def create(self, request, workspace_id): try: iwidgetVariables = json.loads(request.body) except ValueError as e: msg = _("malformed json data: %s") % unicode(e) return build_error_response(request, 400, msg) for igVar in iwidgetVariables: set_variable_value(igVar['id'], igVar['value']) return HttpResponse(status=204)
def test_secure_data_using_cookies(self): set_variable_value(1, 'test_password') self.assertTrue(Variable.objects.get(pk=1).value != 'test_password') client = Client() client.login(username='******', password='******') def echo_response(method, url, *args, **kwargs): return {'status_code': 200, 'content': kwargs['data']} self.network._servers['http']['example.com'].add_response('POST', '/path', echo_response) pass_ref = '1/password' user_ref = '1/username' secure_data_header = 'action=data, substr=|password|, var_ref=' + pass_ref secure_data_header += '&action=data, substr=|username|, var_ref=' + user_ref client.cookies['X-EzWeb-Secure-Data'] = secure_data_header response = client.post(self.basic_url, 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost') self.assertEqual(response.status_code, 200) self.assertEqual(self.read_response(response), 'username=test_username&password=test_password') secure_data_header = 'action=basic_auth, user_ref=' + user_ref + ', pass_ref=' + pass_ref client.cookies['X-EzWeb-Secure-Data'] = secure_data_header response = client.post(self.basic_url, 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost') self.assertEqual(response.status_code, 200) self.assertEqual(self.read_response(response), 'username=|username|&password=|password|') # Secure data header with empty parameters secure_data_header = 'action=basic_auth, user_ref=, pass_ref=' client.cookies['X-EzWeb-Secure-Data'] = secure_data_header response = client.post(self.basic_url, 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost') self.assertEqual(response.status_code, 200)
def test_secure_data_using_cookies(self): set_variable_value(1, self.user, 'test_password') self.assertTrue(VariableValue.objects.get(pk=1).value != 'test_password') client = Client() client.login(username='******', password='******') WIRECLOUD_PROXY._do_request.reset() WIRECLOUD_PROXY._do_request.set_echo_response('http://example.com/path') pass_ref = '1/password' user_ref = '1/username' secure_data_header = 'action=data, substr=|password|, var_ref=' + pass_ref secure_data_header += '&action=data, substr=|username|, var_ref=' + user_ref client.cookies['X-EzWeb-Secure-Data'] = secure_data_header response = client.post('/proxy/http/example.com/path', 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost') self.assertEqual(response.status_code, 200) self.assertEqual(response.content, 'username=test_username&password=test_password') secure_data_header = 'action=basic_auth, user_ref=' + user_ref + ', pass_ref=' + pass_ref client.cookies['X-EzWeb-Secure-Data'] = secure_data_header response = client.post('/proxy/http/example.com/path', 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost') self.assertEqual(response.status_code, 200) self.assertEqual(response.content, 'username=|username|&password=|password|') # Secure data header with empty parameters secure_data_header = 'action=basic_auth, user_ref=, pass_ref=' client.cookies['X-EzWeb-Secure-Data'] = secure_data_header response = client.post('/proxy/http/example.com/path', 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost') self.assertEqual(response.status_code, 200)
def test_secure_data(self): set_variable_value(1, 'test_password') self.assertTrue(Variable.objects.get(pk=1).value != 'test_password') self.client.login(username='******', password='******') def echo_response(method, url, *args, **kwargs): return {'status_code': 200, 'content': kwargs['data'].read()} self.network._servers['http']['example.com'].add_response('POST', '/path', echo_response) pass_ref = '1/password' user_ref = '1/username' secure_data_header = 'action=data, substr=|password|, var_ref=' + pass_ref secure_data_header += '&action=data, substr=|username|, var_ref=' + user_ref response = self.client.post(self.basic_url, 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost/test/workspace', HTTP_X_WIRECLOUD_SECURE_DATA=secure_data_header) self.assertEqual(response.status_code, 200) self.assertEqual(self.read_response(response), b'username=test_username&password=test_password') secure_data_header = 'action=basic_auth, user_ref=' + user_ref + ', pass_ref=' + pass_ref response = self.client.post(self.basic_url, 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost/test/workspace', HTTP_X_WIRECLOUD_SECURE_DATA=secure_data_header) self.assertEqual(response.status_code, 200) self.assertEqual(self.read_response(response), b'username=|username|&password=|password|') # Secure data header using constants secure_data_header = 'action=data, substr=|password|, var_ref=c/test_password' secure_data_header += '&action=data, substr=|username|, var_ref=c/test_username' response = self.client.post(self.basic_url, 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost/test/workspace', HTTP_X_WIRECLOUD_SECURE_DATA=secure_data_header) self.assertEqual(response.status_code, 200) self.assertEqual(self.read_response(response), b'username=test_username&password=test_password') # Secure data header using encoding=url secure_data_header = 'action=data, substr=|password|, var_ref=c%2Fa%3D%2C%20z , encoding=url' secure_data_header += '&action=data, substr=|username|, var_ref=c%2Fa%3D%2C%20z' response = self.client.post(self.basic_url, 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost/test/workspace', HTTP_X_WIRECLOUD_SECURE_DATA=secure_data_header) self.assertEqual(response.status_code, 200) self.assertEqual(self.read_response(response), b'username=a=, z&password=a%3D%2C%20z') # Secure data header using encoding=base64 secure_data_header = 'action=data, substr=|password|, var_ref=1/password, encoding=base64' response = self.client.post(self.basic_url, 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost/test/workspace', HTTP_X_WIRECLOUD_SECURE_DATA=secure_data_header) self.assertEqual(response.status_code, 200) self.assertEqual(self.read_response(response), b'username=|username|&password=dGVzdF9wYXNzd29yZA=')
def test_secure_data(self): set_variable_value(1, self.user, 'test_password') self.assertTrue(VariableValue.objects.get(pk=1).value != 'test_password') client = Client() client.login(username='******', password='******') WIRECLOUD_PROXY._do_request.reset() WIRECLOUD_PROXY._do_request.set_echo_response('http://example.com/path') pass_ref = '1/password' user_ref = '1/username' secure_data_header = 'action=data, substr=|password|, var_ref=' + pass_ref secure_data_header += '&action=data, substr=|username|, var_ref=' + user_ref response = client.post('/proxy/http/example.com/path', 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost', HTTP_X_EZWEB_SECURE_DATA=secure_data_header) self.assertEqual(response.status_code, 200) self.assertEqual(response.content, 'username=test_username&password=test_password') secure_data_header = 'action=basic_auth, user_ref=' + user_ref + ', pass_ref=' + pass_ref response = client.post('/proxy/http/example.com/path', 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost', HTTP_X_EZWEB_SECURE_DATA=secure_data_header) self.assertEqual(response.status_code, 200) self.assertEqual(response.content, 'username=|username|&password=|password|') # Secure data header using constants WIRECLOUD_PROXY._do_request.reset() WIRECLOUD_PROXY._do_request.set_echo_response('http://example.com/path') secure_data_header = 'action=data, substr=|password|, var_ref=c/test_password' secure_data_header += '&action=data, substr=|username|, var_ref=c/test_username' response = client.post('/proxy/http/example.com/path', 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost', HTTP_X_EZWEB_SECURE_DATA=secure_data_header) self.assertEqual(response.status_code, 200) self.assertEqual(response.content, 'username=test_username&password=test_password') # Secure data header using encoding=url WIRECLOUD_PROXY._do_request.reset() WIRECLOUD_PROXY._do_request.set_echo_response('http://example.com/path') secure_data_header = 'action=data, substr=|password|, var_ref=c%2Fa%3D%2C%20z , encoding=url' secure_data_header += '&action=data, substr=|username|, var_ref=c%2Fa%3D%2C%20z' response = client.post('/proxy/http/example.com/path', 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost', HTTP_X_EZWEB_SECURE_DATA=secure_data_header) self.assertEqual(response.status_code, 200) self.assertEqual(response.content, 'username=a=, z&password=a%3D%2C%20z') # Secure data header with empty parameters secure_data_header = 'action=basic_auth, user_ref=, pass_ref=' response = client.post('/proxy/http/example.com/path', 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost', HTTP_X_EZWEB_SECURE_DATA=secure_data_header) self.assertEqual(response.status_code, 422)