'foo'), 'Masonite')
def test_request_input_should_return_default_when_not_exists(self):
self.assertEqual(self.request.input('foo', 'bar'), 'bar')
def test_request_all_should_return_params(self):
self.assertEqual(self.request.all(), {'application': 'Masonite'})
def test_request_all_without_internal_request_variables(self):
self.request.request_variables.update({
'__token': 'testing',
'application': 'Masonite'
})
self.assertEqual(self.request.all(), {
'__token': 'testing',
'application': 'Masonite'
})
self.assertEqual(self.request.all(internal_variables=False),
{'application': 'Masonite'})
def test_request_has_should_return_bool(self):
self.assertEqual(self.request.has('application'), True)
self.assertEqual(self.request.has('shouldreturnfalse'), False)
def test_request_has_should_accept_multiple_values(self):
self.request.request_variables.update({
'__token': 'testing',
'application': 'Masonite'
})
self.assertEqual(self.request.has('application'), True)
self.assertEqual(self.request.has('shouldreturnfalse'), False)
self.assertEqual(self.request.has('__token'), True)
self.assertEqual(self.request.has('__token', 'shouldreturnfalse'),
False)
self.assertEqual(self.request.has('__token', 'application'), True)
self.assertEqual(
self.request.has('__token', 'application', 'shouldreturnfalse'),
False)
def test_request_set_params_should_return_self(self):
self.assertEqual(self.request.set_params({'value': 'new'}),
self.request)
self.assertEqual(self.request.url_params, {'value': 'new'})
def test_request_param_returns_parameter_set_or_false(self):
self.request.set_params({'value': 'new'})
self.assertEqual(self.request.param('value'), 'new')
self.assertEqual(self.request.param('nullvalue'), False)
def test_request_appends_cookie(self):
self.assertEqual(self.request.cookie('appendcookie', 'value'),
self.request)
assert 'appendcookie' in self.request.environ['HTTP_COOKIE']
def test_request_input_can_get_dictionary_elements(self):
self.request.request_variables = {
"user": {
"address": [{
"id": 1,
'street': 'A Street'
}, {
"id": 2,
'street': 'B Street'
}]
}
}
self.assertEqual(self.request.input('user.address.*.id'), [1, 2])
self.assertEqual(self.request.input('user.address.*.street'),
['A Street', 'B Street'])
def test_request_sets_and_gets_cookies(self):
self.request.cookie('setcookie', 'value')
self.assertEqual(self.request.get_cookie('setcookie'), 'value')
def test_request_sets_expiration_cookie_2_months(self):
self.request.cookies = []
self.request.cookie('setcookie_expiration',
'value',
expires='2 months')
time = cookie_expire_time('2 months')
self.assertEqual(self.request.get_cookie('setcookie_expiration'),
'value')
self.assertEqual(
self.request.get_raw_cookie('setcookie_expiration')['expires'],
time)
def test_delete_cookie(self):
self.request.cookies = []
self.request.cookie('delete_cookie', 'value')
self.assertEqual(self.request.get_cookie('delete_cookie'), 'value')
self.request.delete_cookie('delete_cookie')
self.assertFalse(self.request.get_cookie('delete_cookie'))
def test_delete_cookie_with_wrong_key(self):
self.request.cookies = []
self.request.cookie('cookie', 'value')
self.request.key('wrongkey_TXie5te9nJniMj9aVbPM6lsjeq5iDZ0dqY=')
self.assertIsNone(self.request.get_cookie('cookie'))
def test_redirect_returns_request(self):
self.assertEqual(self.request.redirect('newurl'), self.request)
self.assertEqual(self.request.redirect_url, '/newurl')
def test_request_no_input_returns_false(self):
self.assertEqual(self.request.input('notavailable'), False)
def test_request_mini_field_storage_returns_single_value(self):
storages = {'test': [MiniFieldStorage('key', '1')]}
self.request._set_standardized_request_variables(storages)
self.assertEqual(self.request.input('test'), '1')
def test_request_can_get_string_value(self):
storages = {'test': 'value'}
self.request._set_standardized_request_variables(storages)
self.assertEqual(self.request.input('test'), 'value')
def test_request_can_get_list_value(self):
storages = {'test': ['foo', 'bar']}
self.request._set_standardized_request_variables(storages)
self.assertEqual(self.request.input('test'), ['foo', 'bar'])
def test_request_mini_field_storage_doesnt_return_brackets(self):
storages = {'test[]': [MiniFieldStorage('key', '1')]}
self.request._set_standardized_request_variables(storages)
self.assertEqual(self.request.input('test'), '1')
def test_request_mini_field_storage_index(self):
storages = {'test[index]': [MiniFieldStorage('key', '1')]}
self.request._set_standardized_request_variables(storages)
self.assertEqual(self.request.input('test[index]'), '1')
def test_request_mini_field_storage_with_dot_notation(self):
storages = {'test[index]': [MiniFieldStorage('key', '1')]}
self.request._set_standardized_request_variables(storages)
self.assertEqual(self.request.input('test.index'), '1')
def test_request_mini_field_storage_returns_a_list(self):
storages = {
'test':
[MiniFieldStorage('key', '1'),
MiniFieldStorage('key', '2')]
}
self.request._set_standardized_request_variables(storages)
self.assertEqual(self.request.input('test'), ['1', '2'])
def test_request_get_cookies_returns_cookies(self):
self.assertEqual(self.request.get_cookies(), self.request.cookies)
def test_request_set_user_sets_object(self):
self.assertEqual(self.request.set_user(object), self.request)
self.assertEqual(self.request.user_model, object)
self.assertEqual(self.request.user(), object)
def test_request_loads_app(self):
app = App()
app.bind('Request', self.request)
app.make('Request').load_app(app)
self.assertEqual(self.request.app(), app)
self.assertEqual(app.make('Request').app(), app)
def test_request_gets_input_from_container(self):
container = App()
container.bind('Application', application)
container.bind('Providers', providers)
container.bind('WSGI', object)
container.bind('Environ', wsgi_request)
for provider in container.make('Providers').PROVIDERS:
provider().load_app(container).register()
container.bind('Response', 'test')
container.bind('WebRoutes', [
Get().route('url', 'TestController@show'),
Get().route('url/', 'TestController@show'),
Get().route('url/@firstname', 'TestController@show'),
])
container.bind('Response', 'Route not found. Error 404')
for provider in container.make('Providers').PROVIDERS:
located_provider = provider().load_app(container)
container.resolve(located_provider.boot)
self.assertEqual(
container.make('Request').input('application'), 'Masonite')
self.assertEqual(
container.make('Request').all(), {'application': 'Masonite'})
container.make('Request').environ['REQUEST_METHOD'] = 'POST'
self.assertEqual(
container.make('Request').environ['REQUEST_METHOD'], 'POST')
self.assertEqual(
container.make('Request').input('application'), 'Masonite')
def test_redirections_reset(self):
app = App()
app.bind('Request', self.request)
app.bind('WebRoutes', WEB_ROUTES)
request = app.make('Request').load_app(app)
request.redirect('test')
self.assertEqual(request.redirect_url, '/test')
request.reset_redirections()
self.assertFalse(request.redirect_url)
request.redirect_to('test')
self.assertEqual(request.redirect_url, '/test')
request.reset_redirections()
self.assertFalse(request.redirect_url)
def test_redirect_to_throws_exception_when_no_routes_found(self):
app = App()
app.bind('Request', self.request)
app.bind('WebRoutes', WEB_ROUTES)
request = app.make('Request').load_app(app)
request.redirect_to('test')
request.redirect(name='test')
with pytest.raises(RouteException):
request.redirect_to('notavailable')
with pytest.raises(RouteException):
request.redirect(name='notavailable')
def test_request_has_subdomain_returns_bool(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
self.assertFalse(request.has_subdomain())
self.assertIsNone(request.subdomain)
request.environ['HTTP_HOST'] = 'test.localhost.com'
request.header('TEST', 'set_this')
self.assertEqual(request.header('TEST'), 'set_this')
request.header('TEST', 'set_this', http_prefix=True)
self.assertEqual(request.header('HTTP_TEST'), 'set_this')
def test_redirect_compiles_url(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = '/test/url'
self.assertEqual(request.compile_route_to_url(route), '/test/url')
def test_redirect_compiles_url_with_1_slash(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = '/'
self.assertEqual(request.compile_route_to_url(route), '/')
def test_request_route_returns_url(self):
app = App()
app.bind('Request', self.request)
app.bind('WebRoutes', [
Get('/test/url', 'TestController@show').name('test.url'),
Get('/test/url/@id', 'TestController@show').name('test.id')
])
request = app.make('Request').load_app(app)
self.assertEqual(request.route('test.url'), '/test/url')
self.assertEqual(request.route('test.id', {'id': 1}), '/test/url/1')
self.assertEqual(request.route('test.id', [1]), '/test/url/1')
with self.assertRaises(RouteException):
self.assertTrue(request.route('not.exists', [1]))
def test_request_route_returns_url_without_passing_args_with_current_param(
self):
app = App()
app.bind('Request', self.request)
app.bind('WebRoutes', [
Get('/test/url', 'TestController@show').name('test.url'),
Get('/test/url/@id', 'TestController@show').name('test.id')
])
request = app.make('Request').load_app(app)
request.url_params = {'id': 1}
assert request.route('test.id') == '/test/url/1'
def test_request_redirection(self):
app = App()
app.bind('Request', self.request)
app.bind('WebRoutes', [
Get('/test/url', 'TestController@show').name('test.url'),
Get('/test/url/@id', 'TestController@testing').name('test.id'),
Get('/test/url/object', TestController.show).name('test.object')
])
request = app.make('Request').load_app(app)
self.assertEqual(
request.redirect('/test/url/@id', {
'id': 1
}).redirect_url, '/test/url/1')
request.redirect_url = None
self.assertEqual(
request.redirect(name='test.url').redirect_url, '/test/url')
request.redirect_url = None
self.assertEqual(
request.redirect(name='test.id', params={
'id': 1
}).redirect_url, '/test/url/1')
request.redirect_url = None
self.assertEqual(
request.redirect(controller='TestController@show').redirect_url,
'/test/url')
request.redirect_url = None
self.assertEqual(
request.redirect(controller=TestController.show).redirect_url,
'/test/url/object')
request.redirect_url = None
self.assertEqual(
request.redirect('some/url').redirect_url, '/some/url')
def test_request_route_returns_full_url(self):
app = App()
app.bind('Request', self.request)
app.bind('WebRoutes', [
Get('/test/url', 'TestController@show').name('test.url'),
Get('/test/url/@id', 'TestController@show').name('test.id')
])
request = app.make('Request').load_app(app)
self.assertEqual(request.route('test.url', full=True),
'http://*****:*****@id'
params = {
'id': '1',
}
self.assertEqual(request.compile_route_to_url(route, params),
'/test/1')
def test_redirect_compiles_url_with_list_parameters(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = 'test/@id'
params = ['1']
self.assertEqual(request.compile_route_to_url(route, params),
'/test/1')
route = 'test/@id/@user/test/@slug'
params = ['1', '2', '3']
self.assertEqual(request.compile_route_to_url(route, params),
'/test/1/2/test/3')
def test_redirect_compiles_url_with_multiple_parameters(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = 'test/@id/@test'
params = {
'id': '1',
'test': 'user',
}
self.assertEqual(request.compile_route_to_url(route, params),
'/test/1/user')
def test_request_compiles_custom_route_compiler(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = 'test/@id:signed'
params = {
'id': '1',
}
self.assertEqual(request.compile_route_to_url(route, params),
'/test/1')
def test_redirect_compiles_url_with_http(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = "http://google.com"
self.assertEqual(request.compile_route_to_url(route),
'http://google.com')
def test_can_get_nully_value(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
request._set_standardized_request_variables({
"gateway": "RENDIMENTO",
"request": {
"user": "******"
},
"response": None,
"description": "test only"
})
self.assertEqual(request.input('response'), None)
def test_request_gets_correct_header(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
self.assertEqual(request.header('HTTP_UPGRADE_INSECURE_REQUESTS'), '1')
self.assertEqual(request.header('RAW_URI'), '/')
self.assertEqual(request.header('NOT_IN'), '')
self.assertFalse('text/html' in request.header('NOT_IN'))
def test_request_sets_correct_header(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
request.header('TEST', 'set_this')
self.assertEqual(request.header('TEST'), 'set_this')
request.header('TEST', 'set_this', http_prefix=True)
self.assertEqual(request.header('HTTP_TEST'), 'set_this')
def test_request_cant_set_multiple_headers(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
request.header('TEST', 'test_this')
request.header('TEST', 'test_that')
self.assertEqual(request.header('TEST'), 'test_that')
def test_request_sets_headers_with_dictionary(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
request.header({
'test_dict': 'test_value',
'test_dict1': 'test_value1'
})
self.assertEqual(request.header('test_dict'), 'test_value')
self.assertEqual(request.header('test_dict1'), 'test_value1')
request.header({
'test_dict': 'test_value',
'test_dict1': 'test_value1'
},
http_prefix=True)
self.assertEqual(request.header('HTTP_test_dict'), 'test_value')
self.assertEqual(request.header('HTTP_test_dict1'), 'test_value1')
def test_request_gets_all_headers(self):
app = App()
app.bind('Request', Request(wsgi_request))
request = app.make('Request').load_app(app)
request.header('TEST1', 'set_this_item')
self.assertEqual(request.get_headers(), [('TEST1', 'set_this_item')])
def test_request_sets_str_status_code(self):
app = App()
app.bind('Request', self.request)
app.bind('StatusCode', 'TestController@show')
request = app.make('Request').load_app(app)
request.status('200 OK')
self.assertEqual(request.get_status_code(), '200 OK')
def test_request_sets_int_status_code(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
request.status(500)
self.assertEqual(request.get_status_code(),
'500 Internal Server Error')
def test_request_gets_int_status(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
request.status(500)
self.assertEqual(request.get_status(), 500)
def test_can_get_code_by_value(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
request.status(500)
self.assertEqual(
request._get_status_code_by_value('500 Internal Server Error'),
500)
def test_is_status_code(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
request.status(500)
self.assertEqual(request.is_status(500), True)
def test_request_sets_invalid_int_status_code(self):
with self.assertRaises(InvalidHTTPStatusCode):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
request.status(600)
def test_request_sets_request_method(self):
wsgi = generate_wsgi()
wsgi['QUERY_STRING'] = '__method=PUT'
request = Request(wsgi)
assert request.has('__method')
self.assertEqual(request.input('__method'), 'PUT')
self.assertEqual(request.get_request_method(), 'PUT')
def test_request_has_should_pop_variables_from_input(self):
self.request.request_variables.update({'key1': 'test', 'key2': 'test'})
self.request.pop('key1', 'key2')
self.assertEqual(self.request.request_variables,
{'application': 'Masonite'})
self.request.pop('shouldnotexist')
self.assertEqual(self.request.request_variables,
{'application': 'Masonite'})
self.request.pop('application')
self.assertEqual(self.request.request_variables, {})
def test_is_named_route(self):
app = App()
app.bind('Request', self.request)
app.bind('WebRoutes', [
Get('/test/url', 'TestController@show').name('test.url'),
Get('/test/url/@id', 'TestController@show').name('test.id')
])
request = app.make('Request').load_app(app)
request.path = '/test/url'
assert request.is_named_route('test.url')
request.path = '/test/url/1'
assert request.is_named_route('test.id', {'id': 1})
def test_route_exists(self):
app = App()
app.bind('Request', self.request)
app.bind('WebRoutes', [
Get('/test/url', 'TestController@show').name('test.url'),
Get('/test/url/@id', 'TestController@show').name('test.id')
])
request = app.make('Request').load_app(app)
self.assertEqual(request.route_exists('/test/url'), True)
self.assertEqual(request.route_exists('/test/Not'), False)
def test_request_url_from_controller(self):
app = App()
app.bind('Request', self.request)
app.bind('WebRoutes', [
Get('/test/url', 'TestController@show').name('test.url'),
Get('/test/url/@id', 'ControllerTest@show').name('test.id'),
Get('/test/url/controller/@id',
TestController.show).name('test.controller'),
])
request = app.make('Request').load_app(app)
self.assertEqual(request.url_from_controller('TestController@show'),
'/test/url')
self.assertEqual(
request.url_from_controller('ControllerTest@show', {'id': 1}),
'/test/url/1')
self.assertEqual(
request.url_from_controller(TestController.show, {'id': 1}),
'/test/url/controller/1')
def test_contains_for_path_detection(self):
self.request.path = '/test/path'
self.assertTrue(self.request.contains('/test/*'))
self.assertTrue(self.request.contains('/test/path'))
self.assertFalse(self.request.contains('/test/wrong'))
def test_contains_for_multiple_paths(self):
self.request.path = '/test/path/5'
self.assertTrue(self.request.contains('/test/*'))
def test_contains_can_return_string(self):
self.request.path = '/test/path/5'
self.assertEqual(self.request.contains('/test/*', show='active'),
'active')
self.assertEqual(self.request.contains('/test/not', show='active'), '')
def test_contains_for_path_with_digit(self):
self.request.path = '/test/path/1'
self.assertTrue(self.request.contains('/test/path/*'))
self.assertTrue(self.request.contains('/test/path/*:int'))
def test_contains_for_path_with_digit_and_wrong_contains(self):
self.request.path = '/test/path/joe'
self.assertFalse(self.request.contains('/test/path/*:int'))
def test_contains_for_path_with_alpha_contains(self):
self.request.path = '/test/path/joe'
self.assertTrue(self.request.contains('/test/path/*:string'))
def test_contains_for_route_compilers(self):
self.request.path = '/test/path/joe'
self.assertTrue(self.request.contains('/test/path/*:signed'))
def test_contains_multiple_asteriks(self):
self.request.path = '/dashboard/user/edit/1'
self.assertTrue(
self.request.contains('/dashboard/user/*:string/*:int'))
def test_request_can_get_input_as_properties(self):
self.request.request_variables = {'test': 'hey'}
self.assertEqual(self.request.test, 'hey')
self.assertEqual(self.request.input('test'), 'hey')
def test_request_can_get_param_as_properties(self):
self.request.url_params = {'test': 'hey'}
self.assertEqual(self.request.test, 'hey')
self.assertEqual(self.request.param('test'), 'hey')
def test_back_returns_correct_url(self):
self.request.path = '/dashboard/create'
self.request.back()
self.assertEqual(self.request.redirect_url, '/dashboard/create')
self.request.back(default='/home')
self.assertEqual(self.request.redirect_url, '/home')
self.request.request_variables = {'__back': '/login'}
self.request.back(default='/home')
self.assertEqual(self.request.redirect_url, '/login')
def test_request_without(self):
self.request.request_variables.update({
'__token': 'testing',
'application': 'Masonite'
})
self.assertEqual(self.request.without('__token'),
{'application': 'Masonite'})
def test_request_only_returns_specified_values(self):
self.request.request_variables.update({
'__token': 'testing',
'application': 'Masonite'
})
self.assertEqual(self.request.only('application'),
{'application': 'Masonite'})
self.assertEqual(self.request.only('__token'), {'__token': 'testing'})
def test_request_gets_only_clean_output(self):
self.request._set_standardized_request_variables(
{'key': '<img """><script>alert(\'hey\')</script>">'})
self.assertEqual(
self.request.input('key'),
'<img """><script>alert('hey')</script>">'
)
self.assertEqual(self.request.input('key', clean=False),
'<img """><script>alert(\'hey\')</script>">')
def test_request_cleans_all_optionally(self):
self.request._set_standardized_request_variables(
{'key': '<img """><script>alert(\'hey\')</script>">'})
self.assertEqual(
self.request.all()['key'],
'<img """><script>alert('hey')</script>">'
)
self.assertEqual(
self.request.all(clean=False)['key'],
'<img """><script>alert(\'hey\')</script>">')
def test_request_gets_input_with_dotdict(self):
self.request.request_variables = {
"key": {
"user": "******",
"name": "Joe",
"address": {
"street": "address 1"
}
}
}
self.assertEqual(
self.request.input('key')['address']['street'], 'address 1')
self.assertEqual(self.request.input('key.address.street'), 'address 1')
self.assertEqual(self.request.input('key.'), False)
self.assertEqual(self.request.input('key.user'), '1')
self.assertEqual(self.request.input('key.nothing'), False)
self.assertEqual(self.request.input('key.nothing', default='test'),
'test')
class TestAuth(TestCase):
"""Start and rollback transactions for this test
"""
transactions = True
def setUp(self):
super().setUp()
self.container = App()
self.app = self.container
self.app.bind('Container', self.app)
view = View(self.container)
self.request = Request(generate_wsgi())
self.request.key(application.KEY)
self.app.bind('Request', self.request)
# self.auth = Auth(self.request, MockUser())
self.container.bind('View', view.render)
self.container.bind('ViewClass', view)
self.app.bind('Application', application)
self.app.bind('Auth', Auth)
self.app.bind('AuthConfig', auth)
self.app.bind('AuthManager', AuthManager)
self.app.bind('AuthCookieDriver', AuthCookieDriver)
self.app.bind('AuthJwtDriver', AuthJwtDriver)
self.auth = self.app.make('Auth', User)
self.request.load_app(self.app)
def setUpFactories(self):
User.create({
'name': 'testuser123',
'email': '*****@*****.**',
'password': bcrypt_password('secret'),
'second_password': bcrypt_password('pass123'),
})
def test_auth(self):
self.assertTrue(self.auth)
def test_login_user(self):
for driver in ('cookie', 'jwt'):
self.auth.driver = driver
self.assertTrue(self.auth.login('*****@*****.**', 'secret'))
self.assertTrue(self.request.get_cookie('token'))
self.assertEqual(self.auth.user().name, 'testuser123')
def test_login_with_no_password(self):
with self.assertRaises(TypeError):
for driver in ('cookie', 'jwt'):
self.auth.driver = driver
self.assertTrue(self.auth.login('*****@*****.**', None))
# def test_can_login_with_second_password(self):
# self.auth.auth_model.__password__ = 'second_password'
# self.assertTrue(self.auth.login('*****@*****.**', 'pass123'))
# self.assertTrue(self.request.get_cookie('token'))
def test_login_user_with_list_auth_column(self):
for driver in ('cookie', 'jwt'):
self.auth.driver = driver
self.auth.auth_model.__auth__ = ['name', 'email']
self.assertTrue(self.auth.login('testuser123', 'secret'))
self.assertTrue(self.request.get_cookie('token'))
def test_can_register(self):
self.auth.register({
'name': 'Joe',
'email': '*****@*****.**',
'password': '******'
})
for driver in ('cookie', 'jwt'):
self.auth.driver = driver
self.assertTrue(User.where('email', '*****@*****.**').first())
self.assertNotEqual(User.where('email', '*****@*****.**').first().password, 'secret')
def test_get_user(self):
for driver in ('cookie', 'jwt'):
self.auth.driver = driver
self.assertTrue(self.auth.login_by_id(1))
def test_get_user_returns_false_if_not_loggedin(self):
for driver in ('cookie', 'jwt'):
self.auth.driver = driver
self.auth.login('*****@*****.**', 'wrong_secret')
self.assertFalse(self.auth.user())
def test_logout_user(self):
for driver in ('cookie', 'jwt'):
self.auth.driver = driver
self.auth.login('*****@*****.**', 'secret')
self.assertTrue(self.request.get_cookie('token'))
self.assertTrue(self.auth.user())
self.auth.logout()
self.assertFalse(self.request.get_cookie('token'))
self.assertFalse(self.auth.user())
def test_login_user_fails(self):
for driver in ('cookie', 'jwt'):
self.auth.driver = driver
self.assertFalse(self.auth.login('*****@*****.**', 'bad_password'))
def test_login_user_success(self):
for driver in ('cookie', 'jwt'):
self.auth.driver = driver
self.assertTrue(self.auth.login('*****@*****.**', 'secret'))
def test_login_by_id(self):
for driver in ('cookie', 'jwt'):
self.auth.driver = driver
self.assertTrue(self.auth.login_by_id(1))
self.assertTrue(self.request.get_cookie('token'))
self.assertFalse(self.auth.login_by_id(3))
def test_login_once_does_not_set_cookie(self):
for driver in ('cookie', 'jwt'):
self.auth.driver = driver
self.assertTrue(self.auth.once().login_by_id(1))
self.assertIsNone(self.request.get_cookie('token'))
# def test_user_is_mustverify_instance(self):
# self.assertIsInstance(self.auth.once().login_by_id(1), MustVerifyEmail)
# self.assertNotIsInstance(self.auth.once().login_by_id(1), MustVerifyEmail)
def test_confirm_controller_success(self):
for driver in ('jwt', 'cookie'):
self.auth.driver = driver
params = {'id': Sign().sign('{0}::{1}'.format(1, time.time()))}
self.request.set_params(params)
user = self.auth.once().login_by_id(1)
self.request.set_user(user)
self.app.bind('Request', self.request)
self.app.make('Request').load_app(self.app)
# Create the route
route = Get('/email/verify/@id', ConfirmController.confirm_email)
ConfirmController.get_user = User
# Resolve the controller constructor
controller = self.app.resolve(route.controller)
# Resolve the method
response = self.app.resolve(getattr(controller, route.controller_method))
self.assertEqual(response.rendered_template, 'confirm')
self.refreshDatabase()
def test_confirm_controller_failure(self):
for driver in ('cookie', 'jwt'):
self.auth.driver = driver
timestamp_plus_11 = datetime.datetime.now() - datetime.timedelta(minutes=11)
params = {'id': Sign().sign('{0}::{1}'.format(1, timestamp_plus_11.timestamp()))}
self.request.set_params(params)
user = self.auth.once().login_by_id(1)
self.request.set_user(user)
self.app.bind('Request', self.request)
self.app.make('Request').load_app(self.app)
# Create the route
route = Get('/email/verify/@id', ConfirmController.confirm_email)
ConfirmController.get_user = User
# Resolve the controller constructor
controller = self.app.resolve(route.controller)
# Resolve the method
response = self.app.resolve(getattr(controller, route.controller_method))
self.assertEqual(response.rendered_template, 'error')
class TestCSRFMiddleware:
def setup_method(self):
self.app = App()
wsgi = generate_wsgi()
self.request = Request(wsgi)
self.route = Route().load_environ(wsgi)
self.view = View(self.app)
self.app.bind('Request', self.request)
self.request = self.app.make('Request')
self.app.bind('WebRoutes', [
Get().route('/test/@route', None),
Get().route('/test/10', None),
])
self.request.container = self.app
self.middleware = CsrfMiddleware(self.request, Csrf(self.request),
self.view)
def test_middleware_shares_correct_input(self):
self.middleware.before()
assert 'csrf_field' in self.view._shared
assert self.view._shared['csrf_field'].startswith(
"<input type='hidden' name='__token' value='")
def test_middleware_throws_exception_on_post(self):
self.request.environ['REQUEST_METHOD'] = 'POST'
self.request.path = '/'
self.middleware.exempt = []
with pytest.raises(InvalidCSRFToken):
self.middleware.before()
def test_middleware_can_accept_param_route(self):
self.request.environ['REQUEST_METHOD'] = 'POST'
self.request.path = '/test/1'
self.middleware.exempt = ['/test/@route']
self.middleware.before()
def test_middleware_can_exempt(self):
self.request.environ['REQUEST_METHOD'] = 'POST'
self.request.path = '/test/1'
self.middleware.exempt = ['/test/1']
self.middleware.before()
def test_middleware_throws_exeption_on_wrong_route(self):
self.request.environ['REQUEST_METHOD'] = 'POST'
self.request.path = '/test/10'
self.middleware.exempt = ['/test/2']
with pytest.raises(InvalidCSRFToken):
self.middleware.before()
def test_incoming_token_does_not_throw_exception_with_token(self):
self.request.environ['REQUEST_METHOD'] = 'POST'
self.request.request_variables.update(
{'__token': self.request.get_cookie('csrf_token')})
self.middleware.exempt = []
self.middleware.before()
def test_generates_csrf_token(self):
assert len(self.middleware.generate_token()) == 30
def test_generates_token_every_request(self):
token1 = self.middleware.verify_token()
token2 = self.middleware.verify_token()
assert len(token1) == 30
assert len(token2) == 30
assert token1 != token2
def test_does_not_generate_token_every_request(self):
self.middleware.every_request = False
token1 = self.middleware.verify_token()
token2 = self.middleware.verify_token()
assert len(token1) == 30
assert len(token2) == 30
assert token1 == token2
def swap_back_to_user(self, request: Request):
if request.get_cookie('_real_token'):
request.cookie('token', request.get_cookie('_real_token'))
request.delete_cookie('_real_token')
return request.redirect('/dashboard')
def login_as_user(self, request: Request):
if not request.get_cookie('_real_token'):
request.cookie('_real_token', request.get_cookie('token'))
Auth(request).login_by_id(request.input('user'))
return request.redirect('/dashboard')
class TestRequest:
def setup_method(self):
self.request = Request(wsgi_request).key(
'NCTpkICMlTXie5te9nJniMj9aVbPM6lsjeq5iDZ0dqY=')
def test_request_is_callable(self):
""" Request should be callable """
if callable(self.request):
assert True
def test_request_input_should_return_input_on_get_request(self):
assert self.request.input('application') == 'Masonite'
def test_request_all_should_return_params(self):
assert self.request.all() == {'application': 'Masonite'}
def test_request_all_without_internal_request_variables(self):
self.request.request_variables.update({'__token': 'testing', 'application': 'Masonite'})
assert self.request.all() == {'__token': 'testing', 'application': 'Masonite'}
assert self.request.all(internal_variables=False) == {'application': 'Masonite'}
def test_request_has_should_return_bool(self):
assert self.request.has('application') == True
assert self.request.has('shouldreturnfalse') == False
def test_request_set_params_should_return_self(self):
assert self.request.set_params({'value': 'new'}) == self.request
assert self.request.url_params == {'value': 'new'}
def test_request_param_returns_parameter_set_or_false(self):
self.request.set_params({'value': 'new'})
assert self.request.param('value') == 'new'
assert self.request.param('nullvalue') == False
def test_request_appends_cookie(self):
assert self.request.cookie('appendcookie', 'value') == self.request
assert 'appendcookie' in self.request.environ['HTTP_COOKIE']
def test_request_sets_and_gets_cookies(self):
self.request.cookie('setcookie', 'value')
assert self.request.get_cookie('setcookie') == 'value'
def test_request_sets_expiration_cookie_2_months(self):
self.request.cookies = []
self.request.cookie('setcookie_expiration', 'value', expires='2 months')
time = cookie_expire_time('2 months')
assert self.request.get_cookie('setcookie_expiration') == 'value'
assert 'Expires={0}'.format(time) in self.request.cookies[0][1]
def test_delete_cookie(self):
self.request.cookies = []
self.request.cookie('delete_cookie', 'value')
assert self.request.get_cookie('delete_cookie') == 'value'
self.request.delete_cookie('delete_cookie')
assert not self.request.get_cookie('delete_cookie')
def test_delete_cookie_with_wrong_key(self):
self.request.cookies = []
self.request.cookie('cookie', 'value')
self.request.key('wrongkey_TXie5te9nJniMj9aVbPM6lsjeq5iDZ0dqY=')
assert self.request.get_cookie('cookie') is None
def test_redirect_returns_request(self):
assert self.request.redirect('newurl') == self.request
assert self.request.redirect_url == '/newurl'
def test_request_no_input_returns_false(self):
assert self.request.input('notavailable') == False
def test_request_get_cookies_returns_cookies(self):
assert self.request.get_cookies() == self.request.cookies
def test_request_set_user_sets_object(self):
assert self.request.set_user(object) == self.request
assert self.request.user_model == object
assert self.request.user() == object
def test_request_loads_app(self):
app = App()
app.bind('Request', self.request)
app.make('Request').load_app(app)
assert self.request.app() == app
assert app.make('Request').app() == app
def test_request_gets_input_from_container(self):
container = App()
container.bind('Application', application)
container.bind('Providers', providers)
container.bind('WSGI', object)
container.bind('Environ', wsgi_request)
for provider in container.make('Providers').PROVIDERS:
container.resolve(provider().load_app(container).register)
container.bind('Response', 'test')
container.bind('WebRoutes', [
Get().route('url', None),
Get().route('url/', None),
Get().route('url/@firstname', None),
])
container.bind('Response', 'Route not found. Error 404')
for provider in container.make('Providers').PROVIDERS:
located_provider = provider().load_app(container)
container.resolve(provider().load_app(container).boot)
assert container.make('Request').input('application') == 'Masonite'
assert container.make('Request').all() == {'application': 'Masonite'}
container.make('Request').environ['REQUEST_METHOD'] = 'POST'
assert container.make('Request').environ['REQUEST_METHOD'] == 'POST'
assert container.make('Request').input('application') == 'Masonite'
def test_redirections_reset(self):
app = App()
app.bind('Request', self.request)
app.bind('WebRoutes', WEB_ROUTES)
request = app.make('Request').load_app(app)
request.redirect('test')
assert request.redirect_url == '/test'
request.reset_redirections()
assert request.redirect_url is False
request.redirect_to('test')
assert request.redirect_url == '/test'
request.reset_redirections()
assert request.redirect_url is False
def test_request_has_subdomain_returns_bool(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
assert request.has_subdomain() is False
assert request.subdomain is None
request.environ['HTTP_HOST'] = 'test.localhost.com'
request.header('TEST', 'set_this')
assert request.header('HTTP_TEST') == 'set_this'
request.header('TEST', 'set_this', http_prefix = None)
assert request.header('TEST') == 'set_this'
def test_redirect_compiles_url(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = '/test/url'
assert request.compile_route_to_url(route) == '/test/url'
def test_redirect_compiles_url_with_1_slash(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = '/'
assert request.compile_route_to_url(route) == '/'
def test_redirect_compiles_url_with_multiple_slashes(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = 'test/url/here'
assert request.compile_route_to_url(route) == '/test/url/here'
def test_redirect_compiles_url_with_trailing_slash(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = 'test/url/here/'
assert request.compile_route_to_url(route) == '/test/url/here/'
def test_redirect_compiles_url_with_parameters(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = 'test/@id'
params = {
'id': '1',
}
assert request.compile_route_to_url(route, params) == '/test/1'
def test_redirect_compiles_url_with_multiple_parameters(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = 'test/@id/@test'
params = {
'id': '1',
'test': 'user',
}
def test_redirect_compiles_url_with_http(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
route = "http://google.com"
assert request.compile_route_to_url(route) == 'http://google.com'
def test_request_gets_correct_header(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
assert request.header('UPGRADE_INSECURE_REQUESTS') == '1'
assert request.header('RAW_URI') == '/'
assert request.header('NOT_IN') == None
def test_request_sets_correct_header(self):
app = App()
app.bind('Request', self.request)
request = app.make('Request').load_app(app)
request.header('TEST', 'set_this')
assert request.header('HTTP_TEST') == 'set_this'
request.header('TEST', 'set_this', http_prefix = None)
assert request.header('TEST') == 'set_this'
def test_request_gets_all_headers(self):
app = App()
app.bind('Request', Request(wsgi_request))
request = app.make('Request').load_app(app)
request.header('TEST1', 'set_this_item')
request.header('TEST2', 'set_this_item', http_prefix = None)
assert request.get_headers() == [('HTTP_TEST1', 'set_this_item'), ('TEST2', 'set_this_item')]
def test_request_sets_status_code(self):
app = App()
app.bind('Request', self.request)
app.bind('StatusCode', '404 Not Found')
request = app.make('Request').load_app(app)
request.status('200 OK')
assert request.get_status_code() == '200 OK'
def test_request_sets_request_method(self):
wsgi = generate_wsgi()
wsgi['QUERY_STRING'] = '__method=PUT'
request = Request(wsgi)
assert request.has('__method')
assert request.input('__method') == 'PUT'
assert request.get_request_method() == 'PUT'
