def test_html(self): transform = ProtectTransform(self.portal, self.request) result = transform.transform([( '<html>\n<body>' '<form action="http://nohost/myaction" method="POST">' '</form></body>\n</html>')], 'utf-8') self.assertTrue(b'_authenticator' in result.serialize())
class TileProtectTransform(object): """Replacement transform for plone.protect's ProtectTransform, to drop X-Tile-Url-header from unauthorized responses and disable the default ProtectTransform for authorized responses (to avoid causing issues like extra protect.js-injections for tile editors) """ order = 9000 def __init__(self, published, request): self.published = published self.request = request try: from plone.protect.auto import ProtectTransform self.protect = ProtectTransform(published, request) except ImportError: self.protect = None def transform(self, result, encoding): from plone.protect import CheckAuthenticator CheckAuthenticator(self.request) return None def transformBytes(self, result, encoding): try: return self.transform(result, encoding) except Forbidden: if 'x-tile-url' in self.request.response.headers: del self.request.response.headers['x-tile-url'] if self.protect is not None: return self.protect.transformBytes(result, encoding) else: return None def transformUnicode(self, result, encoding): try: return self.transform(result, encoding) except Forbidden: if 'x-tile-url' in self.request.response.headers: del self.request.response.headers['x-tile-url'] if self.protect is not None: return self.protect.transformUnicode(result, encoding) else: return None def transformIterable(self, result, encoding): try: return self.transform(result, encoding) except Forbidden: if 'x-tile-url' in self.request.response.headers: del self.request.response.headers['x-tile-url'] if self.protect is not None: return self.protect.transformIterable(result, encoding) else: return None
def __init__(self, published, request): self.published = published self.request = request try: from plone.protect.auto import ProtectTransform self.protect = ProtectTransform(published, request) except ImportError: self.protect = None
def test_safe_write_empty_returns_true(self): safeWrite(self.portal, self.request) transform = ProtectTransform(self.portal, self.request) transform._registered_objects = lambda: [self.portal] self.assertTrue(transform._check())
def test_safe_write_empty_returns_false(self): transform = ProtectTransform(self.portal, self.request) transform._registered_objects = lambda: [self.portal] self.assertRaises(Forbidden, transform._check)
def test_empty_no_error(self): # empty pages (eg. tiles or ajax requests) should not lead to # transform errors or warnings transform = ProtectTransform(self.portal, self.request) result = transform.transform(['\n'], 'utf-8') self.assertEqual(result, None)
def test_html(self): transform = ProtectTransform(self.portal, self.request) result = transform.transform([( '<html>\n<body><form action="http://nohost/myaction" method="POST">' '</form></body>\n</html>')], 'utf-8') self.failUnless('_authenticator' in result.serialize())