def test_process_response_sudo_revoked_without_cookie(self): self.login() self.middleware.process_request(self.request) grant_sudo_privileges(self.request) revoke_sudo_privileges(self.request) response = self.middleware.process_response(self.request, HttpResponse()) morsels = list(response.cookies.items()) self.assertEqual(len(morsels), 0)
def test_process_response_sudo_revoked_removes_cookie(self): self.login() self.middleware.process_request(self.request) grant_sudo_privileges(self.request) self.request.COOKIES[COOKIE_NAME] = self.request._sudo_token revoke_sudo_privileges(self.request) response = self.middleware.process_response(self.request, HttpResponse()) morsels = list(response.cookies.items()) self.assertEqual(len(morsels), 1) self.assertEqual(morsels[0][0], COOKIE_NAME) _, sudo = morsels[0] # Deleting a cookie is just setting it's value to empty # and telling it to expire self.assertEqual(sudo.key, COOKIE_NAME) self.assertFalse(sudo.value) self.assertEqual(sudo['max-age'], 0)
def test_process_response_sudo_revoked_removes_cookie(self): self.login() self.middleware.process_request(self.request) grant_sudo_privileges(self.request) self.request.COOKIES[COOKIE_NAME] = self.request._sudo_token revoke_sudo_privileges(self.request) response = self.middleware.process_response(self.request, HttpResponse()) morsels = list(response.cookies.items()) self.assertEqual(len(morsels), 1) self.assertEqual(morsels[0][0], COOKIE_NAME) _, sudo = morsels[0] # Deleting a cookie is just setting it's value to empty # and telling it to expire self.assertEqual(sudo.key, COOKIE_NAME) self.assertFalse(sudo.value) self.assertEqual(sudo["max-age"], 0)
def test_revoked(self): self.login() grant_sudo_privileges(self.request) revoke_sudo_privileges(self.request) self.assertFalse(has_sudo_privileges(self.request))
def test_revoke_sudo_privileges(self): self.login() grant_sudo_privileges(self.request) revoke_sudo_privileges(self.request) self.assertRequestNotSudo(self.request)
def test_revoke_sudo_privileges_noop(self): revoke_sudo_privileges(self.request) self.assertRequestNotSudo(self.request)
def revoke(sender, request, **kwargs): """ Automatically revoke sudo privileges when logging out. """ revoke_sudo_privileges(request)